axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Kim (JIRA)" <j...@apache.org>
Subject [jira] Created: (AXIS2-4351) Axis2: Rampart module should not check the order of WS-Security header tags
Date Mon, 18 May 2009 23:36:45 GMT
Axis2: Rampart module should not check the order of WS-Security header tags
---------------------------------------------------------------------------

                 Key: AXIS2-4351
                 URL: https://issues.apache.org/jira/browse/AXIS2-4351
             Project: Axis 2.0 (Axis2)
          Issue Type: Bug
          Components: modules
    Affects Versions: 1.4.1
         Environment: Linux  2.6.9-78.0.1.ELsmp   x86_64 x86_64 x86_64 GNU/Linux
            Reporter: Peter Kim


According to WS-Security specification, the order of security header tags can be in any sequence.
eg.
under <wsse:Security>, it can <Timestamp> and <UsernameToken> in any order,
but current Rampart module is checking this sequence by calling wss4j default method  (see
below) to check the order (WSDoAllReceiver.java)        

         * now check the security actions: do they match, in right order?
         */
        if (!checkReceiverResults(wsResult, actions)) {
            throw new AxisFault(
                    "WSDoAllReceiver: security processing failed (actions mismatch)");

        }

Please rectify this to fulfill the security requirement by either removing this or enable
as an optional field.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message