[jira] [Commented] (RAMPART-432) Axis2 BSP compliance

Wed, 30 Oct 2024 08:36:57 -0700 


    [ 
https://issues.apache.org/jira/browse/RAMPART-432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17894261#comment-17894261
 ] 

Robert Lazarski commented on RAMPART-432:
-----------------------------------------

What needs to happen here is related to WSS4J, so there needs to be a way to do 
this: 

RequestData requestData = new RequestData();
requestData.setDisableBSPEnforcement(true);

I'm not familiar with the BSPEnforcement though I did look at the WSS4J method 
that sets it in SamlTokenTest, 
testSAML2EncryptedAssertionViaSeparateEncryptedKey(). 
 
The disableBSPEnforcement property can now be set in the Options class on the 
client side, and in the RampartConfig xml. See below.  

Rampart config: 

<ramp:disableBSPEnforcement>true</ramp:disableBSPEnforcement>

Options: 

                        ConfigurationContext configCtx = 
ConfigurationContextFactory
                                        
.createConfigurationContextFromFileSystem("axis2.xml"); 
                        ServiceClient serClient = new ServiceClient(configCtx, 
null); 
                        serClient.getOptions().setProperty(
                                         
RahasConstants.DISABLE_BSP_ENFORCEMENT, "true");           

At some point I'd like to understand this better so I can create a unit test 
for it and a community contribution would be helpful as this is open source. 
That however will likely have to wait for after 1.8.0. 

> Axis2 BSP compliance
> --------------------
>
>                 Key: RAMPART-432
>                 URL: https://issues.apache.org/jira/browse/RAMPART-432
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-policy
>    Affects Versions: 1.7.0
>         Environment: Windows for client
>            Reporter: jesusincamedio
>            Assignee: Robert Lazarski
>            Priority: Major
>              Labels: bsp-compliance, rampart
>             Fix For: 1.8.0
>
>
> Hi, 
> We have this exception in a SOAP comunication:
> org.apache.axis2.AxisFault: An invalid security token was provided (Bad 
> ValueType "")
>       at 
> org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:180)
>       at 
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
>       at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:335)
>       at org.apache.axis2.engine.Phase.invoke(Phase.java:308)
>       at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:250)
>       at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:156)
>       at 
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:357)
>       at 
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:414)
>       at 
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
>       at 
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:150)
> ...................................................
> Caused by: org.apache.ws.security.WSSecurityException: An invalid security 
> token was provided (Bad ValueType "")
>       at 
> org.apache.ws.security.str.BSPEnforcer.checkBinarySecurityBSPCompliance(BSPEnforcer.java:59)
>       at 
> org.apache.ws.security.str.SignatureSTRParser.processPreviousResult(SignatureSTRParser.java:487)
>       at 
> org.apache.ws.security.str.SignatureSTRParser.parseSecurityTokenReference(SignatureSTRParser.java:132)
>       at 
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:169)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:402)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:309)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:254)
>       at org.apache.rampart.RampartEngine.process(RampartEngine.java:161)
>       at 
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
>       ... 15 more
> After searching for information the cause of the error could be:
> - BSP-compliance
> In CXF people can disable this feature but in rampart-axis2 it seems there is 
> no way to do that.
> ¿Is there any way to disable bsp-compliance though policy file??? or java 
> code?????or any way in the world?????????
> Thanks for your attention,



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to