[
https://issues.apache.org/jira/browse/RAMPART-371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski resolved RAMPART-371.
-------------------------------------
Resolution: Fixed
Fixed in 2.0.0.
Root cause: org.apache.rahas.Rahas.canSupportAssertion(Assertion) returned
false
unconditionally. During policy-driven module engagement, Axis2
(AxisDescription.engageModulesForPolicy) looks up the modules registered for
an
assertion's namespace and requires every one of them to return true from
canSupportAssertion; otherwise it throws "atleast one module can't support
...".
The rahas module.xml registers for both the WS-SecurityPolicy 1.1
(http://schemas.xmlsoap.org/ws/2005/07/securitypolicy) and 1.2
(http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702) namespaces, and
for the
1.2 namespace rahas is the ONLY registered module. Its blanket false
therefore made
every WS-SecurityPolicy 1.2 policy fail for generated clients with e.g.
"atleast one module can't support {...200702}SupportingTokens" - matching the
original report and the "remove the rahas module" workaround.
Fix: Rahas.canSupportAssertion now returns true for assertions in the
WS-SecurityPolicy 1.1 and 1.2 namespaces (mirroring the Rampart module) and
false
otherwise, with null-safety on the assertion and its QName. Added
RahasModuleTest
covering the supported namespaces, an unrelated namespace, and null inputs.
Verified with a full clean 'mvn verify -Papache-release' across all modules,
including the nine policy samples, on OpenJDK 17/21/25.
> Namespace 'http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702' is
> unsupported by generated client
> --------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-371
> URL: https://issues.apache.org/jira/browse/RAMPART-371
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.6.2
> Reporter: Philippe A
> Assignee: Robert Lazarski
> Priority: Minor
> Fix For: 2.0.0
>
>
> According to the documentation [1], Rampart supports WS Security Policy 1.2
> [2]. I assumed the corresponding namespace would be supported:
> The XML namespace URI that MUST be used by implementations of this
> specification is:
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> However, this namespace is at the origin of an exception in my generated
> client:
> org.apache.axis2.AxisFault: atleast one module can't support
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens
> One workaround is to 'downgrade' the namespace to WS Security Policy 1.1 [3]
> in my server policy, and to regenerate my client:
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> I have not encountered that problem with a simple hand written client.
> [1] http://axis.apache.org/axis2/java/rampart/
> [2]
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html
> [3] http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
