Rampart
  1. Rampart
  2. RAMPART-119

Invalid behavior when empty <sp:SignedParts/> element present in the policy

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.3
    • Fix Version/s: 1.5.1
    • Component/s: rampart-core
    • Labels:
      None

      Description

      According to the ws - security policy specification 1.1 , 5.1.1 Signed Parts Assertion

      This assertion specifies the parts of the message that need integrity protection. If no child elements are specified, all message headers targeted at the UltimateReceiver role [SOAP12] or actor [SOAP11] and the body of the message MUST be integrity protected.

      So for an empty signed parts element, we have to sign all the message headers. At current we don't sign any header if signed parts element is empty.

      1. RAMPART119.patch
        7 kB
        Thilina Buddhika
      2. RAMPART-119.patch
        6 kB
        Thilina Buddhika

        Activity

        Hide
        S.Uthaiyashankar added a comment -

        Applied the patch in revision 1051483

        Thank you Thilina for the patch

        Show
        S.Uthaiyashankar added a comment - Applied the patch in revision 1051483 Thank you Thilina for the patch
        Hide
        Thilina Buddhika added a comment -

        Uploading the up to date patch for the current revision of the Rampart trunk.

        Thanks,
        Thilina

        Show
        Thilina Buddhika added a comment - Uploading the up to date patch for the current revision of the Rampart trunk. Thanks, Thilina
        Hide
        Thilina Buddhika added a comment -

        Attaching to updated patch for the current revision of the trunk.

        Show
        Thilina Buddhika added a comment - Attaching to updated patch for the current revision of the trunk.
        Hide
        Thilina Buddhika added a comment -

        The patch attached herewith fixes this issue. With this fix, when an empty "SignedParts" element is present, soap body and all message headers targeted at the UltimateReceiver role are signed.

        Thanks.
        / thilina

        Show
        Thilina Buddhika added a comment - The patch attached herewith fixes this issue. With this fix, when an empty "SignedParts" element is present, soap body and all message headers targeted at the UltimateReceiver role are signed. Thanks. / thilina

          People

          • Assignee:
            S.Uthaiyashankar
            Reporter:
            Nandana Mihindukulasooriya
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development