[RAMPART-225] SupportingToken UsernameToken is always encrypted - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.4
Fix Version/s: 1.5.1
Component/s: rampart-core
Labels:
None

Description

If no encryption is specified in the policy file and UsernameToken is used as supporting token, then this token is always encrypted. org.apache.rampart.builder.BindingBuilder.handleSupportingTokens(RampartMessageData, SupportingToken) does not check if UsernameToken is an encrypted token and unconditionally adds it to the encryptedTokensIdList.

This can be easily fixed by modifying line 383 (as per src release 1.4) from

encryptedTokensIdList.add(utBuilder.getId());

if (suppTokens.isEncryptedToken())

{ encryptedTokensIdList.add(utBuilder.getId()); }

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

RAMPART-225.diff
05/Jul/10 04:32
1 kB
Amila Jayasekara
policy-working.xml
05/Jul/10 04:32
3 kB
Amila Jayasekara
policy-pwd-encrypted.xml
21/Apr/09 04:19
3 kB
Diego Tognola

Activity

People

Assignee:: Don Samisa Abeysinghe

Reporter:: Diego Tognola

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Apr/09 04:16

Updated:: 11/Feb/11 12:25

Resolved:: 21/Dec/10 23:19