You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Dimuthu Leelarathne (JIRA)" <ji...@apache.org> on 2006/12/15 05:10:24 UTC
[jira] Resolved: (AXIS2-1858) Security validation is made only if
security header is found
[ http://issues.apache.org/jira/browse/AXIS2-1858?page=all ]
Dimuthu Leelarathne resolved AXIS2-1858.
----------------------------------------
Fix Version/s: 1.1
Resolution: Fixed
Already fixed in 1.1
> Security validation is made only if security header is found
> ------------------------------------------------------------
>
> Key: AXIS2-1858
> URL: http://issues.apache.org/jira/browse/AXIS2-1858
> Project: Apache Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: modules
> Affects Versions: 1.1
> Environment: Not important.
> Reporter: Ali Sadik Kumlali
> Assigned To: Dimuthu Leelarathne
> Fix For: 1.1
>
>
> Hi,
> Although service is expecting a signed message, I don't get any exception if no WS-Security header has been added to the message.
> Here are the use cases and how Rampart behaves:
> Common:
> - Service requires a signed message[1]
>
> Case1: Client adds <module ref="rampart"/> but doesn't add <parameter name="OutflowSecurity"> to the axis2.xml
> - Client sends message
> - Message doesn't have necessary WS-Security headers but only a single one[2]
> Result
> - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour)
>
> Case2: Client doesn't add either <module ref="rampart"/> or <parameter name="OutflowSecurity">...
> - Client sends message
> - Message doesn't have any WS-Security header.
> Result
> - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour)
>
> Regards,
> Ali Sadik Kumlali
>
> [1]
> <module ref="rampart"/>
> <parameter name="InflowSecurity">
> <action>
> <items>Signature</items>
> <signaturePropFile>server_security.properties</signaturePropFile>
> </action>
> </parameter>
>
> [2] <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org