axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From El Bog <>
Subject [Axis2 1.4.1 / Rampart 1.4] AsymmetricBinding and SignedEncryptedSupportingTokens policy not appied on Usernametoken
Date Thu, 21 Jan 2010 11:46:39 GMT


I'm trying to build a policy file that would :
- use AsymmetricBinding policy,
- add the usernametoken to the security header,
- Sign and Encrypt that usernametoken.

To sign and Encrypt the usernametoken, I've been trying to use the 
<sp:SignedEncryptedSupportingTokens> assertion.

This results in the usernametoken simply not being added to the header...

I had a look at the rampart bug archive, and found RAMPART-34 which is very
close, however it describes a situation where a <sp:TransportBinding> is
used, which is not the case for me.

Looking deeper into axis code, I ended looking at the following code :

RampartUtil.isSecHeaderRequired method.

It seems that this method cheks for :
- SupportingTokens,
- SignedSupportingTokens,
- EndorsingSupportingTokens,
- SignedEndorsingSupportingTokens
to decide wether a security header is required or not.

This results in Rampart considering there is no need for a security header,
whereas when I only use a 
<sp:SignedSupportingTokens> assertion, it does.

I do not understand why this method does not check for the others assertions
which would also encrypt :
- SignedEncryptedSupportingTokens
- EncryptedSupportingTokens
- EndorsingEncryptedSupportingTokens
- SignedEndorsingEncryptedSupportingTokens

Am I missing something or is this a bug in Rampart?

View this message in context:
Sent from the Axis - User mailing list archive at

View raw message