Axis2: Rampart module should not check the order of WS-Security header tags
---------------------------------------------------------------------------
Key: AXIS2-4351
URL: https://issues.apache.org/jira/browse/AXIS2-4351
Project: Axis 2.0 (Axis2)
Issue Type: Bug
Components: modules
Affects Versions: 1.4.1
Environment: Linux 2.6.9-78.0.1.ELsmp x86_64 x86_64 x86_64 GNU/Linux
Reporter: Peter Kim
According to WS-Security specification, the order of security header tags can
be in any sequence. eg.
under <wsse:Security>, it can <Timestamp> and <UsernameToken> in any order, but
current Rampart module is checking this sequence by calling wss4j default
method (see below) to check the order (WSDoAllReceiver.java)
* now check the security actions: do they match, in right order?
*/
if (!checkReceiverResults(wsResult, actions)) {
throw new AxisFault(
"WSDoAllReceiver: security processing failed (actions
mismatch)");
}
Please rectify this to fulfill the security requirement by either removing this
or enable as an optional field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
