[
https://issues.apache.org/jira/browse/RAMPART-383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yoann Guerro closed RAMPART-383.
--------------------------------
Resolution: Invalid
Fix Version/s: 1.6.2
I make it working putting the policy as an external one instead of using the
policy from the WSDL. The code is as follows:
mClient.getOptions().setProperty(
RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("Policy.xml"));
where loadPolicy methods load a policy file in the classpath.
> sp:HashPassword from WS-SecurityPolicy 1.2 assertion doesn't work
> -----------------------------------------------------------------
>
> Key: RAMPART-383
> URL: https://issues.apache.org/jira/browse/RAMPART-383
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.6.2
> Environment: Windows XP Professional
> Java 1.6.0_26
> Eclipse 3.5.1
> Axis2 1.6.2
> Neethi 3.0.2
> Reporter: Yoann Guerro
> Labels: HashPassword, WS-SecurityPolicy
> Fix For: 1.6.2
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> I have a WSDL with the following policy:
> <sp:UsernameToken
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
> <wsp:Policy>
> <sp:HashPassword />
> <sp:WssUsernameToken11 />
> </wsp:Policy>
> </sp:UsernameToken>
> According the WS-SecurityPolicy 1.2 which is supported by Rampart 1.6.2
> (modulo the workaround from issue <a
> href="https://issues.apache.org/jira/browse/RAMPART-371";>RAMPART-371</a> the
> policy grammar is as follows:
> <sp:UsernameToken sp:IncludeToken="xs:anyURI"? xmlns:sp="..." ... >
> (
> <sp:Issuer>wsa:EndpointReferenceType</sp:Issuer> |
> <sp:IssuerName>xs:anyURI</sp:IssuerName>
> ) ?
> <wst:Claims Dialect="..."> ... </wst:Claims> ?
> <wsp:Policy xmlns:wsp="...">
> (
> <sp:NoPassword ... /> |
> <sp:HashPassword ... />
> ) ?
> (
> <sp:RequireDerivedKeys /> |
> <sp:RequireImpliedDerivedKeys ... /> |
> <sp:RequireExplicitDerivedKeys ... />
> ) ?
> (
> <sp:WssUsernameToken10 ... /> |
> <sp:WssUsernameToken11 ... />
> ) ?
> ...
> </wsp:Policy>
> ...
> </sp:UsernameToken>
> My policy respect the grammar.
> But while launching a client, setting username and password callback, the
> output shows the following section:
> <wsse:UsernameToken wsu:Id="UsernameToken-1">
> <wsse:Username>USER</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>PASSWORD</wsse:Password>
> </wsse:UsernameToken>
> And debugging the code, the rampart policy does create a UsernameToken with
> hashpassword attribute set to false.
> I thought it was due to the following <a
> href="https://issues.apache.org/jira/browse/NEETHI-3";>neethi issue</a> but
> using the same version of neethi with CXF and WSS4J it works (I mean password
> digest is sent)
> Note that I'm not using a rampart configuration, just engaging the module as
> follows:
> mProxy._getServiceClient().engageModule("rampart");
> // Set Password callback
>
> mProxy._getServiceClient().getOptions().setProperty(WSHandlerConstants.PW_CALLBACK_REF,
> new ClientPasswordCallbackHandler());
> // Set User name
> mProxy._getServiceClient().getOptions().setUserName("USER");
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
