axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hans G Knudsen (JIRA)" <>
Subject [jira] Created: (AXIS2-2018) RAMPART : Incoming policy validation of Bulk Encryption Algorithms.
Date Tue, 23 Jan 2007 12:12:49 GMT
RAMPART : Incoming policy validation of Bulk Encryption Algorithms.

                 Key: AXIS2-2018
             Project: Apache Axis 2.0 (Axis2)
          Issue Type: Bug
          Components: modules
            Reporter: Hans G Knudsen


Rampart does not seem to validate the bulk encryption algorithm on an incoming message againts
the algorithm specified in the policy.

when <sp:Basic256/> / <sp:Basic256Rsa15/> is specified - check that received algorithm
url is
- same for 128 + 192 bit aes..
when  <sp:TripleDes>  ->

Would it conform to WS-standards to make these checks/validations ??

The needed information from the received messages is not collected by WSS4J / WSSecurityEngineResult,
and the original encrypted parts has been decrypted/replaced when reaching PolicyBasedResultsValidator,
so a few changes would be needed...

Should I add a "Collect Encryption algs for Encrypted Parts" on WSS4J issue :


This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message