You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-c-dev@ws.apache.org by "Dave Meier (JIRA)" <ji...@apache.org> on 2008/02/29 00:11:55 UTC
[jira] Updated: (RAMPARTC-76) Username token should default
inclusion to empty string, and treat an empty IncludeToken attribute to
mean the token is optional
[ https://issues.apache.org/jira/browse/RAMPARTC-76?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dave Meier updated RAMPARTC-76:
-------------------------------
Attachment: rampart_sec_header_processor_diff.txt
> Username token should default inclusion to empty string, and treat an empty IncludeToken attribute to mean the token is optional
> --------------------------------------------------------------------------------------------------------------------------------
>
> Key: RAMPARTC-76
> URL: https://issues.apache.org/jira/browse/RAMPARTC-76
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: Current
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: Ruchith Udayanga Fernando
> Priority: Critical
> Attachments: rampart_sec_header_processor_diff.txt
>
>
> I want to specify a policy that has no IncludeToken attribute. Since IncludeToken is optional, it must be allowed to be unspecified.
> The following is how I specify UsernameToken in my services.xml file:
> <sp:UsernameToken/>
> I want that to indicate that the UsernameToken itself is optional. I have a use case where I want either a saml assertion or a username token, so I have to handle the case where Username token is not there. Rampart does not complain when I leave out the saml assertion and put in the username token, but it does complain when I have only the saml assertion and no username token.
> Here is the full policy I have defined in services.xml:
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <sp:RequestSecurityTokenTemplate xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
> <wst:TokenType>oasis:names:tc:SAML:1.0:assertion</wst:TokenType>
> <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
> </sp:RequestSecurityTokenTemplate>
> </sp:IssuedToken>
> <sp:UsernameToken/>
> </wsp:Policy>
> </sp:SignedSupportingTokens>
> <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> <rampc:TimeToLive>360</rampc:TimeToLive>
> <rampc:PasswordType>plainText</rampc:PasswordType>
> <rampc:AuthnModuleName>F:/TeamTrack701/software/contrib/axis2c/Win32Debug/lib/aeaxisauth.dll</rampc:AuthnModuleName>
> </rampc:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.