This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 90658 - Security doesn't work because of addressing headers mismatch
Summary: Security doesn't work because of addressing headers mismatch
Status: VERIFIED FIXED
Alias: None
Product: webservices
Classification: Unclassified
Component: WSIT (show other bugs)
Version: 5.x
Hardware: All All
: P1 blocker (vote)
Assignee: Martin Grebac
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-12-06 13:01 UTC by Martin Grebac
Modified: 2007-04-03 15:53 UTC (History)
0 users

See Also:
Issue Type: DEFECT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Grebac 2006-12-06 13:01:57 UTC 
When security is selected, message level policies are generated like this:

<sp:Header Name="To" Namespace="
http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"/>

which now breaks security functionality with this exception:

com.sun.xml.wss.XWSSecurityException: Policy verification error:Missing target
To for Signature
com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:80)
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:606)
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:189)
com.sun.xml.wss.jaxws.impl.SecurityPipeBase.verifyInboundMessage(SecurityPipeBase.java:455)
com.sun.xml.wss.jaxws.impl.SecurityServerPipe.process(SecurityServerPipe.java:175)
com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:79)
com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:541)
com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:497)
com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:392)
com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:207)
com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:350)
...
Comment 1 Martin Grebac 2006-12-06 13:04:15 UTC 
Fixed in 2.6, correct message policy is:

<wsp:Policy wsu:Id="CalcNon109ServicePortBinding_add2_Input_Policy">
 <wsp:ExactlyOne>
  <wsp:All>
   <sp:SignedParts>
    <sp:Body/>
     <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
Comment 2 Martin Grebac 2007-04-03 15:53:44 UTC 
v