[ 
http://issues.apache.org/jira/browse/AXIS2-1858?page=comments#action_12458054 ] 
            
Ali Sadik Kumlali commented on AXIS2-1858:
------------------------------------------

I tested above scenario against Axis2 1_1(trunk) & Rampart 1_1(release) and 
everything worked perfectly. The problem was probably due to the 1.1 snapshots.

Thank you very much for taking your valuable time for the issue. It can be 
closed now.

BTW, I ported the test codes mentioned in AXIS2-868 to make it run against 
ActiveMQ. I'll attach the patch(to the AXIS2-868) after some polishing.

Regards,

Ali Sadik Kumlali








> Security validation is made only if security header is found
> ------------------------------------------------------------
>
>                 Key: AXIS2-1858
>                 URL: http://issues.apache.org/jira/browse/AXIS2-1858
>             Project: Apache Axis 2.0 (Axis2)
>          Issue Type: Bug
>          Components: modules
>    Affects Versions: 1.1
>         Environment: Not important.
>            Reporter: Ali Sadik Kumlali
>         Assigned To: Dimuthu Leelarathne
>
> Hi,
> Although service is expecting a signed message, I don't get any exception if 
> no WS-Security header has been added to the message. 
> Here are the use cases and how Rampart behaves:
> Common:
>   - Service requires a signed message[1]
>   
> Case1: Client adds <module ref="rampart"/> but doesn't add <parameter 
> name="OutflowSecurity"> to the axis2.xml
>   - Client sends message
>   - Message doesn't have necessary WS-Security headers but only a single 
> one[2]
>   Result
>   - Rampart doesn't log or throw any exception and the message passes to the 
> message receiver (Unexpected(?) behaviour)
>   
> Case2: Client doesn't add either <module ref="rampart"/> or <parameter 
> name="OutflowSecurity">...
>   - Client sends message
>   - Message doesn't have any WS-Security header.
>   Result
>   - Rampart doesn't log or throw any exception and the message passes to the 
> message receiver (Unexpected(?) behaviour)
>   
> Regards,
> Ali Sadik Kumlali
>   
> [1]
>     <module ref="rampart"/>
>     <parameter name="InflowSecurity">
>         <action>
>             <items>Signature</items>
>             <signaturePropFile>server_security.properties</signaturePropFile>
>         </action>
>     </parameter>
>   
> [2] <wsse:Security soapenv:mustUnderstand="1" 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to