[
https://issues.apache.org/jira/browse/RAMPART-169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12600464#action_12600464
]
chefo edited comment on RAMPART-169 at 6/4/08 12:12 AM:
----------------------------------------------------------------
Hi Nandana,
sorry for the delay... I had some other stuff to take care of...
Anyway... the patch includes the fix for the https token serializer to handle
ws sec policy 1.2 style RequireClientCertificate plus the http basic
authentication and http digest authentication alternatives (again for ws sec
policy 1.2). Additionally I added a small fix on the AlgorithmSuite.
What are the chances of this getting in the 1.4 release? I don't see a 1.4 tag
yet :)
Beside that I found it somewhat confusing to not have a clear policy about
whether the security policy namespace should be declared by the serializers for
the respective token handlers - some of them don't declare the namespace
(?hoping it has been declared already), some insist on declaring it no matter
what, and some try to get it from the writer, and if not present - assume it
has not been declared and therefore write it.
In the case of the HttpsToken I decided to keep it the way it was - no
namespace serialization.
Regards,
Stefan
> HttpsToken serializer does not support ws-securitypolicy 1.2
> ------------------------------------------------------------
>
> Key: RAMPART-169
> URL: https://issues.apache.org/jira/browse/RAMPART-169
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.3
> Environment: any
> Reporter: Stefan Vladov
> Assignee: Ruchith Udayanga Fernando
> Priority: Minor
> Fix For: 1.4
>
> Attachments: httpsTokenPatch.txt
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> org.apache.ws.secpolicy.model.HttpsToken will always serialize the
> RequireClientCertificate as specified in ws-securitypolicy, i.e. as an
> attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it
> should be specified as:
> <sp:HttpsToken>
> <wsp:Policy>
> <sp:RequireClientCertificate/>
> </wsp:Policy>
> </sp:HttpsToken>
> Notably the token builder for the ws-securitypolicy 1.2 works correctly and
> deserializes the token as specified in version 1.2 of the spec.
> Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it
> also consider the other two available elements for the HttpsToken, namely:
> <sp:HttpBasicAuthentication />
> <sp:HttpDigestAuthentication />
> Although these are not handled by rampart, they could be used for policy
> validation.
> Should I supply a diff?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
