Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.3
-
None
Description
Cert validation is important part in WS-Security and different organizations have different rules for that, and that could be fulfilled by ability to have custom implementation of PolicyBasedResultsValidator.
All the documentation and intention in the Rampart code seems to suggest that org.apache.rampart.PolicyBasedResultsValidator.verifyTrust() method could be overridden in custom implementations. However currently PolicyBasedResultsValidator is hard-wired into RampartEngine; which makes it impossible to override unless RampartReceiver & RampartEngine are overridden as well.
After having discussion with Ruchith, callback handler based approach is best suited for this. PolicyBasedResultsValidator will be used as default implementation, and allow customers to specify their custom implementation using rampart config as shown in below example:
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:policyValidatorCbClass>xx.yy.CustomPolicyValidator</ramp:policyValidatorCbClass>
...
</ramp:RampartConfig>