axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Udayanga Fernando (JIRA)" <>
Subject [jira] Commented: (AXIS2-2019) RAMPART : Policy handling of <SignedPart> <Header(s)..
Date Wed, 24 Jan 2007 13:44:49 GMT


Ruchith Udayanga Fernando commented on AXIS2-2019:

Hi Hans,

We are still not done with Rampart maven2 build scripts. We should be able to complete it
by the end of the week and shall we attach the patch to the new codebase itself? We have already
moved code over to the new location. [1]



> RAMPART : Policy handling of  <SignedPart> <Header(s)..
> -------------------------------------------------------
>                 Key: AXIS2-2019
>                 URL:
>             Project: Apache Axis 2.0 (Axis2)
>          Issue Type: Bug
>            Reporter: Hans G Knudsen
>         Assigned To: Ruchith Udayanga Fernando
>         Attachments: fix_outgoing_signedpart_headers.diff
> Hi
> Interop testing with .Net/WCF we noticed a few problems if we used/tried to specify "Headers"
in the SignedParts Policy block
> eg
>     <sp:SignedParts xmlns:sp="">
>         <sp:Body/>
>         <sp:Header Name="To" Namespace=""/>
>         <sp:Header Name="Action" Namespace=""/>
>         <sp:Header Name="MessageID" Namespace=""/>
>         <sp:Header Name="ReplyTo" Namespace=""/>
> 1: Incoming handling does not use the list to check that specified headers were signed
> Check could be :
> - Is header from policy-list present in Soap message ?
> - if present - check if header is in 'SignedElements' in WSSecurityEngineResult
> 2: Outgoing handling fails if header specified in policy is  not present in Soap Message
- and message is not sent
> Rampart calls WSS4J->WSSecSignature.addReferencesToSign to add headers to be signed
- but fails if header is not present - could be a specified addressing header which is not
needed in the current message.
> Is this a desirable behaviour ?
> I suppose you specify the headers in <SignedParts> because you want to enforce
that they are signed (when receiving) - so should outgoing handling not be a little less strict
> ( - this could of cause also be a bug in WSS4J )
> 3. When used together with policy element <OnlySignEntireHeadersAndBody> - heades
are added twice to the signature.
> Axis survives this - but .Net/WCF cough a bit (throws exception / Soap fault)
> - this is releated to (2) 
> /hans

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message