Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-169

HttpsToken serializer does not support ws-securitypolicy 1.2

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.3
    • 1.4
    • rampart-policy
    • None
    • any

    Description

      org.apache.ws.secpolicy.model.HttpsToken will always serialize the RequireClientCertificate as specified in ws-securitypolicy, i.e. as an attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it should be specified as:

      <sp:HttpsToken>
      <wsp:Policy>
      <sp:RequireClientCertificate/>
      </wsp:Policy>
      </sp:HttpsToken>

      Notably the token builder for the ws-securitypolicy 1.2 works correctly and deserializes the token as specified in version 1.2 of the spec.

      Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it also consider the other two available elements for the HttpsToken, namely:
      <sp:HttpBasicAuthentication />
      <sp:HttpDigestAuthentication />

      Although these are not handled by rampart, they could be used for policy validation.

      Should I supply a diff?

      Attachments

        1. httpsTokenPatch.txt
          16 kB
          Stefan Vladov

        Activity

          People

            nandana.cse Nandana Mihindukulasooriya
            chefo Stefan Vladov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 0.25h
                0.25h
                Remaining:
                Remaining Estimate - 0.25h
                0.25h
                Logged:
                Time Spent - Not Specified
                Not Specified