You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Jean Francois Cote <Je...@datadirect.com> on 2009/06/10 18:04:44 UTC
UsernameTokenBuilder namespace issue
Hi,
I have two problems/questions on which I need some helps:
1) I implemented code that use the class
org.apache.ws.secpolicy.model.UsernameToken to create and serialize a
WS-Policy with a UsernameToken assertion. Inside my code I set different
members of the UsernameToken object by using the setNoPassword and the
setHashPassword methods. Once the UserNameToken is set properly, I call
the serialize method to create the XML for my WS-Policy.
However I noticed the following problem that occurs during the
serialization:
The NoPassword and the HashPassword XML elements are created inside the
sp:WssUsernameToken11 or sp:WssUsernameToken10 XML elements. I think
this behavior doesn't follow the WS-Policy specification. In the
WS-Policy specification the NoPassword and the HashPassword XML elements
should be at the same level as the WssUsernameToken10 or
WssUsernameToken11 XML elements.
Code Snippet:
UserNameToken username_token_object = new
UsernameToken(SPConstant.SP_V12);
username_token_object.setHashPassword(true);
....
Usernametoken_object.serialize(writer);
The expected XML for the UsernameToken should look like this:
<sp:UsernameToken
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/2007
02/IncludeToken/Always">
<sp:Policy>
<sp:HashPassword></sp:HashPassword>
</sp:Policy>
</sp:UsernameToken>
Actually to have the HashPassword/NoPassword XML elements in my policy
I should call the method setUseUTProfile11(true) or
setUseUTProfile10(true) before doing the serialization. However the
serialization isn't made correctly because the XML look like this:
<sp:UsernameToken
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/2007
02/IncludeToken/Always">
<sp:Policy>
<sp:WssUsernameToken11>
<sp:HashPassword></sp:HashPassword>
</sp:WssUsernameToken11>
</sp:Policy>
</sp:UsernameToken>
2) Also, to do the reverse process and to build the UsernameToken
in memory I use the
org.apache.ws.secpolicy12.builders.UsernameTokenBuilder class. The
problem with this, is that the UsernameTokenBuilder doesn't read the
policies alternatives (NoPassword - HashPassword) of my UsernameToken
XML. That mean, I'm not able to recreate the same object that I
previously serialized. I think the problem is related to this
instruction in the UsernameTokenBuilder class (line 49 ):
if (policyElement != null &&
policyElement.getQName().equals(org.apache.neethi.Constants.Q_ELEM_POLIC
Y)) {
The policy alternatives are build only if the namespace of the element
is equal to this value http://schemas.xmlsoap.org/ws/2004/09/policy. I
think the code should rather build policy alternatives if the namespace
is equal to this value
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702 (The namespace
that should be use based on the WS-Policy specification).
Any hints, ideas?
Thanks a lot,
Jeff