Return-Path: Delivered-To: apmail-axis-java-dev-archive@www.apache.org Received: (qmail 77080 invoked from network); 22 Dec 2010 07:08:28 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 22 Dec 2010 07:08:28 -0000 Received: (qmail 97618 invoked by uid 500); 22 Dec 2010 07:08:26 -0000 Delivered-To: apmail-axis-java-dev-archive@axis.apache.org Received: (qmail 97357 invoked by uid 500); 22 Dec 2010 07:08:26 -0000 Mailing-List: contact java-dev-help@axis.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: java-dev@axis.apache.org Delivered-To: mailing list java-dev@axis.apache.org Received: (qmail 97177 invoked by uid 99); 22 Dec 2010 07:08:26 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Dec 2010 07:08:26 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Dec 2010 07:08:23 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id oBM78193008082 for ; Wed, 22 Dec 2010 07:08:01 GMT Message-ID: <21766636.261041293001681821.JavaMail.jira@thor> Date: Wed, 22 Dec 2010 02:08:01 -0500 (EST) From: "S.Uthaiyashankar (JIRA)" To: java-dev@axis.apache.org Subject: [jira] Assigned: (RAMPART-277) Rampart ignores token inclusion settings when using the asymmetric security binding MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/RAMPART-277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] S.Uthaiyashankar reassigned RAMPART-277: ---------------------------------------- Assignee: S.Uthaiyashankar (was: Ruchith Udayanga Fernando) > Rampart ignores token inclusion settings when using the asymmetric security binding > ----------------------------------------------------------------------------------- > > Key: RAMPART-277 > URL: https://issues.apache.org/jira/browse/RAMPART-277 > Project: Rampart > Issue Type: Bug > Components: rampart-core > Affects Versions: 1.5 > Reporter: Dave Bryant > Assignee: S.Uthaiyashankar > Priority: Minor > Attachments: RAMPART-277.patch, tokenReference.patch > > > Consider the abbhreviated policy below. It defines x509 tokens for the initiator and recipient: the initiator's token must be included in all messages from the initiator to the recepient, and the recipient's token must not be included at all. > {code:xml} > > > > > > > > > > {code} > When Rampart is used as both the client and server for a web service using this policy, the client's certificate is correctly included as a binary security token in the request. However, the response message from the server to the client also includes this as a binary security token when reference which token was used to encrypt the encrypted symmetric key. This is incorrect as the token was marked as only to be included in messages from the initiator to the recipient. > The problem is that the asymmetric security binding uses RampartUtil.setKeyIdentifierType() to determine what type of key references should be used. As present it will always include a binary security token unless the token inclusion parameter is set to never - i.e. it does not take into account whether we are the initiator or not, and so doesn't handle the alwaysToInitiator and alwaysToRecipient inclusion modes. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org For additional commands, e-mail: java-dev-help@axis.apache.org