axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boris Dushanov (JIRA)" <>
Subject [jira] [Updated] (RAMPART-426) Rampart has no support for handling actor/role attribute in the Security header
Date Thu, 16 Apr 2015 11:35:59 GMT


Boris Dushanov updated RAMPART-426:
    Attachment: actor.patch

I'm attaching a patch that contains a full blown solution for actor/role.
Rampart now supports configuring inbound and outbound actor.
The support is properly covered with unit and integration tests.

Please note that the solution is backward compatible which means that if no inbound actor
is configured, the RampartEngine will still take the actor from a randomly chosen Security

Do you think that this backward compatibility should stay?

Otherwise Rampart could be more strict and may require an actor to be configured in order
to match on the actor in some of the Security headers received.

> Rampart has no support for handling actor/role attribute in the Security header
> -------------------------------------------------------------------------------
>                 Key: RAMPART-426
>                 URL:
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.6.2
>            Reporter: Boris Dushanov
>         Attachments: actor.patch
> According to the WS-Security specification:
> "The <wsse:Security> header block provides a mechanism for attaching security-related
information targeted at a specific recipient in the form of a SOAP actor/role."
> <wsse:Security S11:actor="..." S11:mustUnderstand="..."/>
> Currently, Rampart is far from full support for actor/role.
>  - RampartEngine has a bare support, taking the 'actor' attribute from a random Security
header.In addition, in SOAP 1.2, the 'actor' attribute is renamed to 'role', which is not
handled by the RampartEngine.
>  - Rampart message builders has no support for actor/role. 
>  - Rampart configuration has no support for actor/role also
> WSS4J has support for actor/role and such could easily be added in Rampart.Proper configuration
should be added and actor/role values should be propagated to WSS4J.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message