[
https://issues.apache.org/jira/browse/AXIS2-4352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Deepal Jayasinghe reassigned AXIS2-4352:
----------------------------------------
Assignee: Nandana Mihindukulasooriya
> Axis2: Rampart module is not checking the existence of signature value within
> wsse:security tag
> -----------------------------------------------------------------------------------------------
>
> Key: AXIS2-4352
> URL: https://issues.apache.org/jira/browse/AXIS2-4352
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Environment: Linux 2.6.9-78.0.1.ELsmp
> Reporter: Peter Kim
> Assignee: Nandana Mihindukulasooriya
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Rampart module works well if correct signature value exist or incorrect
> signature value exit, but still allows the message go through even without
> any signature value defined. What seems to be missing is checking for whether
> signature value exist after getting back wsResult vector from wss4j
> processing header api call (WSDoAllReceiver.java).
> I have added the following lines to check for the existence.
> **********
> boolean isSigned = false;
> if (wsResult != null) {
> if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
> log.info("WSDoAllReceiver: SOAP message MUST contain sinature
> values");
> for (int i = 0; i < wsResult.size(); i++){
> WSSecurityEngineResult secengine =
> (WSSecurityEngineResult) wsResult.elementAt(i);
>
> log.info("WSDoAllReceiver: Find sig value : "+
>
> secengine.get(secengine.TAG_SIGNATURE_VALUE));
> Object tempstr =
> secengine.get(secengine.TAG_SIGNATURE_VALUE);
> if (tempstr != null) {
> isSigned = true;
> break;
> }
> }
> log.info("WSDoAllReceiver: contains signature : "+isSigned);
> if (!isSigned) {
> throw new AxisFault(
> "WSDoAllReceiver: Incoming message does not contain
> signature");
>
> }
> }
> **********
> Please review and rectify if necessary.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
