[
https://issues.apache.org/jira/browse/RAMPART-385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Suresh Attanayake updated RAMPART-385:
--------------------------------------
Attachment: policy-1.2-UT.xml
> Rampart does check username token password (via callback), even though
> "NoPassword" was specified in Security Policy
> --------------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-385
> URL: https://issues.apache.org/jira/browse/RAMPART-385
> Project: Rampart
> Issue Type: Question
> Environment: JBoss 5.1.2
> Axis2 1.6.2
> Rampart/Rahas 1.6.2
> Reporter: Simon Jongsma
> Attachments: policy-1.2-UT.xml, RAMPART-385.patch
>
>
> A Policy was specified on a web service as such:
> <sp:SupportingTokens>
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
> <wsp:Policy>
> <sp:NoPassword/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> If the request contains username token + password in security header, I would
> expect (hope) rampart to ignore
> the password or complain that a password is present (i'm not sure about the
> meaning of NoPassword in this respect).
> Anyway: rampart will go into the password callback and require us to supply
> the value.
> Is this correct?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
