The exact elements that are equired to be encrypted are not validated
---------------------------------------------------------------------
Key: RAMPART-146
URL: https://issues.apache.org/jira/browse/RAMPART-146
Project: Rampart
Issue Type: Bug
Reporter: Dobri Kitipov
Assignee: Ruchith Udayanga Fernando
Hi everybody,
currently I am researching how Rampart is validating and verifying the secured
artifacts. Let me give you a sample scenario. Let's say we have a WS which
policy defines that a specific <sp:EncryptedElements/> should be encrypted
(corresponding to a given XPath expression). I am interested in understanding
the mechanism that is used to verify that the incoming message has encrypted
exactly that <sp:EncryptedElements/> with the given specific XPath expression,
but not something else.
At the moment seems like we do not validate the exact elements that are
required to be encrypted.
Ruchith commented out:
IMHO we will have to improve the
org.apache.ws.security.processor.ReferenceListProcessor to include the
decrypted element information (in addition to the ref URI) for rampart to be
able to validate the encrypted parts correctly.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
