[
https://issues.apache.org/jira/browse/RAMPART-415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Detelin Yordanov updated RAMPART-415:
-------------------------------------
Description:
Rampart uses an outdated wss4j 1.6.4 version, while wss4j 1.6.16 was released
just recently. I think it is important for Rampart to use latest stable web
services for java, additionally my team is willing to contribute some Rampart
extensions which require wss4j 1.6.16. I tested Rampart trunk with wss4j 1.6.16
and noticed two failing tests:
- org.apache.rampart.RampartTest.testWithPolicy, scenario 7
- org.apache.rahas.impl.util.CommonUtilTest.testGetDecryptedBytes
The first issue is caused by a change in wss4j to add an "id" to the "Reference
List" security processing results even when the value is an empty literal. I
discussed the issue on wss4j mailing list and a fix for this will be available
in next wss4j 1.6.17 version, see:
http://mail-archives.apache.org/mod_mbox/ws-dev/201407.mbox/%3ccaeu2frpx1envbytejnyblnc1w1zb9ssjxskgh7m0adszamr...@mail.gmail.com%3E
Meanwhile, I proposed a temporary fix in Rampart that skips results with empty
Ids (attached).
The second issue is triggered by a change in xmlsec 1.5.2 which adds cloning of
KeyInfo elements, however the root cause seems to be a change is how Rahas
TestUtil constructs a SOAP envelope:
[Avoid direct references to Axiom implementation
classes|http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/test/util/TestUtil.java?r1=1298295&r2=1299913]
I have raised this issue on Axis2 dev list:
http://mail-archives.apache.org/mod_mbox/axis-java-dev/201407.mbox/%3CCAEu2FROZusGJr%3DtzSRXe88hXYpV%3DzAyrNE-vwDYpi0tZG9Vy4Q%40mail.gmail.com%3E
I will update this issue once a solution is found. I can help with further
issues if such are found. Please note that all Rampart tests pass successfully
with wss4j 1.6.16 after applying the provided Rampart wss4j workaround and
reverting the Rampart Axiom-related changes done in revision
[1299913|http://svn.apache.org/viewvc?view=revision&revision=1299913].
was:
Rampart uses an outdated wss4j 1.6.4 version, while wss4j 1.6.16 was released
just recently. I think it is important for Rampart to use latest stable web
services for java, additionally my team is willing to contribute some Rampart
extensions which require wss4j 1.6.16. I tested Rampart trunk with wss4j 1.6.16
and noticed two failing tests:
- org.apache.rampart.RampartTest.testWithPolicy, scenario 7
- org.apache.rahas.impl.util.CommonUtilTest.testGetDecryptedBytes
The first issue is caused by a change in wss4j to add an "id" to the "Reference
List" security processing results even when the value is an empty literal. I
discussed the issue on wss4j mailing list and a fix for this will be available
in next wss4j 1.6.17 version, see:
http://mail-archives.apache.org/mod_mbox/ws-dev/201407.mbox/%3ccaeu2frpx1envbytejnyblnc1w1zb9ssjxskgh7m0adszamr...@mail.gmail.com%3E
Meanwhile, I proposed a temporary fix in Rampart that skips results with empty
Ids (attached).
The second issue is triggered by a change in xmlsec 1.5.2 which adds cloning of
KeyInfo elements, however the root cause seems to be a change iн how Rahas
TestUtil constructs a SOAP envelope:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/test/util/TestUtil.java?r1=1298295&r2=1299913
I have raised this issue on Axis2 dev list:
http://mail-archives.apache.org/mod_mbox/axis-java-dev/201407.mbox/%3CCAEu2FROZusGJr%3DtzSRXe88hXYpV%3DzAyrNE-vwDYpi0tZG9Vy4Q%40mail.gmail.com%3E
I will update this issue once a solution is found. I can help with further
issues if such are found. Please note that all Rampart tests pass successfully
with wss4j 1.6.16 after applying the provided Rampart wss4j workaround and
reverting the Rampart Axiom-related changes done in revision 1299913.
> Upgrade Rampart to use latest wss4j 1.6.16
> ------------------------------------------
>
> Key: RAMPART-415
> URL: https://issues.apache.org/jira/browse/RAMPART-415
> Project: Rampart
> Issue Type: Improvement
> Affects Versions: 1.6.2
> Reporter: Detelin Yordanov
> Fix For: 1.7.0, 1.6.3
>
> Attachments: rampart_wss4j.patch
>
>
> Rampart uses an outdated wss4j 1.6.4 version, while wss4j 1.6.16 was released
> just recently. I think it is important for Rampart to use latest stable web
> services for java, additionally my team is willing to contribute some Rampart
> extensions which require wss4j 1.6.16. I tested Rampart trunk with wss4j
> 1.6.16 and noticed two failing tests:
> - org.apache.rampart.RampartTest.testWithPolicy, scenario 7
> - org.apache.rahas.impl.util.CommonUtilTest.testGetDecryptedBytes
> The first issue is caused by a change in wss4j to add an "id" to the
> "Reference List" security processing results even when the value is an empty
> literal. I discussed the issue on wss4j mailing list and a fix for this will
> be available in next wss4j 1.6.17 version, see:
> http://mail-archives.apache.org/mod_mbox/ws-dev/201407.mbox/%3ccaeu2frpx1envbytejnyblnc1w1zb9ssjxskgh7m0adszamr...@mail.gmail.com%3E
> Meanwhile, I proposed a temporary fix in Rampart that skips results with
> empty Ids (attached).
> The second issue is triggered by a change in xmlsec 1.5.2 which adds cloning
> of KeyInfo elements, however the root cause seems to be a change is how Rahas
> TestUtil constructs a SOAP envelope:
> [Avoid direct references to Axiom implementation
> classes|http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/test/util/TestUtil.java?r1=1298295&r2=1299913]
> I have raised this issue on Axis2 dev list:
> http://mail-archives.apache.org/mod_mbox/axis-java-dev/201407.mbox/%3CCAEu2FROZusGJr%3DtzSRXe88hXYpV%3DzAyrNE-vwDYpi0tZG9Vy4Q%40mail.gmail.com%3E
> I will update this issue once a solution is found. I can help with further
> issues if such are found. Please note that all Rampart tests pass
> successfully with wss4j 1.6.16 after applying the provided Rampart wss4j
> workaround and reverting the Rampart Axiom-related changes done in revision
> [1299913|http://svn.apache.org/viewvc?view=revision&revision=1299913].
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
