[
https://issues.apache.org/jira/browse/RAMPART-239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Samisa Abeysinghe resolved RAMPART-239.
---------------------------------------
Resolution: Invalid
Fix Version/s: NextVersion
WSDoAllReceiver is deprecated, so this issue no longer applies. Please use the
policy based approach.
> Axis2: Rampart module should not check the order of WS-Security header tags
> ---------------------------------------------------------------------------
>
> Key: RAMPART-239
> URL: https://issues.apache.org/jira/browse/RAMPART-239
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Linux 2.6.9-78.0.1.ELsmp x86_64 x86_64 x86_64
> GNU/Linux
> Reporter: Peter Kim
> Fix For: NextVersion
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> According to WS-Security specification, the order of security header tags can
> be in any sequence. eg.
> under <wsse:Security>, it can <Timestamp> and <UsernameToken> in any order,
> but current Rampart module is checking this sequence by calling wss4j default
> method (see below) to check the order (WSDoAllReceiver.java)
> * now check the security actions: do they match, in right order?
> */
> if (!checkReceiverResults(wsResult, actions)) {
> throw new AxisFault(
> "WSDoAllReceiver: security processing failed (actions
> mismatch)");
> }
> Please rectify this to fulfill the security requirement by either removing
> this or enable as an optional field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
