Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-225

SupportingToken UsernameToken is always encrypted

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.4
    • Fix Version/s: 1.5.1
    • Component/s: rampart-core
    • Labels:
      None

      Description

      If no encryption is specified in the policy file and UsernameToken is used as supporting token, then this token is always encrypted. org.apache.rampart.builder.BindingBuilder.handleSupportingTokens(RampartMessageData, SupportingToken) does not check if UsernameToken is an encrypted token and unconditionally adds it to the encryptedTokensIdList.

      This can be easily fixed by modifying line 383 (as per src release 1.4) from

      encryptedTokensIdList.add(utBuilder.getId());

      to

      if (suppTokens.isEncryptedToken())

      { encryptedTokensIdList.add(utBuilder.getId()); }

        Attachments

        1. policy-pwd-encrypted.xml
          3 kB
          Diego Tognola
        2. policy-working.xml
          3 kB
          Amila Jayasekara
        3. RAMPART-225.diff
          1 kB
          Amila Jayasekara

          Activity

            People

            • Assignee:
              samisa Don Samisa Abeysinghe
              Reporter:
              drdth Diego Tognola
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: