axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boris Dushanov (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (RAMPART-426) Rampart has no support for handling actor/role attribute in the Security header
Date Thu, 16 Apr 2015 11:36:59 GMT

    [ https://issues.apache.org/jira/browse/RAMPART-426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14497937#comment-14497937
] 

Boris Dushanov edited comment on RAMPART-426 at 4/16/15 11:36 AM:
------------------------------------------------------------------

I'm attaching a patch that contains a full blown solution for actor/role.
Rampart now supports configuring inbound and outbound actor.
The support is properly covered with unit and integration tests.

Please note that the solution is backward compatible which means that if no inbound actor
is configured, the RampartEngine will still use the actor(if such is available) from a randomly
chosen Security header.

Do you think that this backward compatibility should stay?

Otherwise Rampart could be more strict and may require an actor to be configured in order
to match on the actor in some of the Security headers received.




was (Author: b.dushanov):
I'm attaching a patch that contains a full blown solution for actor/role.
Rampart now supports configuring inbound and outbound actor.
The support is properly covered with unit and integration tests.

Please note that the solution is backward compatible which means that if no inbound actor
is configured, the RampartEngine will still take the actor from a randomly chosen Security
header.

Do you think that this backward compatibility should stay?

Otherwise Rampart could be more strict and may require an actor to be configured in order
to match on the actor in some of the Security headers received.



> Rampart has no support for handling actor/role attribute in the Security header
> -------------------------------------------------------------------------------
>
>                 Key: RAMPART-426
>                 URL: https://issues.apache.org/jira/browse/RAMPART-426
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.6.2
>            Reporter: Boris Dushanov
>         Attachments: actor.patch
>
>
> According to the WS-Security specification:
> "The <wsse:Security> header block provides a mechanism for attaching security-related
information targeted at a specific recipient in the form of a SOAP actor/role."
> <wsse:Security S11:actor="..." S11:mustUnderstand="..."/>
> Currently, Rampart is far from full support for actor/role.
>  - RampartEngine has a bare support, taking the 'actor' attribute from a random Security
header.In addition, in SOAP 1.2, the 'actor' attribute is renamed to 'role', which is not
handled by the RampartEngine.
>  - Rampart message builders has no support for actor/role. 
>  - Rampart configuration has no support for actor/role also
> WSS4J has support for actor/role and such could easily be added in Rampart.Proper configuration
should be added and actor/role values should be propagated to WSS4J.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message