[
https://issues.apache.org/jira/browse/RAMPART-415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14063914#comment-14063914
]
Andreas Veithen commented on RAMPART-415:
-----------------------------------------
Applied the patch for the UsernameToken issue.
Do you think that we should try to merge all these fixes to the 1.6 branch, or
should we just leave that branch at WSS4J 1.6.4?
> Upgrade Rampart to use latest wss4j 1.6.16
> ------------------------------------------
>
> Key: RAMPART-415
> URL: https://issues.apache.org/jira/browse/RAMPART-415
> Project: Rampart
> Issue Type: Improvement
> Affects Versions: 1.6.2
> Reporter: Detelin Yordanov
> Assignee: Andreas Veithen
> Fix For: 1.7.0, 1.6.3
>
> Attachments: rampart16_wss4j.patch, rampart_bcprov.patch,
> rampart_ut_nopasswd.patch, rampart_wss4j.patch
>
>
> Rampart uses an outdated wss4j 1.6.4 version, while wss4j 1.6.16 was released
> just recently. I think it is important for Rampart to use latest stable
> wss4j, additionally my team is willing to contribute some Rampart extensions
> which require wss4j 1.6.16. I tested Rampart trunk with wss4j 1.6.16 and
> noticed two failing tests:
> - org.apache.rampart.RampartTest.testWithPolicy, scenario 7
> - org.apache.rahas.impl.util.CommonUtilTest.testGetDecryptedBytes
> The first issue is caused by a change in wss4j to add an "id" to the
> "Reference List" security processing results even when the value is an empty
> literal. I discussed the issue on wss4j mailing list and a fix for this will
> be available in next wss4j 1.6.17 version, see:
> http://mail-archives.apache.org/mod_mbox/ws-dev/201407.mbox/%3ccaeu2frpx1envbytejnyblnc1w1zb9ssjxskgh7m0adszamr...@mail.gmail.com%3E
> Meanwhile, I proposed a temporary fix in Rampart that skips results with
> empty Ids (attached).
> The second issue is triggered by a change in xmlsec 1.5.2 which adds cloning
> of KeyInfo elements, however the root cause seems to be a change is how Rahas
> TestUtil constructs a SOAP envelope:
> [Avoid direct references to Axiom implementation
> classes|http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/test/util/TestUtil.java?r1=1298295&r2=1299913]
> I have raised this issue on Axis2 dev list:
> http://mail-archives.apache.org/mod_mbox/axis-java-dev/201407.mbox/%3CCAEu2FROZusGJr%3DtzSRXe88hXYpV%3DzAyrNE-vwDYpi0tZG9Vy4Q%40mail.gmail.com%3E
> I will update this issue once a solution is found. I can help with further
> issues if such are found. Please note that all Rampart tests pass
> successfully with wss4j 1.6.16 after applying the provided Rampart wss4j
> workaround and reverting the Rampart Axiom-related changes done in revision
> [1299913|http://svn.apache.org/viewvc?view=revision&revision=1299913].
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
