[
https://issues.apache.org/jira/browse/CXF-2487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated CXF-2487:
-------------------------------------
Attachment: cxf-2487.patch
A patch for this issue.
Colm.
> SecureConversationTokenFinderInterceptor stores the wrong token identifier
> --------------------------------------------------------------------------
>
> Key: CXF-2487
> URL: https://issues.apache.org/jira/browse/CXF-2487
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.2.4
> Reporter: Colm O hEigeartaigh
> Fix For: 2.2.5, 2.3
>
> Attachments: cxf-2487.patch
>
>
> The SecureConversationTokenFinderInterceptor in CXF has this line:
> message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getID());
> but it also stores the token like so:
> SecurityToken token = new SecurityToken(sct.getIdentifier(), created,
> expires);
> Then in AbstractBindingBuilder.getSecurityToken() it tries to find the token
> in the token store using SecurityConstants.TOKEN_ID, and an error of "No
> signature token id" is thrown. The SecureConversationTokenFinderInterceptor
> should store the Identifier of the SCT instead (getIdentifier, not getIDI()).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
