You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Abhay (JIRA)" <ji...@apache.org> on 2008/04/23 16:23:21 UTC
[jira] Created: (RAMPART-155) Rampart throws error if it does not
find password field in Username Token
Rampart throws error if it does not find password field in Username Token
-------------------------------------------------------------------------
Key: RAMPART-155
URL: https://issues.apache.org/jira/browse/RAMPART-155
Project: Rampart
Issue Type: Bug
Components: rampart-core
Reporter: Abhay
Assignee: Ruchith Udayanga Fernando
Hello,
As per Web Servies Security Username Token profile 1.0. password is an optional field in UsernameToken. But, when I try to set to only username in token Rampart throws an error, complaining that password is required field.
Can anyone please fix this ?
Thanks,
Abhay
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-155) Rampart throws error if it does not
find password field in Username Token
Posted by "Mario A. Rodriguez (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mario A. Rodriguez updated RAMPART-155:
---------------------------------------
Attachment: WSDoAllReceiver.patch
Part of the problem, at least in the non-policy case, appears to be that the EnableSignatureConfirmation, TimeStampStrict, and HandleCustomPasswordTypes options are decoded and stored into the RequestData's message context by the WSHandler.doReceiverAction method, but the resulting WSSConfig instance isn't passed along to the security engine. This patch attempts to address that problem. After applying this patch I was able to validate a UsernameToken without a password after setting handleCustomPasswordTypes to true in the InflowSecurity configuration.
> Rampart throws error if it does not find password field in Username Token
> -------------------------------------------------------------------------
>
> Key: RAMPART-155
> URL: https://issues.apache.org/jira/browse/RAMPART-155
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Reporter: Abhay
> Assignee: Nandana Mihindukulasooriya
> Attachments: WSDoAllReceiver.patch
>
>
> Hello,
> As per Web Servies Security Username Token profile 1.0. password is an optional field in UsernameToken. But, when I try to set to only username in token Rampart throws an error, complaining that password is required field.
> Can anyone please fix this ?
> Thanks,
> Abhay
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (RAMPART-155) Rampart throws error if it does not
find password field in Username Token
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned RAMPART-155:
--------------------------------------------------
Assignee: Nandana Mihindukulasooriya (was: Ruchith Udayanga Fernando)
> Rampart throws error if it does not find password field in Username Token
> -------------------------------------------------------------------------
>
> Key: RAMPART-155
> URL: https://issues.apache.org/jira/browse/RAMPART-155
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Reporter: Abhay
> Assignee: Nandana Mihindukulasooriya
>
> Hello,
> As per Web Servies Security Username Token profile 1.0. password is an optional field in UsernameToken. But, when I try to set to only username in token Rampart throws an error, complaining that password is required field.
> Can anyone please fix this ?
> Thanks,
> Abhay
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-155) Rampart throws error if it does not
find password field in Username Token
Posted by "James Robson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12644847#action_12644847 ]
James Robson commented on RAMPART-155:
--------------------------------------
Rampart when acting as a message receiver does not set the WssConfig handleCustomPasswordTypes property to true if <sp:NoPassword /> is used in the policy.
org.apache.axis2.AxisFault: The security token could not be authenticated or authorized
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
...
Caused by: org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:139)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:53)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:146)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 19 more
> Rampart throws error if it does not find password field in Username Token
> -------------------------------------------------------------------------
>
> Key: RAMPART-155
> URL: https://issues.apache.org/jira/browse/RAMPART-155
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Reporter: Abhay
> Assignee: Nandana Mihindukulasooriya
>
> Hello,
> As per Web Servies Security Username Token profile 1.0. password is an optional field in UsernameToken. But, when I try to set to only username in token Rampart throws an error, complaining that password is required field.
> Can anyone please fix this ?
> Thanks,
> Abhay
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.