You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Nencho Lupanov (JIRA)" <ji...@apache.org> on 2007/06/04 08:49:00 UTC
[jira] Updated: (RAMPART-42) TransportBinding does not encrypt the
message payload
[ https://issues.apache.org/jira/browse/RAMPART-42?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nencho Lupanov updated RAMPART-42:
----------------------------------
Attachment: TransportBinding.patch
The client request is automated - a modified rampart reads a rampart policy in order to apply
jsse properties to the vm. The rampart policy info looks like this for the transport binding(ssl):
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>
<ramp:sslConfig>
<ramp:property name="javax.net.ssl.keyStoreType">JKS</ramp:property>
<ramp:property name="javax.net.ssl.keyStorePassword">apache</ramp:property>
<ramp:property name="javax.net.ssl.keyStore">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
<ramp:property name="javax.net.ssl.trustStore">D:\\policy\\trustStore\\clientKS.jks</ramp:property>
<ramp:property name="javax.net.ssl.trustStorePassword">apache</ramp:property>
</ramp:sslConfig>
</ramp:RampartConfig>
As you can see, there is a new configuration element - sslConfig(maybe we better call that jsseConfig or just jsse).
there is also a class SSLConfigBuilder that reads the properties and set's them like this:
System.setProperty(property_name, property_value);
> TransportBinding does not encrypt the message payload
> -----------------------------------------------------
>
> Key: RAMPART-42
> URL: https://issues.apache.org/jira/browse/RAMPART-42
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.1
> Reporter: Nencho Lupanov
> Fix For: 1.3
>
> Attachments: TransportBinding.patch
>
>
> The transport binding does not secure the message payload.For example, run sampe01 of rampart and watch the payload with tcpmon.
> You will be able to see the plain text message - no transport level encryption.Note that tcpmon captures messages on tcp level so it should capture
> binary encrypted payload.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.