Hi Nandana, I will check on that when I get some time, too. Thanks, Dobri
On Mon, Sep 14, 2009 at 2:40 PM, Nandana Mihindukulasooriya < [email protected]> wrote: > Hi Dobri, > In the isSecHeaderRequired method, there is a logic for checking > supporting tokens. That should cover Username Tokens and any kind of > supporting tokens. But in your policy, your username token is not wrapped > in > any kind of supporting token policy assertion. So my guess is this is > causing the issue. I will dig in this more, if I get some time. Can you > please check on that. > > regards, > Nandana > > On Mon, Sep 14, 2009 at 1:09 PM, Dobri Kitipov < > [email protected] > > wrote: > > > Hi all, > > I have noticed that if I have the following security policy: > > > > see the attachment. > > > > , or Asymmetric binding + timestamp and UsernameToken. IMHO it is a valid > > case to have the above mentioned policy without the timestamp but only > with > > UsernameToken. > > > > The problem is that when RampartEngine.process(MessageContext) is invoked > > then in turn it invokes > RampartUtil.isSecHeaderRequired(RampartPolicyData, > > boolean, boolean) > > > > here we check if the security header is required. And if we have check > for > > the timestamp: > > > > // Checking for time stamp > > if ( rpd.isIncludeTimestamp() ) { > > return true; > > } > > > > We do not have check for the Username token. IMHO we need the same check > > for the Username , too. > > Please, provide me with your comments. I am a little bit confused why > such > > check is not available? > > > > If I am right I can commit the needed changes. > > > > Thanks, > > Dobri > > >
