[
https://issues.apache.org/jira/browse/RAMPART-390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Veithen updated RAMPART-390:
------------------------------------
Description:
The SupportingToken class in the rampart-policy component will only handle one
of the following protection assertions:
- SignedParts
- SignedElements
- EncryptedParts
- EncryptedElements
According to the specification several of these may appear in a supporting
token policy; for example:
{code}
<sp:EncryptedSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
<sp:Header Namespace="http://localhost/HeaderNS_1";
Name="HeaderLocal_1" />
<sp:Header Namespace="http://localhost/HeaderNS_2"; />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
<sp:Header Namespace="http://localhost/HeaderNS_2"; />
</sp:EncryptedParts>
</wsp:Policy>
</sp:EncryptedSupportingTokens>
{code}
was:
The SupportingToken class in the rampart-policy component will only handle one
of the following protection assertions:
- SignedParts
- SignedElements
- EncryptedParts
- EncryptedElements
According to the specification several of these may appear in a supporting
token policy (for example:
<sp:EncryptedSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
<sp:Header Namespace="http://localhost/HeaderNS_1";
Name="HeaderLocal_1" />
<sp:Header Namespace="http://localhost/HeaderNS_2"; />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
<sp:Header Namespace="http://localhost/HeaderNS_2"; />
</sp:EncryptedParts>
</wsp:Policy>
</sp:EncryptedSupportingTokens>
)
> SupportingToken assertions do not support multiple nested protection
> assertions
> -------------------------------------------------------------------------------
>
> Key: RAMPART-390
> URL: https://issues.apache.org/jira/browse/RAMPART-390
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.6.2
> Reporter: Stefan Vladov
> Priority: Minor
> Attachments: SupportingTokenPatch.txt
>
>
> The SupportingToken class in the rampart-policy component will only handle
> one of the following protection assertions:
> - SignedParts
> - SignedElements
> - EncryptedParts
> - EncryptedElements
> According to the specification several of these may appear in a supporting
> token policy; for example:
> {code}
> <sp:EncryptedSupportingTokens
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always";>
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
>
> <sp:SignedParts
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
> <sp:Body />
> <sp:Header Namespace="http://localhost/HeaderNS_1";
> Name="HeaderLocal_1" />
> <sp:Header Namespace="http://localhost/HeaderNS_2"; />
> </sp:SignedParts>
>
> <sp:EncryptedParts
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
> <sp:Body />
> <sp:Header Namespace="http://localhost/HeaderNS_2"; />
> </sp:EncryptedParts>
> </wsp:Policy>
> </sp:EncryptedSupportingTokens>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
