[
https://issues.apache.org/jira/browse/RAMPART-426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893304#comment-17893304
]
Robert Lazarski commented on RAMPART-426:
-----------------------------------------
This patch was applied back in 2017, so I am marking it as closed.
> Rampart has no support for handling actor/role attribute in the Security
> header
> -------------------------------------------------------------------------------
>
> Key: RAMPART-426
> URL: https://issues.apache.org/jira/browse/RAMPART-426
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.6.2
> Reporter: Boris Dushanov
> Priority: Major
> Labels: Patch
> Attachments: actor.patch
>
>
> According to the WS-Security specification:
> "The <wsse:Security> header block provides a mechanism for attaching
> security-related information targeted at a specific recipient in the form of
> a SOAP actor/role."
> <wsse:Security S11:actor="..." S11:mustUnderstand="..."/>
> Currently, Rampart is far from full support for actor/role.
> - RampartEngine has a bare support, taking the 'actor' attribute from a
> random Security header.In addition, in SOAP 1.2, the 'actor' attribute is
> renamed to 'role', which is not handled by the RampartEngine.
> - Rampart message builders has no support for actor/role.
> - Rampart configuration has no support for actor/role also
> WSS4J has support for actor/role and such could easily be added in
> Rampart.Proper configuration should be added and actor/role values should be
> propagated to WSS4J.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
