This documentation applies to the 8.1 version of BMC Atrium Core, which is in "End of Version Support." You will not be able to leave comments.

To view the latest version, select the version from the Product version menu.

Apache WSS4J modifications

Normally, WSS4J 1.5.8 is included as a part of Apache Rampart 1.5. However, the Apache WSS4J distribution included in the Atrium WAR has been modified in the source code in a few specific areas. The modifications overcome non-compliant behaviors in the formation of wsu:Id attributes during the formation of SOAP responses. WSS4J includes the following changes:

  • org/apache/ws/security/WSSConfig.java — This class from the WSS4J 1.5.8 source distribution. has been modified, compiled into a .class file, and placed into the existing wss4j-1.5.8.jar file in the Rampart 1.5 distribution, replacing the original class file. The class includes the following modification:
    The default implementation of the WsuIdAllocator interface as declared in the static final instance DEFAULT_ID_ALLOCATOR, has been modified to always include the BMC-prefix. If no other prefix is passed in to one of the available methods, that will be the only prefix included. If another prefix is also passed in, it will be included as an additional prefix. For example, if no prefix is passed into a request to generate a wsu:Id value, the value returned will begin with a BMC- prefix and then the generated sequential ID or secure GUID. If, however, ID- were passed in as well, the value returned will begin with a BMC-ID- prefix and then the generated sequential ID or secure GUID. This is to prevent an issue in WSS4J in which some wsu:Id values were being returned beginning with a number, which does not meet the definition as provided in the XSD specification for either the ID type or the NCName type. Functionally this means that all wsu:Id values generated in a SOAP response will begin with the BMC- prefix.
  • org/apache/ws/security/message/WSSSecEncryptedKey.java — This class from the WSS4J 1.5.8 source distribution has been modified, compiled into a .class file, and placed into the existing wss4j-1.5.8.jar file in the Rampart 1.5 distribution, replacing the original class file. The class includes the following modifications:
    • The wsu:Id for the BinarySecurityToken was being generated without a prefix and without the use of the default implementation of the WsuIdAllocator interface as contained in the WSSConfig class. This led to BinarySecurityToken elements containing a wsu:Id that began with a number, which does not meet the definition as provided in the XSD specification for either the ID type or the NCName type. A modification was made to include the prefix BinSecTok- and to generate the ID from the default WsuIdAllocator implementation's security ID generation method. This means that all wsu:Id values generated for a BinarySecurityToken will begin with the prefix BMC-BinSecTok- and then contain the generated secure GUID.
    • The wsu:Id for the EncryptedKey portion of the encryption elements of the SOAP response was being generated without the use of the default implementation of the WsuIdAllocator interface as contained in the WSSConfig class. A modification to generate the ID from the default WsuIdAllocator implementation's security ID generation method using the same prefix that had been previously appended to such values, for example, EncKeyId-. This means that all wsu:Id values generated for the EncryptedKey elements will begin with the prefix BMC-EncKeyId- and then contain the generated secure GUID.

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Comments