[
https://issues.apache.org/jira/browse/RAMPART-415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Veithen resolved RAMPART-415.
-------------------------------------
Resolution: Fixed
> Upgrade Rampart to use latest wss4j 1.6.16
> ------------------------------------------
>
> Key: RAMPART-415
> URL: https://issues.apache.org/jira/browse/RAMPART-415
> Project: Rampart
> Issue Type: Improvement
> Affects Versions: 1.6.2
> Reporter: Detelin Yordanov
> Assignee: Andreas Veithen
> Fix For: 1.7.0, 1.6.3
>
> Attachments: rampart16_wss4j.patch, rampart16_wss4j.patch,
> rampart_bcprov.patch, rampart_ut_nopasswd.patch, rampart_wss4j.patch
>
>
> Rampart uses an outdated wss4j 1.6.4 version, while wss4j 1.6.16 was released
> just recently. I think it is important for Rampart to use latest stable
> wss4j, additionally my team is willing to contribute some Rampart extensions
> which require wss4j 1.6.16. I tested Rampart trunk with wss4j 1.6.16 and
> noticed two failing tests:
> - org.apache.rampart.RampartTest.testWithPolicy, scenario 7
> - org.apache.rahas.impl.util.CommonUtilTest.testGetDecryptedBytes
> The first issue is caused by a change in wss4j to add an "id" to the
> "Reference List" security processing results even when the value is an empty
> literal. I discussed the issue on wss4j mailing list and a fix for this will
> be available in next wss4j 1.6.17 version, see:
> http://mail-archives.apache.org/mod_mbox/ws-dev/201407.mbox/%3ccaeu2frpx1envbytejnyblnc1w1zb9ssjxskgh7m0adszamr...@mail.gmail.com%3E
> Meanwhile, I proposed a temporary fix in Rampart that skips results with
> empty Ids (attached).
> The second issue is triggered by a change in xmlsec 1.5.2 which adds cloning
> of KeyInfo elements, however the root cause seems to be a change is how Rahas
> TestUtil constructs a SOAP envelope:
> [Avoid direct references to Axiom implementation
> classes|http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/test/util/TestUtil.java?r1=1298295&r2=1299913]
> I have raised this issue on Axis2 dev list:
> http://mail-archives.apache.org/mod_mbox/axis-java-dev/201407.mbox/%3CCAEu2FROZusGJr%3DtzSRXe88hXYpV%3DzAyrNE-vwDYpi0tZG9Vy4Q%40mail.gmail.com%3E
> I will update this issue once a solution is found. I can help with further
> issues if such are found. Please note that all Rampart tests pass
> successfully with wss4j 1.6.16 after applying the provided Rampart wss4j
> workaround and reverting the Rampart Axiom-related changes done in revision
> [1299913|http://svn.apache.org/viewvc?view=revision&revision=1299913].
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
