[
https://issues.apache.org/jira/browse/RAMPART-426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14497937#comment-14497937
]
Boris Dushanov edited comment on RAMPART-426 at 4/16/15 11:37 AM:
------------------------------------------------------------------
I'm attaching a patch that contains a full blown solution for actor/role.
Rampart now supports configuring inbound and outbound actor.
The support is properly covered with unit and integration tests.
Please note that the solution is backward compatible which means that if no
inbound actor is configured, the RampartEngine will still use the actor(if such
is available) from a randomly chosen Security header.
Do you think that this backward compatibility should stay?
Otherwise Rampart could be more strict and for example may require an actor to
be configured in order to match on the actor in some of the Security headers
received.
was (Author: b.dushanov):
I'm attaching a patch that contains a full blown solution for actor/role.
Rampart now supports configuring inbound and outbound actor.
The support is properly covered with unit and integration tests.
Please note that the solution is backward compatible which means that if no
inbound actor is configured, the RampartEngine will still use the actor(if such
is available) from a randomly chosen Security header.
Do you think that this backward compatibility should stay?
Otherwise Rampart could be more strict and may require an actor to be
configured in order to match on the actor in some of the Security headers
received.
> Rampart has no support for handling actor/role attribute in the Security
> header
> -------------------------------------------------------------------------------
>
> Key: RAMPART-426
> URL: https://issues.apache.org/jira/browse/RAMPART-426
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.6.2
> Reporter: Boris Dushanov
> Attachments: actor.patch
>
>
> According to the WS-Security specification:
> "The <wsse:Security> header block provides a mechanism for attaching
> security-related information targeted at a specific recipient in the form of
> a SOAP actor/role."
> <wsse:Security S11:actor="..." S11:mustUnderstand="..."/>
> Currently, Rampart is far from full support for actor/role.
> - RampartEngine has a bare support, taking the 'actor' attribute from a
> random Security header.In addition, in SOAP 1.2, the 'actor' attribute is
> renamed to 'role', which is not handled by the RampartEngine.
> - Rampart message builders has no support for actor/role.
> - Rampart configuration has no support for actor/role also
> WSS4J has support for actor/role and such could easily be added in
> Rampart.Proper configuration should be added and actor/role values should be
> propagated to WSS4J.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
