axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dimuthu Leelarathne (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (AXIS2-1858) Security validation is made only if security header is found
Date Mon, 11 Dec 2006 12:25:24 GMT
     [ http://issues.apache.org/jira/browse/AXIS2-1858?page=all ]

Dimuthu Leelarathne reassigned AXIS2-1858:
------------------------------------------

    Assignee: Dimuthu Leelarathne

> Security validation is made only if security header is found
> ------------------------------------------------------------
>
>                 Key: AXIS2-1858
>                 URL: http://issues.apache.org/jira/browse/AXIS2-1858
>             Project: Apache Axis 2.0 (Axis2)
>          Issue Type: Bug
>          Components: modules
>    Affects Versions: 1.1
>         Environment: Not important.
>            Reporter: Ali Sadik Kumlali
>         Assigned To: Dimuthu Leelarathne
>
> Hi,
> Although service is expecting a signed message, I don't get any exception if no WS-Security
header has been added to the message. 
> Here are the use cases and how Rampart behaves:
> Common:
>   - Service requires a signed message[1]
>   
> Case1: Client adds <module ref="rampart"/> but doesn't add <parameter name="OutflowSecurity">
to the axis2.xml
>   - Client sends message
>   - Message doesn't have necessary WS-Security headers but only a single one[2]
>   Result
>   - Rampart doesn't log or throw any exception and the message passes to the message
receiver (Unexpected(?) behaviour)
>   
> Case2: Client doesn't add either <module ref="rampart"/> or <parameter name="OutflowSecurity">...
>   - Client sends message
>   - Message doesn't have any WS-Security header.
>   Result
>   - Rampart doesn't log or throw any exception and the message passes to the message
receiver (Unexpected(?) behaviour)
>   
> Regards,
> Ali Sadik Kumlali
>   
> [1]
>     <module ref="rampart"/>
>     <parameter name="InflowSecurity">
>         <action>
>             <items>Signature</items>
>             <signaturePropFile>server_security.properties</signaturePropFile>
>         </action>
>     </parameter>
>   
> [2] <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message