You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Mary Thompson <mr...@lbl.gov> on 2008/09/29 21:56:41 UTC
Unsigned messages not rejected in rampart/policy/sample02
I have recently upgraded to axis2 1.4.1 and rampart 1.4. and decided to
switch to using ws-policy files. I modeled my use on the
policy/sample02, but noticed that if I sent a request that was
time-stamped but did not have the body signed it was accepted by the
service.
I went back to sample02 and just modified the policy.xml file to remove
the <sp:SignedParts ...> lines and ran a standalone (server ant
service.02) and client (ant client.02) and the same thing happened.
The message that is being sent has a syntactically correct security
header containing a signed timestamp, but not a signed body. The
services file says there should be a signed body, but the service
accepts and replies to the unsigned message.
I don't see how this can be correct behavior. Is the services.xml file
missing something?
BTW, If I remove the timestamp and keep the body signed, the message is
rejected for a missing timestamp.
I'm running with Java 1.5.0_16, Mac OS X 10.4.11
Mary Thompson
---------------------------------------------------------------------
Mary R. Thompson <MR...@lbl.gov>
Lawrence Berkeley National Lab http://acs.lbl.gov/~mrt
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org