[
https://issues.apache.org/jira/browse/RAMPART-225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12993469#comment-12993469
]
Amila Jayasekara commented on RAMPART-225:
------------------------------------------
Hi Ainar,
We couldn't test inter-operability of this implementation. Therefore this might
not have been added to rampart-core 1.5.1. But there is a comment saying that
the patch is applied. So i am also not sure whether patch is in the rampart
1.5.1. If this is not in rampart 1.5.1 most probable cause is inter-operability.
Thanks
AmilaJ
> SupportingToken UsernameToken is always encrypted
> -------------------------------------------------
>
> Key: RAMPART-225
> URL: https://issues.apache.org/jira/browse/RAMPART-225
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.4
> Reporter: Diego Tognola
> Assignee: Samisa Abeysinghe
> Fix For: 1.5.1
>
> Attachments: RAMPART-225.diff, policy-pwd-encrypted.xml,
> policy-working.xml
>
>
> If no encryption is specified in the policy file and UsernameToken is used as
> supporting token, then this token is always encrypted.
> org.apache.rampart.builder.BindingBuilder.handleSupportingTokens(RampartMessageData,
> SupportingToken) does not check if UsernameToken is an encrypted token and
> unconditionally adds it to the encryptedTokensIdList.
> This can be easily fixed by modifying line 383 (as per src release 1.4) from
> encryptedTokensIdList.add(utBuilder.getId());
> to
>
> if (suppTokens.isEncryptedToken()) {
> encryptedTokensIdList.add(utBuilder.getId());
> }
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
