[jira] Resolved: (RAMPART-35) SignedSupportingTokens does not sign the UsernameToken

Mon, 14 May 2007 07:08:37 -0700 

     [ 
https://issues.apache.org/jira/browse/RAMPART-35?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ruchith Udayanga Fernando resolved RAMPART-35.
----------------------------------------------

    Resolution: Invalid

Note that the "SignedSupportingTokens" assertion is with the TransportBinding. 
In this case we do not sign/encr the supporting tokens. Please see section: 
"C.1 Transport Binding" of the WS-SecurityPolicy spec.

Thanks,
Ruchith

> SignedSupportingTokens does not sign the UsernameToken 
> -------------------------------------------------------
>
>                 Key: RAMPART-35
>                 URL: https://issues.apache.org/jira/browse/RAMPART-35
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core, rampart-policy
>    Affects Versions: 1.2
>         Environment: Axis2-1.2, Rampart-Head , apache tomcat 5.5.23, 
>            Reporter: Angel Todorov
>            Priority: Critical
>             Fix For: 1.2
>
>
> The "SignedSupportingTokens" assertion used in sample01 of Rampart , does not 
> actually sign anything. Here is a sample SOAP request captured by TCPMon:
> POST /axis2/services/sample01 HTTP/1.1
> Content-Type: text/xml; charset=UTF-8
> SOAPAction: "urn:echo"
> User-Agent: Axis2
> Host: localhost:8081
> Transfer-Encoding: chunked
> 4fc
> <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope 
> xmlns:wsa="http://www.w3.org/2005/08/addressing"; 
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";><soapenv:Header>
> <wsse:Security 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>  soapenv:mustUnderstand="1"><wsu:Timestamp 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  
> wsu:Id="Timestamp-7102288"><wsu:Created>2007-05-05T18:15:35.682Z</wsu:Created><wsu:Expires>2007-05-05T18:20:35.682Z</wsu:Expires></wsu:Timestamp>
> <wsse:UsernameToken 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  
> wsu:Id="UsernameToken-997377"><wsse:Username>alice</wsse:Username><wsse:Password
>  
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>bobPW</wsse:Password></wsse:UsernameToken></wsse:Security><wsa:To>http://localhost:8081/axis2/services/sample01</wsa:To><wsa:MessageID>urn:uuid:4A2B5586F0788EE9B91178388935566</wsa:MessageID><wsa:Action>urn:echo</wsa:Action></soapenv:Header><soapenv:Body><ns1:echo
>  
> xmlns:ns1="http://sample01.policy.samples.rampart.apache.org/xsd";><param0>Hello
>  world</param0></ns1:echo></soapenv:Body></soapenv:Envelope>
> 0

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to