axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Simon Jongsma (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RAMPART-385) Rampart does check username token password (via callback), even though "NoPassword" was specified in Security Policy
Date Thu, 13 Sep 2012 09:25:07 GMT

    [ https://issues.apache.org/jira/browse/RAMPART-385?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13454760#comment-13454760
] 

Simon Jongsma commented on RAMPART-385:
---------------------------------------

Thanks so far Suresh. I was not aware I could specify the WS-SecurityPolicy version to be
used by Rampart.
Could you instruct me as to where I can specify this?
                
> Rampart does check username token password (via callback), even though "NoPassword" was
specified in Security Policy
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-385
>                 URL: https://issues.apache.org/jira/browse/RAMPART-385
>             Project: Rampart
>          Issue Type: Question
>         Environment: JBoss 5.1.2 
> Axis2 1.6.2 
> Rampart/Rahas 1.6.2
>            Reporter: Simon Jongsma
>         Attachments: RAMPART-385.patch
>
>
> A Policy was specified on a web service as such:
> 					<sp:SupportingTokens>
> 						<wsp:Policy>
> 							<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> 						        <wsp:Policy>
> 						         <sp:NoPassword/>
> 						        </wsp:Policy>
> 					      </sp:UsernameToken>		
>       				</wsp:Policy>
> 					</sp:SupportingTokens>
> If the request contains username token + password in security header, I would expect
(hope) rampart to ignore 
> the password or complain that a password is present (i'm not sure about the meaning of
NoPassword in this respect).
> Anyway: rampart will go into the password callback and require us to supply the value.
> Is this correct?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message