Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.5
-
None
Description
I'm running some WS-SecureConversation tests with Axis2 1.5.1 and Rampart 1.5, and saw that Rampart is using the http://schemas.xmlsoap.org/ws/2005/02/trust namespace and actions for the request to the STS, along with the http://schemas.xmlsoap.org/ws/2004/08/addressing WS-Addressing and http://schemas.xmlsoap.org/ws/2005/02/sc WS-SecureConversation versions. How can I set Rampart to use the newer versions of these standards?
I'm using WS-SecurityPolicy 1.2, and have <sp:Trust13> and <wsap:UsingAddressing xmlns="http://www.w3.org/2006/05/wsdl"/> tokens included in the policy, so Rampart appears to be ignoring the policy and just going with defaults for the request. I've also tried not specifying <wsap:UsingAddressing>, and Rampart still adds addressing headers in that case.
I did see that there's some logic in RampartMessageData to set namespace versions from properties in the message context, but that logic appears flawed (lines 168-178):
//Extract known properties from the msgCtx
if(msgCtx.getProperty(KEY_WST_VERSION) != null)
if(msgCtx.getProperty(KEY_WSSC_VERSION) != null)
{ this.secConvVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION)); }Note that this is calling TrustUtil.getWSTVersion() for both the WS-Trust and the WS-SecureConversation version, so you'd have to use the WS-Trust namespaces as values of the wscVersion property in order for this to work. Worse, though, is that it looks like the options set on the original Client are not passed in to the STSClient used by Rampart for the STS request, so I don't see any way of setting the properties for the STSClient from my application code.