You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Dennis Sosnoski <dm...@sosnoski.com> on 2010/05/12 06:17:08 UTC

Setting WS-Addressing/WS-Trust/WS-SC versions for SCT request

I'm running some WS-SecureConversation tests with Axis2 1.5.1 and 
Rampart 1.5, and saw that Rampart is using the 
http://schemas.xmlsoap.org/ws/2005/02/trust namespace and actions for 
the request to the STS, along with the 
http://schemas.xmlsoap.org/ws/2004/08/addressing WS-Addressing and 
http://schemas.xmlsoap.org/ws/2005/02/sc WS-SecureConversation versions. 
How can I set Rampart to use the newer versions of these standards?

I'm using WS-SecurityPolicy 1.2, and have <sp:Trust13> and 
<wsap:UsingAddressing xmlns="http://www.w3.org/2006/05/wsdl"/> tokens 
included in the policy, so Rampart appears to be ignoring the policy and 
just going with defaults for the request.

I did see that there's some logic in RampartMessageData to set these 
versions from properties in the message context, but that logic appears 
flawed (lines 168-178):

            //Extract known properties from the msgCtx
           
            if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
                this.wstVersion = 
TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
            }
           
            if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
                this.secConvVersion = 
TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
            }
           
Note that this is calling TrustUtil.getWSTVersion() for both the 
WS-Trust and the WS-SecureConversation version, so you'd have to use the 
WS-Trust namespaces as values of the wscVersion property in order for 
this to work. Worse, though, is that it looks like the options set on 
the original Client are not passed in to the STSClient used by Rampart 
for the STS request, so I don't see any way of setting the properties 
for the STSClient from my application code.

Thanks,

  - Dennis

-- 
Dennis M. Sosnoski
XML and Web Services in Java
Training and Consulting
http://www.sosnoski.com - http://www.sosnoski.co.nz
Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117

Re: Setting WS-Addressing/WS-Trust/WS-SC versions for SCT request

Posted by Dennis Sosnoski <dm...@sosnoski.com>.

Hi Nandana,

I'll create a Jira with suggested changes, but I was hoping there was 
some way to set the versions already and I just wasn't seeing it. Are 
you saying there isn't?

  - Dennis

Nandana Mihindukulasooriya wrote:
> Hi Dennis,
>          Can you please create JIRA for this. Better yet, as you are
> familiar with the code, can you please attach a patch fixing the issue.
>
> Best Regards,
> Nandana
>
> On Wed, May 12, 2010 at 6:17 AM, Dennis Sosnoski <dm...@sosnoski.com> wrote:
>
>   
>> I'm running some WS-SecureConversation tests with Axis2 1.5.1 and Rampart
>> 1.5, and saw that Rampart is using the
>> http://schemas.xmlsoap.org/ws/2005/02/trust namespace and actions for the
>> request to the STS, along with the
>> http://schemas.xmlsoap.org/ws/2004/08/addressing WS-Addressing and
>> http://schemas.xmlsoap.org/ws/2005/02/sc WS-SecureConversation versions.
>> How can I set Rampart to use the newer versions of these standards?
>>
>> I'm using WS-SecurityPolicy 1.2, and have <sp:Trust13> and
>> <wsap:UsingAddressing xmlns="http://www.w3.org/2006/05/wsdl"/> tokens
>> included in the policy, so Rampart appears to be ignoring the policy and
>> just going with defaults for the request.
>>
>> I did see that there's some logic in RampartMessageData to set these
>> versions from properties in the message context, but that logic appears
>> flawed (lines 168-178):
>>
>>           //Extract known properties from the msgCtx
>>                     if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
>>               this.wstVersion =
>> TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
>>           }
>>                     if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
>>               this.secConvVersion =
>> TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
>>           }
>>          Note that this is calling TrustUtil.getWSTVersion() for both the
>> WS-Trust and the WS-SecureConversation version, so you'd have to use the
>> WS-Trust namespaces as values of the wscVersion property in order for this
>> to work. Worse, though, is that it looks like the options set on the
>> original Client are not passed in to the STSClient used by Rampart for the
>> STS request, so I don't see any way of setting the properties for the
>> STSClient from my application code.
>>
>> Thanks,
>>
>>  - Dennis
>>
>> --
>> Dennis M. Sosnoski
>> XML and Web Services in Java
>> Training and Consulting
>> http://www.sosnoski.com - http://www.sosnoski.co.nz
>> Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117
>>
>>
>>     
>
>

Re: Setting WS-Addressing/WS-Trust/WS-SC versions for SCT request

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.

Hi Dennis,
         Can you please create JIRA for this. Better yet, as you are
familiar with the code, can you please attach a patch fixing the issue.

Best Regards,
Nandana

On Wed, May 12, 2010 at 6:17 AM, Dennis Sosnoski <dm...@sosnoski.com> wrote:

> I'm running some WS-SecureConversation tests with Axis2 1.5.1 and Rampart
> 1.5, and saw that Rampart is using the
> http://schemas.xmlsoap.org/ws/2005/02/trust namespace and actions for the
> request to the STS, along with the
> http://schemas.xmlsoap.org/ws/2004/08/addressing WS-Addressing and
> http://schemas.xmlsoap.org/ws/2005/02/sc WS-SecureConversation versions.
> How can I set Rampart to use the newer versions of these standards?
>
> I'm using WS-SecurityPolicy 1.2, and have <sp:Trust13> and
> <wsap:UsingAddressing xmlns="http://www.w3.org/2006/05/wsdl"/> tokens
> included in the policy, so Rampart appears to be ignoring the policy and
> just going with defaults for the request.
>
> I did see that there's some logic in RampartMessageData to set these
> versions from properties in the message context, but that logic appears
> flawed (lines 168-178):
>
>           //Extract known properties from the msgCtx
>                     if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
>               this.wstVersion =
> TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
>           }
>                     if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
>               this.secConvVersion =
> TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
>           }
>          Note that this is calling TrustUtil.getWSTVersion() for both the
> WS-Trust and the WS-SecureConversation version, so you'd have to use the
> WS-Trust namespaces as values of the wscVersion property in order for this
> to work. Worse, though, is that it looks like the options set on the
> original Client are not passed in to the STSClient used by Rampart for the
> STS request, so I don't see any way of setting the properties for the
> STSClient from my application code.
>
> Thanks,
>
>  - Dennis
>
> --
> Dennis M. Sosnoski
> XML and Web Services in Java
> Training and Consulting
> http://www.sosnoski.com - http://www.sosnoski.co.nz
> Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117
>
>