You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org> on 2009/09/01 19:06:32 UTC
[jira] Assigned: (RAMPART-189) WS-Security rampart uses wrong token
in service response
[ https://issues.apache.org/jira/browse/RAMPART-189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned RAMPART-189:
--------------------------------------------------
Assignee: Nandana Mihindukulasooriya (was: Ruchith Udayanga Fernando)
> WS-Security rampart uses wrong token in service response
> --------------------------------------------------------
>
> Key: RAMPART-189
> URL: https://issues.apache.org/jira/browse/RAMPART-189
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core, rampart-policy
> Affects Versions: 1.4
> Reporter: Gary Snider
> Assignee: Nandana Mihindukulasooriya
> Priority: Critical
> Fix For: 1.5
>
>
> In rampart 1.4:
> AsymmetricBindingBuilder.doSignBeforeEncrypt line 457:
> Token encrToken = rpd.getRecipientToken();
> The problem is that if this is recipient mode (i.e. service side) then the encryption token should be the initiator's token.
> It looks like it's handled correctly in the signature portion. The same check should be made for encrypting.
> AsymmetricBindingBuilder.doSignature lines 566-570: This block of code checks for the direction and uses the policy token assertion correctly
> if(rmd.isInitiator()) {
> sigToken = rpd.getInitiatorToken();
> } else {
> sigToken = rpd.getRecipientToken();
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.