axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Veithen (JIRA)" <j...@apache.org>
Subject [jira] (RAMPART-390) SupportingToken assertions do not support multiple nested protection assertions
Date Tue, 31 Jan 2017 19:58:51 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andreas Veithen updated RAMPART-390:
------------------------------------
    Description: 
The SupportingToken class in the rampart-policy component will only handle one of the following
protection assertions:
 - SignedParts
 - SignedElements
 - EncryptedParts
 - EncryptedElements

According to the specification several of these may appear in a supporting token policy; for
example:

{code}
<sp:EncryptedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
  <wsp:Policy>
	<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
	  <wsp:Policy>
		<sp:WssX509V3Token10 />
	  </wsp:Policy>
	</sp:X509Token>
  
	<sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
	  <sp:Body />
	  <sp:Header Namespace="http://localhost/HeaderNS_1" Name="HeaderLocal_1" />
	  <sp:Header Namespace="http://localhost/HeaderNS_2" />
	</sp:SignedParts>
	
	<sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
	  <sp:Body />
	  <sp:Header Namespace="http://localhost/HeaderNS_2" />
	</sp:EncryptedParts>
  </wsp:Policy>
</sp:EncryptedSupportingTokens>
{code}

  was:
The SupportingToken class in the rampart-policy component will only handle one of the following
protection assertions:
 - SignedParts
 - SignedElements
 - EncryptedParts
 - EncryptedElements

According to the specification several of these may appear in a supporting token policy (for
example:
<sp:EncryptedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
  <wsp:Policy>
	<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
	  <wsp:Policy>
		<sp:WssX509V3Token10 />
	  </wsp:Policy>
	</sp:X509Token>
  
	<sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
	  <sp:Body />
	  <sp:Header Namespace="http://localhost/HeaderNS_1" Name="HeaderLocal_1" />
	  <sp:Header Namespace="http://localhost/HeaderNS_2" />
	</sp:SignedParts>
	
	<sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
	  <sp:Body />
	  <sp:Header Namespace="http://localhost/HeaderNS_2" />
	</sp:EncryptedParts>
  </wsp:Policy>
</sp:EncryptedSupportingTokens>
)


> SupportingToken assertions do not support multiple nested protection assertions
> -------------------------------------------------------------------------------
>
>                 Key: RAMPART-390
>                 URL: https://issues.apache.org/jira/browse/RAMPART-390
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-policy
>    Affects Versions: 1.6.2
>            Reporter: Stefan Vladov
>            Priority: Minor
>         Attachments: SupportingTokenPatch.txt
>
>
> The SupportingToken class in the rampart-policy component will only handle one of the
following protection assertions:
>  - SignedParts
>  - SignedElements
>  - EncryptedParts
>  - EncryptedElements
> According to the specification several of these may appear in a supporting token policy;
for example:
> {code}
> <sp:EncryptedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>   <wsp:Policy>
> 	<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> 	  <wsp:Policy>
> 		<sp:WssX509V3Token10 />
> 	  </wsp:Policy>
> 	</sp:X509Token>
>   
> 	<sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> 	  <sp:Body />
> 	  <sp:Header Namespace="http://localhost/HeaderNS_1" Name="HeaderLocal_1" />
> 	  <sp:Header Namespace="http://localhost/HeaderNS_2" />
> 	</sp:SignedParts>
> 	
> 	<sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> 	  <sp:Body />
> 	  <sp:Header Namespace="http://localhost/HeaderNS_2" />
> 	</sp:EncryptedParts>
>   </wsp:Policy>
> </sp:EncryptedSupportingTokens>
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message