In Apache Axis2/Rampart, while generating wsdl and validating policy, is Ws-security Policy 1.2 assertion <sp:NoPassword/> not handled completely?

◇◆丶佛笑我妖孽 提交于 2019-12-08 00:33:22

问题


We are implementing WS-Security Policy on our web services with the following framework/module/specification.

Apache Axis2 1.6.2
Apache Rampart 1.6.2
WS-Security Policy 1.2(namespace:http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702)

We are facing the following issues while creating/consuming the service.

  1. Axis2 wsdl generation logic ignores <sp:NoPassword/> assertion. After debugging,I realized that it is because of the logic in org.apache.ws.secpolicy.model.UsernameToken (rampart-policy-1.6.2.jar) that expects <sp:WssUsernameToken11 /> ( or <sp:WssUsernameToken10 />) to be specified - again when I specify that, the <sp:NoPassword/> is created as child element of <sp:WssUsernameToken11 /> which was causing <sp:NoPassword/> to get ignored on the client (consumer) side.
  2. In the implementation of org.apache.rampart.PolicyBasedResultsValidator/handleSupportingTokens method - NoPassword scenario is not considerd ; hence it always fails saying "org.apache.axis2.AxisFault: UsernameToken missing in request".
  3. On the consumer side, for WS Security policy 1.2 to work, we had to remove rahas-1.6.2.mar from client side rampart repository;there is a JIRA ticket too - https://issues.apache.org/jira/browse/RAMPART-371

Please suggest if I missed something here.

来源:https://stackoverflow.com/questions/18990151/in-apache-axis2-rampart-while-generating-wsdl-and-validating-policy-is-ws-secu

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!