axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thilina Buddhika (JIRA)" <j...@apache.org>
Subject [jira] Updated: (RAMPART-119) Invalid behavior when empty <sp:SignedParts/> element present in the policy
Date Tue, 21 Dec 2010 12:36:00 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Thilina Buddhika updated RAMPART-119:
-------------------------------------

    Attachment: RAMPART-119.patch

Attaching to updated patch for the current revision of the trunk.

> Invalid behavior when empty <sp:SignedParts/> element present in the policy
> ---------------------------------------------------------------------------
>
>                 Key: RAMPART-119
>                 URL: https://issues.apache.org/jira/browse/RAMPART-119
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.3
>            Reporter: Nandana Mihindukulasooriya
>            Assignee: Nandana Mihindukulasooriya
>         Attachments: RAMPART-119.patch, RAMPART119.patch
>
>
> According to the ws - security policy specification 1.1 , 5.1.1 Signed Parts Assertion

> This assertion specifies the parts of the message that need integrity protection. If
no child elements are specified, all message headers targeted at the UltimateReceiver role
[SOAP12] or actor [SOAP11] and the body of the message MUST be integrity protected.
> So for an empty signed parts element, we have to sign all the message headers. At current
we don't sign any header if signed parts element is empty.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message