[
https://issues.apache.org/jira/browse/RAMPART-426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Boris Dushanov updated RAMPART-426:
-----------------------------------
Summary: Rampart has no support for handling actor/role attribute in the
Security header (was: Rampart has no support for handling 'actor' attribute in
the Security header)
> Rampart has no support for handling actor/role attribute in the Security
> header
> -------------------------------------------------------------------------------
>
> Key: RAMPART-426
> URL: https://issues.apache.org/jira/browse/RAMPART-426
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.6.2
> Reporter: Boris Dushanov
>
> According to the WS-Security specification:
> "The <wsse:Security> header block provides a mechanism for attaching
> security-related information targeted at a specific recipient in the form of
> a SOAP actor/role."
> <wsse:Security S11:actor="..." S11:mustUnderstand="..."/>
> Currently, Rampart is far from full support for actor/role.
> - RampartEngine has a bare support, taking the 'actor' attribute from a
> random Security header.In addition, in SOAP 1.2, the 'actor' attribute is
> renamed to 'role', which is not handled by the RampartEngine.
> - Rampart message builders has no support for actor/role.
> - Rampart configuration has no support for actor/role also
> WSS4J has support for actor/role and such could easily be added in
> Rampart.Proper configuration should be added and actor/role values should be
> propagated to WSS4J.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
