You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Stefan Vladov (JIRA)" <ji...@apache.org> on 2008/05/22 17:53:58 UTC
[jira] Created: (RAMPART-169) HttpsToken serializer does not
support ws-securitypolicy 1.2
HttpsToken serializer does not support ws-securitypolicy 1.2
------------------------------------------------------------
Key: RAMPART-169
URL: https://issues.apache.org/jira/browse/RAMPART-169
Project: Rampart
Issue Type: Bug
Components: rampart-policy
Affects Versions: 1.3
Environment: any
Reporter: Stefan Vladov
Assignee: Ruchith Udayanga Fernando
Priority: Minor
Fix For: 1.4
org.apache.ws.secpolicy.model.HttpsToken will always serialize the RequireClientCertificate as specified in ws-securitypolicy, i.e. as an attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it should be specified as:
<sp:HttpsToken>
<wsp:Policy>
<sp:RequireClientCertificate/>
</wsp:Policy>
</sp:HttpsToken>
Notably the token builder for the ws-securitypolicy 1.2 works correctly and deserializes the token as specified in version 1.2 of the spec.
Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it also consider the other two available elements for the HttpsToken, namely:
<sp:HttpBasicAuthentication />
<sp:HttpDigestAuthentication />
Although these are not handled by rampart, they could be used for policy validation.
Should I supply a diff?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RAMPART-169) HttpsToken serializer does not
support ws-securitypolicy 1.2
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved RAMPART-169.
------------------------------------------------
Resolution: Fixed
Fixed
> HttpsToken serializer does not support ws-securitypolicy 1.2
> ------------------------------------------------------------
>
> Key: RAMPART-169
> URL: https://issues.apache.org/jira/browse/RAMPART-169
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.3
> Environment: any
> Reporter: Stefan Vladov
> Assignee: Nandana Mihindukulasooriya
> Priority: Minor
> Fix For: 1.4
>
> Attachments: httpsTokenPatch.txt
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> org.apache.ws.secpolicy.model.HttpsToken will always serialize the RequireClientCertificate as specified in ws-securitypolicy, i.e. as an attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it should be specified as:
> <sp:HttpsToken>
> <wsp:Policy>
> <sp:RequireClientCertificate/>
> </wsp:Policy>
> </sp:HttpsToken>
> Notably the token builder for the ws-securitypolicy 1.2 works correctly and deserializes the token as specified in version 1.2 of the spec.
> Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it also consider the other two available elements for the HttpsToken, namely:
> <sp:HttpBasicAuthentication />
> <sp:HttpDigestAuthentication />
> Although these are not handled by rampart, they could be used for policy validation.
> Should I supply a diff?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-169) HttpsToken serializer does not
support ws-securitypolicy 1.2
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12599755#action_12599755 ]
Nandana Mihindukulasooriya commented on RAMPART-169:
----------------------------------------------------
Hi Stefan,
Please do supply a patch.
thanks,
nandana
> HttpsToken serializer does not support ws-securitypolicy 1.2
> ------------------------------------------------------------
>
> Key: RAMPART-169
> URL: https://issues.apache.org/jira/browse/RAMPART-169
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.3
> Environment: any
> Reporter: Stefan Vladov
> Assignee: Ruchith Udayanga Fernando
> Priority: Minor
> Fix For: 1.4
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> org.apache.ws.secpolicy.model.HttpsToken will always serialize the RequireClientCertificate as specified in ws-securitypolicy, i.e. as an attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it should be specified as:
> <sp:HttpsToken>
> <wsp:Policy>
> <sp:RequireClientCertificate/>
> </wsp:Policy>
> </sp:HttpsToken>
> Notably the token builder for the ws-securitypolicy 1.2 works correctly and deserializes the token as specified in version 1.2 of the spec.
> Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it also consider the other two available elements for the HttpsToken, namely:
> <sp:HttpBasicAuthentication />
> <sp:HttpDigestAuthentication />
> Although these are not handled by rampart, they could be used for policy validation.
> Should I supply a diff?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (RAMPART-169) HttpsToken serializer does not
support ws-securitypolicy 1.2
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned RAMPART-169:
--------------------------------------------------
Assignee: Nandana Mihindukulasooriya (was: Ruchith Udayanga Fernando)
> HttpsToken serializer does not support ws-securitypolicy 1.2
> ------------------------------------------------------------
>
> Key: RAMPART-169
> URL: https://issues.apache.org/jira/browse/RAMPART-169
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.3
> Environment: any
> Reporter: Stefan Vladov
> Assignee: Nandana Mihindukulasooriya
> Priority: Minor
> Fix For: 1.4
>
> Attachments: httpsTokenPatch.txt
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> org.apache.ws.secpolicy.model.HttpsToken will always serialize the RequireClientCertificate as specified in ws-securitypolicy, i.e. as an attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it should be specified as:
> <sp:HttpsToken>
> <wsp:Policy>
> <sp:RequireClientCertificate/>
> </wsp:Policy>
> </sp:HttpsToken>
> Notably the token builder for the ws-securitypolicy 1.2 works correctly and deserializes the token as specified in version 1.2 of the spec.
> Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it also consider the other two available elements for the HttpsToken, namely:
> <sp:HttpBasicAuthentication />
> <sp:HttpDigestAuthentication />
> Although these are not handled by rampart, they could be used for policy validation.
> Should I supply a diff?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-169) HttpsToken serializer does not
support ws-securitypolicy 1.2
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12604158#action_12604158 ]
Nandana Mihindukulasooriya commented on RAMPART-169:
----------------------------------------------------
Hi Stefan,
Reviewed your patch and applied it to the trunk (revision 666568) . Thanks for the patch, It was nice and clean. Please continue submitting patches. Yes, we need to refactor the namespace serialization in all the policy model classes. I think we better implement code generated tests for Rampart first and then do the refactoring so those changes will be properly tested.
thanks,
nandana
> HttpsToken serializer does not support ws-securitypolicy 1.2
> ------------------------------------------------------------
>
> Key: RAMPART-169
> URL: https://issues.apache.org/jira/browse/RAMPART-169
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.3
> Environment: any
> Reporter: Stefan Vladov
> Assignee: Nandana Mihindukulasooriya
> Priority: Minor
> Fix For: 1.4
>
> Attachments: httpsTokenPatch.txt
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> org.apache.ws.secpolicy.model.HttpsToken will always serialize the RequireClientCertificate as specified in ws-securitypolicy, i.e. as an attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it should be specified as:
> <sp:HttpsToken>
> <wsp:Policy>
> <sp:RequireClientCertificate/>
> </wsp:Policy>
> </sp:HttpsToken>
> Notably the token builder for the ws-securitypolicy 1.2 works correctly and deserializes the token as specified in version 1.2 of the spec.
> Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it also consider the other two available elements for the HttpsToken, namely:
> <sp:HttpBasicAuthentication />
> <sp:HttpDigestAuthentication />
> Although these are not handled by rampart, they could be used for policy validation.
> Should I supply a diff?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (RAMPART-169) HttpsToken serializer
does not support ws-securitypolicy 1.2
Posted by "Stefan Vladov (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12600464#action_12600464 ]
chefo edited comment on RAMPART-169 at 6/4/08 12:12 AM:
----------------------------------------------------------------
Hi Nandana,
sorry for the delay... I had some other stuff to take care of...
Anyway... the patch includes the fix for the https token serializer to handle ws sec policy 1.2 style RequireClientCertificate plus the http basic authentication and http digest authentication alternatives (again for ws sec policy 1.2). Additionally I added a small fix on the AlgorithmSuite.
What are the chances of this getting in the 1.4 release? I don't see a 1.4 tag yet :)
Beside that I found it somewhat confusing to not have a clear policy about whether the security policy namespace should be declared by the serializers for the respective token handlers - some of them don't declare the namespace (?hoping it has been declared already), some insist on declaring it no matter what, and some try to get it from the writer, and if not present - assume it has not been declared and therefore write it.
In the case of the HttpsToken I decided to keep it the way it was - no namespace serialization.
Regards,
Stefan
> HttpsToken serializer does not support ws-securitypolicy 1.2
> ------------------------------------------------------------
>
> Key: RAMPART-169
> URL: https://issues.apache.org/jira/browse/RAMPART-169
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.3
> Environment: any
> Reporter: Stefan Vladov
> Assignee: Ruchith Udayanga Fernando
> Priority: Minor
> Fix For: 1.4
>
> Attachments: httpsTokenPatch.txt
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> org.apache.ws.secpolicy.model.HttpsToken will always serialize the RequireClientCertificate as specified in ws-securitypolicy, i.e. as an attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it should be specified as:
> <sp:HttpsToken>
> <wsp:Policy>
> <sp:RequireClientCertificate/>
> </wsp:Policy>
> </sp:HttpsToken>
> Notably the token builder for the ws-securitypolicy 1.2 works correctly and deserializes the token as specified in version 1.2 of the spec.
> Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it also consider the other two available elements for the HttpsToken, namely:
> <sp:HttpBasicAuthentication />
> <sp:HttpDigestAuthentication />
> Although these are not handled by rampart, they could be used for policy validation.
> Should I supply a diff?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.