You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org> on 2008/06/23 14:58:45 UTC
[jira] Resolved: (RAMPART-169) HttpsToken serializer does not
support ws-securitypolicy 1.2
[ https://issues.apache.org/jira/browse/RAMPART-169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved RAMPART-169.
------------------------------------------------
Resolution: Fixed
Fixed
> HttpsToken serializer does not support ws-securitypolicy 1.2
> ------------------------------------------------------------
>
> Key: RAMPART-169
> URL: https://issues.apache.org/jira/browse/RAMPART-169
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.3
> Environment: any
> Reporter: Stefan Vladov
> Assignee: Nandana Mihindukulasooriya
> Priority: Minor
> Fix For: 1.4
>
> Attachments: httpsTokenPatch.txt
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> org.apache.ws.secpolicy.model.HttpsToken will always serialize the RequireClientCertificate as specified in ws-securitypolicy, i.e. as an attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it should be specified as:
> <sp:HttpsToken>
> <wsp:Policy>
> <sp:RequireClientCertificate/>
> </wsp:Policy>
> </sp:HttpsToken>
> Notably the token builder for the ws-securitypolicy 1.2 works correctly and deserializes the token as specified in version 1.2 of the spec.
> Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it also consider the other two available elements for the HttpsToken, namely:
> <sp:HttpBasicAuthentication />
> <sp:HttpDigestAuthentication />
> Although these are not handled by rampart, they could be used for policy validation.
> Should I supply a diff?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.