[jira] Commented: (RAMPART-90) Rampart must respond using the applicable WS-Policy even when returning a fault

Fri, 07 Dec 2007 06:33:17 -0800 

    [ 
https://issues.apache.org/jira/browse/RAMPART-90?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12549418
 ] 

Nandana Mihindukulasooriya commented on RAMPART-90:
---------------------------------------------------

This is because rampart currently doesn't secure the messages coming through 
OutFaultFlow and InFaultFlow. Currently axis2 doesn't have a security phase in 
the OutFaultFlow. Security Phase has to introduced in to  <phaseOrder 
type="OutFaultFlow">. Rampart handlers have to registered in the InFaultFlow 
and OutFaultFlow.

Proposed Fix :

Service level errors will be secured using the effective policy of the message 
( in the OutFaultFlow ) and will be validated for effective policy in the ( in 
the InFaultFlow ).
Protocol errors ( errors while processing the security header ) will not be 
secured using the security policy and not validated in the client side.

How security is validated in the InFaultFlow

Fault messages will be checked for security fault codes ( Errors while 
processing security header should be reported with correct fault codes as 
defined in the WSS 1.0 sections 6, Error Handling , we currently doesn't report 
security errors using these fault codes).
If a security fault code is not found in the fault message, it is assumed that 
it is a service level error and validated for effective service policy.



> Rampart must respond using the applicable WS-Policy even when returning a 
> fault
> -------------------------------------------------------------------------------
>
>                 Key: RAMPART-90
>                 URL: https://issues.apache.org/jira/browse/RAMPART-90
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.3
>            Reporter: Asankha C. Perera
>
> Ref: 
> http://mail-archives.apache.org/mod_mbox/ws-synapse-dev/200709.mbox/[EMAIL 
> PROTECTED]
> When the CallbackHandler fails, the response to a timestamped request is 
> inconsistent:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
>    <soapenv:Body>
>       <soapenv:Fault>
>          <faultcode>soapenv:Server</faultcode>
>          <faultstring>The security token could not be authenticated or
> authorized</faultstring>
>          <detail/>
>       </soapenv:Fault>
>    </soapenv:Body>
> </soapenv:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to