[
https://issues.apache.org/jira/browse/RAMPART-119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thilina Buddhika updated RAMPART-119:
-------------------------------------
Attachment: RAMPART119.patch
The patch attached herewith fixes this issue. With this fix, when an empty
"SignedParts" element is present, soap body and all message headers targeted
at the UltimateReceiver role are signed.
Thanks.
/ thilina
> Invalid behavior when empty <sp:SignedParts/> element present in the policy
> ---------------------------------------------------------------------------
>
> Key: RAMPART-119
> URL: https://issues.apache.org/jira/browse/RAMPART-119
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Nandana Mihindukulasooriya
> Assignee: Nandana Mihindukulasooriya
> Attachments: RAMPART119.patch
>
>
> According to the ws - security policy specification 1.1 , 5.1.1 Signed Parts
> Assertion
> This assertion specifies the parts of the message that need integrity
> protection. If no child elements are specified, all message headers targeted
> at the UltimateReceiver role [SOAP12] or actor [SOAP11] and the body of the
> message MUST be integrity protected.
> So for an empty signed parts element, we have to sign all the message
> headers. At current we don't sign any header if signed parts element is empty.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
