You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by "Dobri Kitipov (JIRA)" <ji...@apache.org> on 2008/03/31 17:06:24 UTC

[jira] Created: (RAMPART-146) The exact elements that are equired to be encrypted are not validated

The exact elements that are equired to be encrypted are not validated
---------------------------------------------------------------------

                 Key: RAMPART-146
                 URL: https://issues.apache.org/jira/browse/RAMPART-146
             Project: Rampart
          Issue Type: Bug
            Reporter: Dobri Kitipov
            Assignee: Ruchith Udayanga Fernando


Hi everybody,
currently I am researching how Rampart is validating and verifying  the secured artifacts. Let me give you a sample scenario. Let's say we have a WS which policy defines that a specific <sp:EncryptedElements/> should be encrypted (corresponding to a given XPath expression). I am interested in understanding the mechanism that is used to verify that the incoming message has encrypted exactly that <sp:EncryptedElements/> with the given specific XPath expression, but not something else. 

At the moment seems like we do not validate the exact elements that are required to be encrypted.

Ruchith commented out:
IMHO we will have to improve the org.apache.ws.security.processor.ReferenceListProcessor to include the decrypted element information (in addition to the ref URI) for rampart to be able to validate the encrypted parts correctly.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (RAMPART-146) The exact elements that are equired to be encrypted are not validated

Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/RAMPART-146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nandana Mihindukulasooriya updated RAMPART-146:
-----------------------------------------------

    Fix Version/s: 1.4

Set Fix version to 1.4. 

> The exact elements that are equired to be encrypted are not validated
> ---------------------------------------------------------------------
>
>                 Key: RAMPART-146
>                 URL: https://issues.apache.org/jira/browse/RAMPART-146
>             Project: Rampart
>          Issue Type: Bug
>            Reporter: Dobri Kitipov
>            Assignee: Ruchith Udayanga Fernando
>             Fix For: 1.4
>
>
> Hi everybody,
> currently I am researching how Rampart is validating and verifying  the secured artifacts. Let me give you a sample scenario. Let's say we have a WS which policy defines that a specific <sp:EncryptedElements/> should be encrypted (corresponding to a given XPath expression). I am interested in understanding the mechanism that is used to verify that the incoming message has encrypted exactly that <sp:EncryptedElements/> with the given specific XPath expression, but not something else. 
> At the moment seems like we do not validate the exact elements that are required to be encrypted.
> Ruchith commented out:
> IMHO we will have to improve the org.apache.ws.security.processor.ReferenceListProcessor to include the decrypted element information (in addition to the ref URI) for rampart to be able to validate the encrypted parts correctly.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (RAMPART-146) The exact elements that are equired to be encrypted are not validated

Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/RAMPART-146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nandana Mihindukulasooriya resolved RAMPART-146.
------------------------------------------------

    Resolution: Fixed

Fixed in revision 649150. 

http://svn.apache.org/viewvc?view=rev&revision=649150

> The exact elements that are equired to be encrypted are not validated
> ---------------------------------------------------------------------
>
>                 Key: RAMPART-146
>                 URL: https://issues.apache.org/jira/browse/RAMPART-146
>             Project: Rampart
>          Issue Type: Bug
>            Reporter: Dobri Kitipov
>            Assignee: Ruchith Udayanga Fernando
>
> Hi everybody,
> currently I am researching how Rampart is validating and verifying  the secured artifacts. Let me give you a sample scenario. Let's say we have a WS which policy defines that a specific <sp:EncryptedElements/> should be encrypted (corresponding to a given XPath expression). I am interested in understanding the mechanism that is used to verify that the incoming message has encrypted exactly that <sp:EncryptedElements/> with the given specific XPath expression, but not something else. 
> At the moment seems like we do not validate the exact elements that are required to be encrypted.
> Ruchith commented out:
> IMHO we will have to improve the org.apache.ws.security.processor.ReferenceListProcessor to include the decrypted element information (in addition to the ref URI) for rampart to be able to validate the encrypted parts correctly.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.