[
https://issues.apache.org/jira/browse/RAMPART-189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nandana Mihindukulasooriya updated RAMPART-189:
-----------------------------------------------
Fix Version/s: 1.5
> WS-Security rampart uses wrong token in service response
> --------------------------------------------------------
>
> Key: RAMPART-189
> URL: https://issues.apache.org/jira/browse/RAMPART-189
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core, rampart-policy
> Affects Versions: 1.4
> Reporter: Gary Snider
> Assignee: Ruchith Udayanga Fernando
> Priority: Critical
> Fix For: 1.5
>
>
> In rampart 1.4:
> AsymmetricBindingBuilder.doSignBeforeEncrypt line 457:
> Token encrToken = rpd.getRecipientToken();
> The problem is that if this is recipient mode (i.e. service side) then the
> encryption token should be the initiator's token.
> It looks like it's handled correctly in the signature portion. The same
> check should be made for encrypting.
> AsymmetricBindingBuilder.doSignature lines 566-570: This block of code
> checks for the direction and uses the policy token assertion correctly
> if(rmd.isInitiator()) {
> sigToken = rpd.getInitiatorToken();
> } else {
> sigToken = rpd.getRecipientToken();
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
