[jira] [Commented] (RAMPART-374) Not Able to use custom validator for USERNAME_TOKEN during server side validation
[ https://issues.apache.org/jira/browse/RAMPART-374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17894714#comment-17894714 ] Robert Lazarski commented on RAMPART-374: - Best I can tell, RampartUsernameTokenValidator was implemented in 2013 - anyways, we now support the latest WSS4J 3.0.3. I am going to mark this issue as fixed since the commit message seems to address the issue: commit 3c67f6eca25663a5fde88e6e13d8df77507230d7 Author: Ruchith Udayanga Fernando Date: Wed Jan 30 06:12:39 2013 + Fixed the issue raised in this [1] discussion. RampartUsernameTokenValidator overrides the verifyPlaintextPassword method of org.apache.ws.security.validate.UsernameTokenValidator The default implementation expects the callback handler to supply the plain text password (when a username token with a plain text password is used), which should not be possible in practice > Not Able to use custom validator for USERNAME_TOKEN during server side > validation > - > > Key: RAMPART-374 > URL: https://issues.apache.org/jira/browse/RAMPART-374 > Project: Rampart > Issue Type: Bug > Components: rampart-core >Affects Versions: 1.6.2 > Environment: Windows 7 Enterprise Service pack 1, jboss-5.1.0.GA, > axis2-1.6.2 (exploded war), rampart-1.6.2 >Reporter: AravindPS >Assignee: Robert Lazarski >Priority: Major > Labels: axis21.6, rampart1.6.2 > > Hi, > We are upgrading from Axis2 1.5.5/ Rampart 1.5.11 to axis2 > 1.6.2/Rampart1.6.2. Here we have seen that the USERNAME_TOKEN_UNKNOWN has > been deprecated and hence there is no backward compatibility. At this late > stage we cannot implement the code to provide passwords at the server > password callback class. So we have a problem. > The server password callback class is asking for the password. We have > designed the services such that for username token authentication we are > sending the request to another directory store for authentication. > Is there a way to process this without giving the password at server side. > Can we configure custom validators to pass the authentication for > USERNAME_TOKEN without validating the passwords? > If yes can you tell us how to write/configure custom validators? > Also, if there is any other solution do let us know. > Thanks, > Aravind -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Updated] (RAMPART-374) Not Able to use custom validator for USERNAME_TOKEN during server side validation
[ https://issues.apache.org/jira/browse/RAMPART-374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Lazarski updated RAMPART-374: Fix Version/s: 1.8.0 > Not Able to use custom validator for USERNAME_TOKEN during server side > validation > - > > Key: RAMPART-374 > URL: https://issues.apache.org/jira/browse/RAMPART-374 > Project: Rampart > Issue Type: Bug > Components: rampart-core >Affects Versions: 1.6.2 > Environment: Windows 7 Enterprise Service pack 1, jboss-5.1.0.GA, > axis2-1.6.2 (exploded war), rampart-1.6.2 >Reporter: AravindPS >Assignee: Robert Lazarski >Priority: Major > Labels: axis21.6, rampart1.6.2 > Fix For: 1.8.0 > > > Hi, > We are upgrading from Axis2 1.5.5/ Rampart 1.5.11 to axis2 > 1.6.2/Rampart1.6.2. Here we have seen that the USERNAME_TOKEN_UNKNOWN has > been deprecated and hence there is no backward compatibility. At this late > stage we cannot implement the code to provide passwords at the server > password callback class. So we have a problem. > The server password callback class is asking for the password. We have > designed the services such that for username token authentication we are > sending the request to another directory store for authentication. > Is there a way to process this without giving the password at server side. > Can we configure custom validators to pass the authentication for > USERNAME_TOKEN without validating the passwords? > If yes can you tell us how to write/configure custom validators? > Also, if there is any other solution do let us know. > Thanks, > Aravind -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Comment Edited] (RAMPART-374) Not Able to use custom validator for USERNAME_TOKEN during server side validation
[ https://issues.apache.org/jira/browse/RAMPART-374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17894714#comment-17894714 ] Robert Lazarski edited comment on RAMPART-374 at 10/31/24 9:23 PM: --- Best I can tell, RampartUsernameTokenValidator was implemented in 2013 - anyways, we now support the latest WSS4J 3.0.3. I am going to mark this issue as fixed since the commit message seems to address the issue: commit 3c67f6eca25663a5fde88e6e13d8df77507230d7 Author: Ruchith Udayanga Fernando Date: Wed Jan 30 06:12:39 2013 + Fixed the issue raised in this [1] discussion. RampartUsernameTokenValidator overrides the verifyPlaintextPassword method of org.apache.ws.security.validate.UsernameTokenValidator The default implementation expects the callback handler to supply the plain text password (when a username token with a plain text password is used), which should not be possible in practice 1.http://marc.info/?t=13582802313&r=1&w=3 was (Author: robertlazarski): Best I can tell, RampartUsernameTokenValidator was implemented in 2013 - anyways, we now support the latest WSS4J 3.0.3. I am going to mark this issue as fixed since the commit message seems to address the issue: commit 3c67f6eca25663a5fde88e6e13d8df77507230d7 Author: Ruchith Udayanga Fernando Date: Wed Jan 30 06:12:39 2013 + Fixed the issue raised in this [1] discussion. RampartUsernameTokenValidator overrides the verifyPlaintextPassword method of org.apache.ws.security.validate.UsernameTokenValidator The default implementation expects the callback handler to supply the plain text password (when a username token with a plain text password is used), which should not be possible in practice > Not Able to use custom validator for USERNAME_TOKEN during server side > validation > - > > Key: RAMPART-374 > URL: https://issues.apache.org/jira/browse/RAMPART-374 > Project: Rampart > Issue Type: Bug > Components: rampart-core >Affects Versions: 1.6.2 > Environment: Windows 7 Enterprise Service pack 1, jboss-5.1.0.GA, > axis2-1.6.2 (exploded war), rampart-1.6.2 >Reporter: AravindPS >Assignee: Robert Lazarski >Priority: Major > Labels: axis21.6, rampart1.6.2 > > Hi, > We are upgrading from Axis2 1.5.5/ Rampart 1.5.11 to axis2 > 1.6.2/Rampart1.6.2. Here we have seen that the USERNAME_TOKEN_UNKNOWN has > been deprecated and hence there is no backward compatibility. At this late > stage we cannot implement the code to provide passwords at the server > password callback class. So we have a problem. > The server password callback class is asking for the password. We have > designed the services such that for username token authentication we are > sending the request to another directory store for authentication. > Is there a way to process this without giving the password at server side. > Can we configure custom validators to pass the authentication for > USERNAME_TOKEN without validating the passwords? > If yes can you tell us how to write/configure custom validators? > Also, if there is any other solution do let us know. > Thanks, > Aravind -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Resolved] (RAMPART-374) Not Able to use custom validator for USERNAME_TOKEN during server side validation
[ https://issues.apache.org/jira/browse/RAMPART-374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Lazarski resolved RAMPART-374. - Resolution: Fixed > Not Able to use custom validator for USERNAME_TOKEN during server side > validation > - > > Key: RAMPART-374 > URL: https://issues.apache.org/jira/browse/RAMPART-374 > Project: Rampart > Issue Type: Bug > Components: rampart-core >Affects Versions: 1.6.2 > Environment: Windows 7 Enterprise Service pack 1, jboss-5.1.0.GA, > axis2-1.6.2 (exploded war), rampart-1.6.2 >Reporter: AravindPS >Assignee: Robert Lazarski >Priority: Major > Labels: axis21.6, rampart1.6.2 > Fix For: 1.8.0 > > > Hi, > We are upgrading from Axis2 1.5.5/ Rampart 1.5.11 to axis2 > 1.6.2/Rampart1.6.2. Here we have seen that the USERNAME_TOKEN_UNKNOWN has > been deprecated and hence there is no backward compatibility. At this late > stage we cannot implement the code to provide passwords at the server > password callback class. So we have a problem. > The server password callback class is asking for the password. We have > designed the services such that for username token authentication we are > sending the request to another directory store for authentication. > Is there a way to process this without giving the password at server side. > Can we configure custom validators to pass the authentication for > USERNAME_TOKEN without validating the passwords? > If yes can you tell us how to write/configure custom validators? > Also, if there is any other solution do let us know. > Thanks, > Aravind -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Assigned] (RAMPART-361) Rampart can not accept Username token which is generated from WCF client. Due to name space qualified password type attribute in username token
[ https://issues.apache.org/jira/browse/RAMPART-361?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Lazarski reassigned RAMPART-361: --- Assignee: Robert Lazarski > Rampart can not accept Username token which is generated from WCF client. Due > to name space qualified password type attribute in username token > --- > > Key: RAMPART-361 > URL: https://issues.apache.org/jira/browse/RAMPART-361 > Project: Rampart > Issue Type: Bug > Components: rampart-core >Affects Versions: 1.6.0 > Environment: VS 2010 >Reporter: asela pathberiya >Assignee: Robert Lazarski >Priority: Major > Attachments: RAMPART-361.patch > > > Error > Caused by: org.apache.ws.security.WSSecurityException: An invalid security > token was provided (Bad UsernameToken Values) > at > org.apache.ws.security.message.token.UsernameToken.(UsernameToken.java:182) > at > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:96) > > This is generated in WSS4j . "allowNamespaceQualifiedPasswordTypes" property > in WSSConfig object that is handover to "UsernameToken" class ; is false. > But for the username token that is generated from WCF client, that property > must be true. Therefore i hope it must be handle at rampart level -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Updated] (RAMPART-361) Rampart can not accept Username token which is generated from WCF client. Due to name space qualified password type attribute in username token
[ https://issues.apache.org/jira/browse/RAMPART-361?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Lazarski updated RAMPART-361: Fix Version/s: 1.8.0 > Rampart can not accept Username token which is generated from WCF client. Due > to name space qualified password type attribute in username token > --- > > Key: RAMPART-361 > URL: https://issues.apache.org/jira/browse/RAMPART-361 > Project: Rampart > Issue Type: Bug > Components: rampart-core >Affects Versions: 1.6.0 > Environment: VS 2010 >Reporter: asela pathberiya >Assignee: Robert Lazarski >Priority: Major > Fix For: 1.8.0 > > Attachments: RAMPART-361.patch > > > Error > Caused by: org.apache.ws.security.WSSecurityException: An invalid security > token was provided (Bad UsernameToken Values) > at > org.apache.ws.security.message.token.UsernameToken.(UsernameToken.java:182) > at > org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:96) > > This is generated in WSS4j . "allowNamespaceQualifiedPasswordTypes" property > in WSSConfig object that is handover to "UsernameToken" class ; is false. > But for the username token that is generated from WCF client, that property > must be true. Therefore i hope it must be handle at rampart level -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Assigned] (RAMPART-425) Links not found
[ https://issues.apache.org/jira/browse/RAMPART-425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Lazarski reassigned RAMPART-425: --- Assignee: Robert Lazarski > Links not found > --- > > Key: RAMPART-425 > URL: https://issues.apache.org/jira/browse/RAMPART-425 > Project: Rampart > Issue Type: Documentation > Components: rampart-policy >Affects Versions: 1.6.2 > Environment: Doesn't matter >Reporter: Alberto Quinto >Assignee: Robert Lazarski >Priority: Major > Labels: easyfix > Fix For: 1.8.0 > > > I'm starting to work with Rampart and I need some examples. I'm trying to > take a look to your source example in the following section: > https://axis.apache.org/axis2/java/rampart/samples.html > I need the source code of the examples 5 and 6. And doesn't works. Can you > fix it? > I'm talking about these links: > https://axis.apache.org/axis2/java/rampart/samples/msgs/req05.xml > https://axis.apache.org/axis2/java/rampart/samples/msgs/res05.xml > https://axis.apache.org/axis2/java/rampart/samples/msgs/req06.xml > https://axis.apache.org/axis2/java/rampart/samples/msgs/res06.xml > Best Regards, > Alberto -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Updated] (RAMPART-425) Links not found
[ https://issues.apache.org/jira/browse/RAMPART-425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Lazarski updated RAMPART-425: Fix Version/s: 1.8.0 (was: 1.6.2) > Links not found > --- > > Key: RAMPART-425 > URL: https://issues.apache.org/jira/browse/RAMPART-425 > Project: Rampart > Issue Type: Documentation > Components: rampart-policy >Affects Versions: 1.6.2 > Environment: Doesn't matter >Reporter: Alberto Quinto >Priority: Major > Labels: easyfix > Fix For: 1.8.0 > > > I'm starting to work with Rampart and I need some examples. I'm trying to > take a look to your source example in the following section: > https://axis.apache.org/axis2/java/rampart/samples.html > I need the source code of the examples 5 and 6. And doesn't works. Can you > fix it? > I'm talking about these links: > https://axis.apache.org/axis2/java/rampart/samples/msgs/req05.xml > https://axis.apache.org/axis2/java/rampart/samples/msgs/res05.xml > https://axis.apache.org/axis2/java/rampart/samples/msgs/req06.xml > https://axis.apache.org/axis2/java/rampart/samples/msgs/res06.xml > Best Regards, > Alberto -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Resolved] (RAMPART-425) Links not found
[ https://issues.apache.org/jira/browse/RAMPART-425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Lazarski resolved RAMPART-425. - Resolution: Fixed > Links not found > --- > > Key: RAMPART-425 > URL: https://issues.apache.org/jira/browse/RAMPART-425 > Project: Rampart > Issue Type: Documentation > Components: rampart-policy >Affects Versions: 1.6.2 > Environment: Doesn't matter >Reporter: Alberto Quinto >Assignee: Robert Lazarski >Priority: Major > Labels: easyfix > Fix For: 1.8.0 > > > I'm starting to work with Rampart and I need some examples. I'm trying to > take a look to your source example in the following section: > https://axis.apache.org/axis2/java/rampart/samples.html > I need the source code of the examples 5 and 6. And doesn't works. Can you > fix it? > I'm talking about these links: > https://axis.apache.org/axis2/java/rampart/samples/msgs/req05.xml > https://axis.apache.org/axis2/java/rampart/samples/msgs/res05.xml > https://axis.apache.org/axis2/java/rampart/samples/msgs/req06.xml > https://axis.apache.org/axis2/java/rampart/samples/msgs/res06.xml > Best Regards, > Alberto -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Assigned] (RAMPART-374) Not Able to use custom validator for USERNAME_TOKEN during server side validation
[ https://issues.apache.org/jira/browse/RAMPART-374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Lazarski reassigned RAMPART-374: --- Assignee: Robert Lazarski (was: Amila Jayasekara) > Not Able to use custom validator for USERNAME_TOKEN during server side > validation > - > > Key: RAMPART-374 > URL: https://issues.apache.org/jira/browse/RAMPART-374 > Project: Rampart > Issue Type: Bug > Components: rampart-core >Affects Versions: 1.6.2 > Environment: Windows 7 Enterprise Service pack 1, jboss-5.1.0.GA, > axis2-1.6.2 (exploded war), rampart-1.6.2 >Reporter: AravindPS >Assignee: Robert Lazarski >Priority: Major > Labels: axis21.6, rampart1.6.2 > > Hi, > We are upgrading from Axis2 1.5.5/ Rampart 1.5.11 to axis2 > 1.6.2/Rampart1.6.2. Here we have seen that the USERNAME_TOKEN_UNKNOWN has > been deprecated and hence there is no backward compatibility. At this late > stage we cannot implement the code to provide passwords at the server > password callback class. So we have a problem. > The server password callback class is asking for the password. We have > designed the services such that for username token authentication we are > sending the request to another directory store for authentication. > Is there a way to process this without giving the password at server side. > Can we configure custom validators to pass the authentication for > USERNAME_TOKEN without validating the passwords? > If yes can you tell us how to write/configure custom validators? > Also, if there is any other solution do let us know. > Thanks, > Aravind -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
