You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Dimuthu Leelarathne (JIRA)" <ji...@apache.org> on 2006/12/15 05:10:24 UTC

[jira] Resolved: (AXIS2-1858) Security validation is made only if security header is found

     [ http://issues.apache.org/jira/browse/AXIS2-1858?page=all ]

Dimuthu Leelarathne resolved AXIS2-1858.
----------------------------------------

    Fix Version/s: 1.1
       Resolution: Fixed

Already fixed in 1.1

> Security validation is made only if security header is found
> ------------------------------------------------------------
>
>                 Key: AXIS2-1858
>                 URL: http://issues.apache.org/jira/browse/AXIS2-1858
>             Project: Apache Axis 2.0 (Axis2)
>          Issue Type: Bug
>          Components: modules
>    Affects Versions: 1.1
>         Environment: Not important.
>            Reporter: Ali Sadik Kumlali
>         Assigned To: Dimuthu Leelarathne
>             Fix For: 1.1
>
>
> Hi,
> Although service is expecting a signed message, I don't get any exception if no WS-Security header has been added to the message. 
> Here are the use cases and how Rampart behaves:
> Common:
>   - Service requires a signed message[1]
>   
> Case1: Client adds <module ref="rampart"/> but doesn't add <parameter name="OutflowSecurity"> to the axis2.xml
>   - Client sends message
>   - Message doesn't have necessary WS-Security headers but only a single one[2]
>   Result
>   - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour)
>   
> Case2: Client doesn't add either <module ref="rampart"/> or <parameter name="OutflowSecurity">...
>   - Client sends message
>   - Message doesn't have any WS-Security header.
>   Result
>   - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour)
>   
> Regards,
> Ali Sadik Kumlali
>   
> [1]
>     <module ref="rampart"/>
>     <parameter name="InflowSecurity">
>         <action>
>             <items>Signature</items>
>             <signaturePropFile>server_security.properties</signaturePropFile>
>         </action>
>     </parameter>
>   
> [2] <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org