You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Samisa Abeysinghe (JIRA)" <ji...@apache.org> on 2010/12/22 00:20:00 UTC
[jira] Resolved: (RAMPART-225) SupportingToken UsernameToken is
always encrypted
[ https://issues.apache.org/jira/browse/RAMPART-225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Samisa Abeysinghe resolved RAMPART-225.
---------------------------------------
Resolution: Fixed
Fix Version/s: NextVersion
Assignee: Samisa Abeysinghe (was: Ruchith Udayanga Fernando)
Applied patch: At revision: 1051693
> SupportingToken UsernameToken is always encrypted
> -------------------------------------------------
>
> Key: RAMPART-225
> URL: https://issues.apache.org/jira/browse/RAMPART-225
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.4
> Reporter: Diego Tognola
> Assignee: Samisa Abeysinghe
> Fix For: NextVersion
>
> Attachments: policy-pwd-encrypted.xml, policy-working.xml, RAMPART-225.diff
>
>
> If no encryption is specified in the policy file and UsernameToken is used as supporting token, then this token is always encrypted. org.apache.rampart.builder.BindingBuilder.handleSupportingTokens(RampartMessageData, SupportingToken) does not check if UsernameToken is an encrypted token and unconditionally adds it to the encryptedTokensIdList.
> This can be easily fixed by modifying line 383 (as per src release 1.4) from
> encryptedTokensIdList.add(utBuilder.getId());
> to
>
> if (suppTokens.isEncryptedToken()) {
> encryptedTokensIdList.add(utBuilder.getId());
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org