You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by "Nencho Lupanov (JIRA)" <ji...@apache.org> on 2007/06/04 08:49:00 UTC

[jira] Updated: (RAMPART-42) TransportBinding does not encrypt the message payload

     [ https://issues.apache.org/jira/browse/RAMPART-42?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nencho Lupanov updated RAMPART-42:
----------------------------------

    Attachment: TransportBinding.patch

The client request is automated - a modified rampart reads a rampart policy in order to apply 
jsse properties to the vm. The rampart policy info looks like this for the transport binding(ssl):
 
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 

    <ramp:user>alice</ramp:user>
    <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>

    <ramp:sslConfig>
        <ramp:property name="javax.net.ssl.keyStoreType">JKS</ramp:property>
        <ramp:property name="javax.net.ssl.keyStorePassword">apache</ramp:property> 
        <ramp:property name="javax.net.ssl.keyStore">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
        <ramp:property name="javax.net.ssl.trustStore">D:\\policy\\trustStore\\clientKS.jks</ramp:property> 
        <ramp:property name="javax.net.ssl.trustStorePassword">apache</ramp:property> 
    </ramp:sslConfig>

</ramp:RampartConfig>

 

As you can see, there is a new configuration element - sslConfig(maybe we better call that jsseConfig or just jsse).

there is also a class SSLConfigBuilder that reads the properties and set's them like this:

System.setProperty(property_name, property_value);



> TransportBinding does not encrypt the message payload
> -----------------------------------------------------
>
>                 Key: RAMPART-42
>                 URL: https://issues.apache.org/jira/browse/RAMPART-42
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-policy
>    Affects Versions: 1.1
>            Reporter: Nencho Lupanov
>             Fix For: 1.3
>
>         Attachments: TransportBinding.patch
>
>
> The transport binding does not secure the message payload.For example, run sampe01 of rampart and watch the payload with tcpmon.
> You will be able to see the plain text message - no transport level encryption.Note that tcpmon captures messages on tcp level so it should capture
> binary encrypted payload.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.