SecureConversationTokenFinderInterceptor stores the wrong token identifier
--------------------------------------------------------------------------
Key: CXF-2487
URL: https://issues.apache.org/jira/browse/CXF-2487
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 2.2.4
Reporter: Colm O hEigeartaigh
Fix For: 2.2.5, 2.3
Attachments: cxf-2487.patch
The SecureConversationTokenFinderInterceptor in CXF has this line:
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getID());
but it also stores the token like so:
SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
Then in AbstractBindingBuilder.getSecurityToken() it tries to find the token in
the token store using SecurityConstants.TOKEN_ID, and an error of "No signature
token id" is thrown. The SecureConversationTokenFinderInterceptor should store
the Identifier of the SCT instead (getIdentifier, not getIDI()).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
