You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Jean Francois Cote <Je...@datadirect.com> on 2009/06/10 18:04:44 UTC

UsernameTokenBuilder namespace issue

Hi,

 

I have two problems/questions on which I need some helps:

 

1)      I implemented code that use the class
org.apache.ws.secpolicy.model.UsernameToken to create and serialize a
WS-Policy with a UsernameToken assertion. Inside my code I set different
members of the UsernameToken object by using the setNoPassword and the
setHashPassword methods. Once the UserNameToken is set properly, I call
the serialize method to create the XML for my WS-Policy. 

 

However I noticed the following problem that occurs during the
serialization:

The NoPassword and the HashPassword XML elements are created inside the
sp:WssUsernameToken11 or sp:WssUsernameToken10 XML elements. I think
this behavior doesn't follow the WS-Policy specification.  In the
WS-Policy specification the NoPassword and the HashPassword XML elements
should be at the same level as the WssUsernameToken10 or
WssUsernameToken11 XML elements.

 

Code Snippet:

                UserNameToken username_token_object = new
UsernameToken(SPConstant.SP_V12);

username_token_object.setHashPassword(true);

                ....

Usernametoken_object.serialize(writer);

 

The expected XML for the UsernameToken should look like this:

            <sp:UsernameToken
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/2007
02/IncludeToken/Always">
                <sp:Policy>
                    <sp:HashPassword></sp:HashPassword>
                </sp:Policy>
            </sp:UsernameToken>

 

Actually to have  the HashPassword/NoPassword XML elements in my  policy
I should call the method setUseUTProfile11(true) or
setUseUTProfile10(true) before doing the serialization. However the
serialization isn't made correctly because the XML look like this:

 

            <sp:UsernameToken
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/2007
02/IncludeToken/Always">
                <sp:Policy>
                    <sp:WssUsernameToken11>
                        <sp:HashPassword></sp:HashPassword>
                    </sp:WssUsernameToken11>
                </sp:Policy>
            </sp:UsernameToken>

 

 

2)      Also, to do the reverse process and to build the UsernameToken
in memory I use the
org.apache.ws.secpolicy12.builders.UsernameTokenBuilder class. The
problem with this, is that the UsernameTokenBuilder doesn't read the
policies alternatives (NoPassword - HashPassword) of my UsernameToken
XML. That mean, I'm not able to recreate the same object that I
previously serialized. I think the problem is related to this
instruction in the UsernameTokenBuilder class (line 49 ):

 

if (policyElement != null &&
policyElement.getQName().equals(org.apache.neethi.Constants.Q_ELEM_POLIC
Y)) {

 

The policy alternatives are build only if the namespace of the element
is equal to this value http://schemas.xmlsoap.org/ws/2004/09/policy. I
think the code should rather build policy alternatives if the namespace
is equal to this value
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702 (The namespace
that should be use based on the WS-Policy specification).

 

Any hints, ideas?

 

Thanks a lot,

 

Jeff