You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org> on 2008/04/18 16:44:21 UTC
[jira] Resolved: (RAMPART-146) The exact elements that are equired
to be encrypted are not validated
[ https://issues.apache.org/jira/browse/RAMPART-146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved RAMPART-146.
------------------------------------------------
Resolution: Fixed
Fixed in revision 649150.
http://svn.apache.org/viewvc?view=rev&revision=649150
> The exact elements that are equired to be encrypted are not validated
> ---------------------------------------------------------------------
>
> Key: RAMPART-146
> URL: https://issues.apache.org/jira/browse/RAMPART-146
> Project: Rampart
> Issue Type: Bug
> Reporter: Dobri Kitipov
> Assignee: Ruchith Udayanga Fernando
>
> Hi everybody,
> currently I am researching how Rampart is validating and verifying the secured artifacts. Let me give you a sample scenario. Let's say we have a WS which policy defines that a specific <sp:EncryptedElements/> should be encrypted (corresponding to a given XPath expression). I am interested in understanding the mechanism that is used to verify that the incoming message has encrypted exactly that <sp:EncryptedElements/> with the given specific XPath expression, but not something else.
> At the moment seems like we do not validate the exact elements that are required to be encrypted.
> Ruchith commented out:
> IMHO we will have to improve the org.apache.ws.security.processor.ReferenceListProcessor to include the decrypted element information (in addition to the ref URI) for rampart to be able to validate the encrypted parts correctly.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.