Username token processing not complete/correct?

Mon, 14 Sep 2009 04:10:22 -0700 

Hi all,
I have noticed that if I have the following security policy:

   see the attachment.

, or Asymmetric binding + timestamp and UsernameToken. IMHO it is a valid
case to have the above mentioned policy without the timestamp but only with
UsernameToken.

The problem is that when RampartEngine.process(MessageContext) is invoked
then in turn it invokes RampartUtil.isSecHeaderRequired(RampartPolicyData,
boolean, boolean)

here we check if the security header is required. And if we have check for
the timestamp:

        // Checking for time stamp
        if ( rpd.isIncludeTimestamp() ) {
            return true;
        }

We do not have check for the Username token. IMHO we need the same check for
the Username , too.
Please, provide me with your comments. I am a little bit confused why such
check is not available?

If I am right I can commit the needed changes.

Thanks,
Dobri

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 wsu:Id="AsymBindService">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:AsymmetricBinding 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                    <wsp:Policy>
                        <sp:InitiatorToken>
                            <wsp:Policy>
                                <sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
                                    <wsp:Policy>
                                        <sp:WssX509V3Token10/>
                                    </wsp:Policy>
                                </sp:X509Token>
                            </wsp:Policy>
                        </sp:InitiatorToken>
                        <sp:RecipientToken>
                            <wsp:Policy>
                                <sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
                                    <wsp:Policy>
                                        <sp:WssX509V3Token10/>
                                    </wsp:Policy>
                                </sp:X509Token>
                            </wsp:Policy>
                        </sp:RecipientToken>
                        <sp:AlgorithmSuite>
                            <wsp:Policy>
                                <sp:TripleDesRsa15/>
                            </wsp:Policy>
                        </sp:AlgorithmSuite>
                        <sp:Layout>
                            <wsp:Policy>
                                <sp:Strict/>
                            </wsp:Policy>
                        </sp:Layout>
                        <sp:IncludeTimestamp />
                    </wsp:Policy>
                </sp:AsymmetricBinding>
                <sp:Wss10 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                    <sp:Policy>
                        <sp:MustSupportRefKeyIdentifier/>
                        <sp:MustSupportRefIssuerSerial/>
                    </sp:Policy>
                </sp:Wss10>
                <sp:UsernameToken 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";
 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
                <wsaws:UsingAddressing 
xmlns:wsaws="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
                <ramp:RampartConfig 
xmlns:ramp="http://ws.apache.org/rampart/policy";>
..........................................................
                </ramp:RampartConfig>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>

Reply via email to