cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <oddbjorn.heim...@accenture.com>
Subject RE: Mustunderstand hardcodes = true in PolicyBasedWSS4JOutInterceptor
Date Fri, 14 Jun 2013 13:11:24 GMT
Hi,

I have submitted a patch to the jira issue, CXF-5079, and  we have verified the solution in
our environment.

Do we require a unit test and if so - any ideas on how this should be done?

It also seems like SOAP actor is hardcoded, maybe we should consider a similar patch for this
as well?

Best regards,

/Oddbjørn

___________________________________________________________________________________________
Oddbjørn Heimdal
Accenture Technology Consulting -  Security
Snarøyveien 30, P.O. Box 363, 1326 Lysaker, Norway
Mobile: +47 99 72 19 12
Email: oddbjorn.heimdal@accenture.com

-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: 13. June 2013 17:07
To: dev@cxf.apache.org
Subject: Re: Mustunderstand hardcodes = true in PolicyBasedWSS4JOutInterceptor

Yes, please submit a patch for this.

Colm.


On Thu, Jun 13, 2013 at 3:53 PM, <oddbjorn.heimdal@accenture.com> wrote:

> Hi,
>
> We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard
> codes mustUnderstand = true (line 99). This is configurable in the
> WSS4JOutInterceptor today, but not when using policy.
>
>         public void handleMessage(SoapMessage message) throws Fault {
>             Collection<AssertionInfo> ais;
>             SOAPMessage saaj = message.getContent(SOAPMessage.class);
>
>             boolean mustUnderstand = true;
>             String actor = null;
>
> Obviously this makes sense in most cases, but we have some
> intermediaries which do not understand security...
>
> Would you accept a patch to have this configurable, for instance by
> creating a new property in SecurityConstants (for instance
> ws-security.mustsunderstand) and default to true?
>
> Best regards,
>
> Oddbjørn
>
> ______________________________________________________________________
> _____________________
> Oddbjørn Heimdal
> Accenture Technology Consulting -  Security Snarøyveien 30, P.O. Box
> 363, 1326 Lysaker, Norway
> Mobile: +47 99 72 19 12
> Email: oddbjorn.heimdal@accenture.com<mailto:
> oddbjorn.heimdal@accenture.com>
>
>
> ________________________________
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you
> have received it in error, please notify the sender immediately and
> delete the original. Any other use of the e-mail by you is prohibited.
>
> Where allowed by local law, electronic communications with Accenture
> and its affiliates, including e-mail and instant messaging (including
> content), may be scanned by our systems for the purposes of
> information security and assessment of internal compliance with Accenture policy.
>
>
> ______________________________________________________________________
> ________________
>
> www.accenture.com
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

This message is for the designated recipient only and may contain privileged, proprietary,
or otherwise confidential information. If you have received it in error, please notify the
sender immediately and delete the original. Any other use of the e-mail by you is prohibited.

Where allowed by local law, electronic communications with Accenture and its affiliates, including
e-mail and instant messaging (including content), may be scanned by our systems for the purposes
of information security and assessment of internal compliance with Accenture policy.

______________________________________________________________________________________

www.accenture.com


Mime
View raw message