axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: WS-Security - UsernameToken doesnt work, is this a Rampart BUG?
Date Mon, 18 Jun 2007 04:05:57 GMT
My guess is there's some missing config. Remember just engaging
rampart is not sufficient! One MUST provide the policy/configuration
for Rampart to enforce.

Thanks,
Ruchith

On 6/16/07, Glen Mazza <grm7793@verizon.net> wrote:
> That would appear, indeed, to be an alarmingly big security hole.  We
> are most probably misunderstanding something though.  But as for
> forgetting some configuration, one would guess what you have done should
> fail by default anyway (i.e., no special configuration should be
> necessary to *enable* security if the tags are missing, only perhaps to
> *disable*).
>
> Glen
>
> Am Freitag, den 15.06.2007, 17:45 -0300 schrieb Eduardo Muller:
> >      With this configuration (see
> > http://www-usr.inf.ufsm.br/~muller/rampart.jpg ),
> >
> > where the tag <UsernameToken> is replaced with
> > <incorrectTagUsernameToken>,
> >
> > the web service will be call without pass through the class
> > ServerPWCBHandler.
> >
> >      That means, authentication doesnt work. Is this a rampart BUG?
> >
> > I know how to fix this in
> > the org.apache.rampart.handler.WSDoAllReceiver class.
> > But i want to know if this is necessary (means there is a BUG) or i
> > forgot some configuration??
> >
> > Atenciosamente Eduardo!!
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>


-- 
www.ruchith.org
www.wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message