[
https://issues.apache.org/jira/browse/RAMPART-169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nandana Mihindukulasooriya resolved RAMPART-169.
------------------------------------------------
Resolution: Fixed
Fixed
> HttpsToken serializer does not support ws-securitypolicy 1.2
> ------------------------------------------------------------
>
> Key: RAMPART-169
> URL: https://issues.apache.org/jira/browse/RAMPART-169
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.3
> Environment: any
> Reporter: Stefan Vladov
> Assignee: Nandana Mihindukulasooriya
> Priority: Minor
> Fix For: 1.4
>
> Attachments: httpsTokenPatch.txt
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> org.apache.ws.secpolicy.model.HttpsToken will always serialize the
> RequireClientCertificate as specified in ws-securitypolicy, i.e. as an
> attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it
> should be specified as:
> <sp:HttpsToken>
> <wsp:Policy>
> <sp:RequireClientCertificate/>
> </wsp:Policy>
> </sp:HttpsToken>
> Notably the token builder for the ws-securitypolicy 1.2 works correctly and
> deserializes the token as specified in version 1.2 of the spec.
> Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it
> also consider the other two available elements for the HttpsToken, namely:
> <sp:HttpBasicAuthentication />
> <sp:HttpDigestAuthentication />
> Although these are not handled by rampart, they could be used for policy
> validation.
> Should I supply a diff?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
