Hide Forgot
Date of First Response: 2009-09-21 10:08:02 project_key: SOA
Link: Added: This issue depends JBESB-2816
This issue refers to the existence of UserName elements within the SOAP message, as they were being processed regardless of whether they were the correct element (location or namespace). The example used in the issue is the following <?xml version="1.0"?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> <S:Header> <RequestHeader xmlns="..."> <UserName>johndoe</UserName> <HostName>xx123</HostName> <Timestamp>2009-09-09T07:22:04.706Z</Timestamp> </RequestHeader> </S:Header> <S:Body> ... <S:Body> <S:Envelope> Where johndoe was being populated in error.
Verified in CR4
added to 4.3.CP02 release notes as resolved: JBESB-2816 SOAP messages that contained a <UserName> element in addition to the <UserName> child element of <UserNameToken> could fail to be delivered. This was due to WSSecurityInfoExtractor not verifying the location and namespace of the <UserName> element. WSSecurityInfoExtractor now only uses the <UserName> element contained in <UserNameToken> for obtaining this WS-Security field.