HttpsToken serializer does not support ws-securitypolicy 1.2
------------------------------------------------------------
Key: RAMPART-169
URL: https://issues.apache.org/jira/browse/RAMPART-169
Project: Rampart
Issue Type: Bug
Components: rampart-policy
Affects Versions: 1.3
Environment: any
Reporter: Stefan Vladov
Assignee: Ruchith Udayanga Fernando
Priority: Minor
Fix For: 1.4
org.apache.ws.secpolicy.model.HttpsToken will always serialize the
RequireClientCertificate as specified in ws-securitypolicy, i.e. as an
attribute on the HttpsToken element. However as of ws-securitypolicy 1.2 it
should be specified as:
<sp:HttpsToken>
<wsp:Policy>
<sp:RequireClientCertificate/>
</wsp:Policy>
</sp:HttpsToken>
Notably the token builder for the ws-securitypolicy 1.2 works correctly and
deserializes the token as specified in version 1.2 of the spec.
Additionally, since rampart claims ws-securitypolicy 1.2 support shouldn't it
also consider the other two available elements for the HttpsToken, namely:
<sp:HttpBasicAuthentication />
<sp:HttpDigestAuthentication />
Although these are not handled by rampart, they could be used for policy
validation.
Should I supply a diff?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
