You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Amila Jayasekara (JIRA)" <ji...@apache.org> on 2010/07/05 06:33:49 UTC

[jira] Updated: (RAMPART-225) SupportingToken UsernameToken is always encrypted

     [ https://issues.apache.org/jira/browse/RAMPART-225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Amila Jayasekara updated RAMPART-225:
-------------------------------------

    Attachment: RAMPART-225.diff
                policy-working.xml

Yes, you are correct. The above mentioned change would fix the issue.
But i couldn't recreate the issue with the attached policy file. The attached policy file uses an UserName token as Recipient token. That is quite unusual. Usually i would expect an X509 token as recipient token. Also i am not sure using an user name token as recipient token will make service inter-operable.

Anyhow, i was able to reproduce the issue with some other policy file. That file is also attached to the issue.

I faced another issue when fixing this one. i.e. even though we specify a single supporting token in the output message i encountered 2 user name tokens. But later i sought out that this only happends if you use wsdl2java generated code. To alleviate this issue load the policy explicitly. (As follows,)

// The client code would like as follows,
..
..
Options options = sc.getOptions();
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("/home/aj/development/Tools/rampart-test/clients/client-225/policy-working.xml"));
..
..

// And load policy method,
private static Policy loadPolicy(String xmlPath)
        throws Exception {
        StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
        return PolicyEngine.getPolicy(builder.getDocumentElement());
}

Attaching a patch which includes the change.
The patch is created relative to the trunk.

All tests passed.


> SupportingToken UsernameToken is always encrypted
> -------------------------------------------------
>
>                 Key: RAMPART-225
>                 URL: https://issues.apache.org/jira/browse/RAMPART-225
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.4
>            Reporter: Diego Tognola
>            Assignee: Ruchith Udayanga Fernando
>         Attachments: policy-pwd-encrypted.xml, policy-working.xml, RAMPART-225.diff
>
>
> If no encryption is specified in the policy file and UsernameToken is used as supporting token, then this token is always encrypted. org.apache.rampart.builder.BindingBuilder.handleSupportingTokens(RampartMessageData, SupportingToken) does not check if UsernameToken is an encrypted token and unconditionally adds it to the encryptedTokensIdList.
> This can be easily fixed by modifying line 383 (as per src release 1.4) from
>                     encryptedTokensIdList.add(utBuilder.getId());
> to
>  
>                    if (suppTokens.isEncryptedToken()) {
>                         encryptedTokensIdList.add(utBuilder.getId());
>                     }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.