[ 
https://issues.apache.org/jira/browse/RAMPART-421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Lazarski updated RAMPART-421:
------------------------------------
    Fix Version/s: 2.0.0

> Handling of WS-Policy <sp:ContentEncryptedElements  /> is not working properly
> ------------------------------------------------------------------------------
>
>                 Key: RAMPART-421
>                 URL: https://issues.apache.org/jira/browse/RAMPART-421
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core, rampart-policy
>    Affects Versions: 1.6.2, 1.7.0
>            Reporter: Detelin Hadzhiev
>            Assignee: Robert Lazarski
>            Priority: Major
>             Fix For: 2.0.0
>
>         Attachments: content-encr-policy.txt
>
>
> Using following peace of WS policy is not working  as expected. The observed 
> problems are described beneath
> <sp:ContentEncryptedElements 
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
> <sp:XPath xmlns:SOAP="http://www.w3.org/2003/05/soap-envelope"; 
> xmlns:HDR1="urn:mynamespace">/SOAP:Envelope/SOAP:Header/HDR1:TestHeader</sp:XPath>
> <sp:XPath xmlns:SOAP="http://www.w3.org/2003/05/soap-envelope"; 
> xmlns:HDR1="urn:mynamespace">/SOAP:Envelope/SOAP:Header/HDR1:TestHeader2</sp:XPath>
> </sp:ContentEncryptedElements>
> 1. Serialization of policy above omits declared namespace declarations in 
> scope of XPath element. For contrast serialization of sp:EncryptedElements 
> takes into account XPtah namespaces when being serialized.
> 2. In case when only sp:ContentEncryptedElements and no other 
> signed/encrypted parts or elements is used  in the policy then checking 
> whether security header is required in incoming message in 
> RampartUtil.isSecHeaderRequired doesn't take into account 
> ContentEncryptedElements collection size which leads to an error later on.
> See attached policy for reference.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to