axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gergan Dimitrov (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RAMPART-335) X509V3 KeyIdentifier cannot be set dynmaically
Date Mon, 25 Jul 2011 12:39:11 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Gergan Dimitrov updated RAMPART-335:
------------------------------------

    Attachment: patch.txt

Patch fixing this issue, SVN revision 1150660

> X509V3 KeyIdentifier cannot be set dynmaically
> ----------------------------------------------
>
>                 Key: RAMPART-335
>                 URL: https://issues.apache.org/jira/browse/RAMPART-335
>             Project: Rampart
>          Issue Type: Improvement
>    Affects Versions: 1.6.0
>            Reporter: Gergan Dimitrov
>         Attachments: patch.txt
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> Hi all,
> for our SOA solution, we use AXIS2 and Rampart for security. But we configure the rampart
policy at runtime, because we support different users with different security settings and
preferences. Therefore, we use classes from the Rampart api as AsymmetricBinding, X509Token,
etc. to configure. So, we need to support <wsse:KeyIdentifier> with ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3".
Unfortunately, we are not able to do so through the api, because we use the X509Token.require*
methods to specify how the certificate is referenced. And we have only the option setRequireKeyIdentifierReference(),
which by default uses SubjectKeyIdentifer, which is implemented in the RampartUitl class.
Therefore, I think the API can be extended with method such as setRequireX509V3KeyIdentifierReference,
and the RampartUtil.setKeyIdentifierType method to be extended, so that it can set the WSConstants.X509_KEY_IDENTIFIER.
The code changes are really small, and I am ready to provide patch for this. Of course, it
could be better to extend the api to support providing the ValueType as parameter, rather
than using boolean flags, but I leave this decision up to you. 
> Thank for your time and attention.
> Regards,
> Gergan Dimitrov.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message