[jira] Created: (RAMPART-35) SignedSupportingTokens does not sign the UsernameToken

Sat, 05 May 2007 11:45:39 -0700 

SignedSupportingTokens does not sign the UsernameToken 
-------------------------------------------------------

                 Key: RAMPART-35
                 URL: https://issues.apache.org/jira/browse/RAMPART-35
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core, rampart-policy
    Affects Versions: 1.2
         Environment: Axis2-1.2, Rampart-Head , apache tomcat 5.5.23, 
            Reporter: Angel Todorov
            Priority: Critical
             Fix For: 1.2


The "SignedSupportingTokens" assertion used in sample01 of Rampart , does not 
actually sign anything. Here is a sample SOAP request captured by TCPMon:

POST /axis2/services/sample01 HTTP/1.1
Content-Type: text/xml; charset=UTF-8
SOAPAction: "urn:echo"
User-Agent: Axis2
Host: localhost:8081
Transfer-Encoding: chunked

4fc
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope 
xmlns:wsa="http://www.w3.org/2005/08/addressing"; 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";><soapenv:Header>
<wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 soapenv:mustUnderstand="1"><wsu:Timestamp 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 
wsu:Id="Timestamp-7102288"><wsu:Created>2007-05-05T18:15:35.682Z</wsu:Created><wsu:Expires>2007-05-05T18:20:35.682Z</wsu:Expires></wsu:Timestamp>
<wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 
wsu:Id="UsernameToken-997377"><wsse:Username>alice</wsse:Username><wsse:Password
 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>bobPW</wsse:Password></wsse:UsernameToken></wsse:Security><wsa:To>http://localhost:8081/axis2/services/sample01</wsa:To><wsa:MessageID>urn:uuid:4A2B5586F0788EE9B91178388935566</wsa:MessageID><wsa:Action>urn:echo</wsa:Action></soapenv:Header><soapenv:Body><ns1:echo
 
xmlns:ns1="http://sample01.policy.samples.rampart.apache.org/xsd";><param0>Hello 
world</param0></ns1:echo></soapenv:Body></soapenv:Envelope>
0

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to