Invalid behavior when empty <sp:SignedParts/> element present in the policy
---------------------------------------------------------------------------
Key: RAMPART-119
URL: https://issues.apache.org/jira/browse/RAMPART-119
Project: Rampart
Issue Type: Bug
Components: rampart-core
Affects Versions: 1.3
Reporter: Nandana Mihindukulasooriya
According to the ws - security policy specification 1.1 , 5.1.1 Signed Parts
Assertion
This assertion specifies the parts of the message that need integrity
protection. If no child elements are specified, all message headers targeted at
the UltimateReceiver role [SOAP12] or actor [SOAP11] and the body of the
message MUST be integrity protected.
So for an empty signed parts element, we have to sign all the message headers.
At current we don't sign any header if signed parts element is empty.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
