[jira] Created: (RAMPART-299) Rampart ignores BootstrapPolicy settings in message exchange with WS-SecureConversation STS

Thu, 10 Jun 2010 00:03:44 -0700 

Rampart ignores BootstrapPolicy settings in message exchange with 
WS-SecureConversation STS
-------------------------------------------------------------------------------------------

                 Key: RAMPART-299
                 URL: https://issues.apache.org/jira/browse/RAMPART-299
             Project: Rampart
          Issue Type: Bug
          Components: rampart-trust
    Affects Versions: 1.5
            Reporter: Dennis Sosnoski
            Assignee: Ruchith Udayanga Fernando


I'm running some WS-SecureConversation tests with Axis2 1.5.1 and Rampart 1.5, 
and saw that Rampart is using the http://schemas.xmlsoap.org/ws/2005/02/trust 
namespace and actions for the request to the STS, along with the 
http://schemas.xmlsoap.org/ws/2004/08/addressing WS-Addressing and 
http://schemas.xmlsoap.org/ws/2005/02/sc WS-SecureConversation versions. How 
can I set Rampart to use the newer versions of these standards?

I'm using WS-SecurityPolicy 1.2, and have <sp:Trust13> and 
<wsap:UsingAddressing xmlns="http://www.w3.org/2006/05/wsdl"/> tokens included 
in the policy, so Rampart appears to be ignoring the policy and just going with 
defaults for the request. I've also tried *not* specifying 
<wsap:UsingAddressing>, and Rampart still adds addressing headers in that case.

I did see that there's some logic in RampartMessageData to set namespace 
versions from properties in the message context, but that logic appears flawed 
(lines 168-178):

           //Extract known properties from the msgCtx
                     if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
               this.wstVersion = 
TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
           }
                     if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
               this.secConvVersion = 
TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
           }

Note that this is calling TrustUtil.getWSTVersion() for both the WS-Trust and 
the WS-SecureConversation version, so you'd have to use the WS-Trust namespaces 
as values of the wscVersion property in order for this to work. Worse, though, 
is that it looks like the options set on the original Client are not passed in 
to the STSClient used by Rampart for the STS request, so I don't see any way of 
setting the properties for the STSClient from my application code.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to