ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Apache Rampart test failure with wss4j 1.6.5 and later
Date Tue, 08 Jul 2014 11:55:09 GMT
Hi everyone,
   Our team worked on new functionality that is to be released with
upcoming wss4j 1.6.16 (WSS-500
<> & WSS-501
<>). We have managed to
integrate this functionality within Apache Rampart 1.6.2 and are willing to
contribute the necessary pieces there as well. However, so far we have been
using wss4j 1.6.4 + the corresponding patches and they seem to work fine
with Rampart 1.6.2.
Once I saw the vote for releasing wss4j 1.6.16, I decided to try to build
Rampart 1.6.2 against it, just to make sure it can adopt this new version
in near future.
However, I stumbled upon a test failure in Rampart integration module,
which I managed to track down to a specific commit in wss4j. The commit is
quite old, it is released in wss4j 1.6.5 (latest Rampart uses 1.6.4). The
change that causes trouble is the following:

Log message says "Only decrypt a Data Reference in the
ReferenceListProcessor, if it hasn't already been decrypted by the

The specific Rampart test that fails is
"org.apache.rampart.RampartTest#testWithPolicy()" using the following
security policy:

I'm attaching the SOAP request and response (request.xml and response.xml),
the actual error message is on the client side, when processing the
response from the service:
java.lang.StringIndexOutOfBoundsException: String index out of range: 0
    at java.lang.String.charAt(
    at org.apache.rampart.RampartEngine.process(

The stack trace is generated using wss4j revision 1294114.

It can be seen that the response contains invalid references (URI not
correctly set):

<wsse:SecurityTokenReference ...
    <wsse:Reference URI="#"  ValueType=""

I'm now trying to figure out what is the root cause of this and whether the
problem is on the wss4j side or on Rampart's side, but I would be glad if
anyone more experienced takes a look into this and provides some feedback.



View raw message