[jira] Updated: (RAMPART-244) Invalid behavior when empty element present in the policy

[Thilina Buddhika (JIRA)]

     [ 
https://issues.apache.org/jira/browse/RAMPART-244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thilina Buddhika updated RAMPART-244:
-------------------------------------

    Attachment: encryptedparts-testcases.patch

Hi Nandana/Dobri,

Since Dobri is busy at the moment, I came up with three test cases.

1. Test Case -1
In the server side, we have <sp:EncryptedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";><sp:Body/></sp:EncryptedParts>
 and in the client side policy we have <sp:EncryptedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>. So this 
should invoke the service without any issues.

2. Test Case -2 
In the server side, we have <sp:EncryptedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> and in the 
client side policy we have <sp:EncryptedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";><sp:Body/></sp:EncryptedParts>.
 This is just the right opposite of the above test case. This service 
invocation should work.

3. Test Case -3
In the server side, we have <sp:EncryptedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> and we don't 
encrypt the SOAP body at the the Client side. This test case gets passed only 
if the service invocation fails with an Axis Fault with the message "Expected 
encrypted part missing".


Thanks.
/ thilina 


> Invalid behavior when empty <sp:EncryptedParts/> element present in the policy
> ------------------------------------------------------------------------------
>
>                 Key: RAMPART-244
>                 URL: https://issues.apache.org/jira/browse/RAMPART-244
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.4
>            Reporter: Dobri Kitipov
>            Assignee: Nandana Mihindukulasooriya
>             Fix For: 1.5
>
>         Attachments: encryptedparts-testcases.patch
>
>
> Regarding WS-SecurityPolicy 1.2 
> (http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826515)
>  :
> /sp:EncryptedParts
> This assertion specifies the parts of the message that need confidentiality 
> protection. The single child element of this assertion specifies the set of 
> message parts using an extensible dialect.
> If no child elements are specified, the body of the message MUST be 
> confidentiality protected.
> Currently, this is not supported by Rampart. 
> Similar JIRA is https://issues.apache.org/jira/browse/RAMPART-119

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.