[RAMPART-108] Policy Validator doesn't check the transport when Transport binding is used with HttpsToken - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.4
Component/s: None
Labels:
None

Description

When a transport security binding is used wih HttpsToken, PolicyBasedValidator doesn't check whether the incoming transport was HTTPS. This allows a service to be accessed via HTTP ( violating the policy), if a HTTP endpoint is available.

Attachments

Activity

People

Assignee:: Nandana Mihindukulasooriya

Reporter:: Nandana Mihindukulasooriya

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 09/Nov/07 08:01

Updated:: 27/May/08 05:12

Resolved:: 08/Jan/08 12:25