cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Mustunderstand hardcodes = true in PolicyBasedWSS4JOutInterceptor
Date Fri, 14 Jun 2013 14:19:52 GMT
I don't think a unit test is needed, as it's just setting a single
attribute. I will take care of the "ACTOR" attribute as part of this task.

Colm.


On Fri, Jun 14, 2013 at 2:11 PM, <oddbjorn.heimdal@accenture.com> wrote:

> Hi,
>
> I have submitted a patch to the jira issue, CXF-5079, and  we have
> verified the solution in our environment.
>
> Do we require a unit test and if so - any ideas on how this should be done?
>
> It also seems like SOAP actor is hardcoded, maybe we should consider a
> similar patch for this as well?
>
> Best regards,
>
> /Oddbjørn
>
>
> ___________________________________________________________________________________________
> Oddbjørn Heimdal
> Accenture Technology Consulting -  Security
> Snarøyveien 30, P.O. Box 363, 1326 Lysaker, Norway
> Mobile: +47 99 72 19 12
> Email: oddbjorn.heimdal@accenture.com
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: 13. June 2013 17:07
> To: dev@cxf.apache.org
> Subject: Re: Mustunderstand hardcodes = true in
> PolicyBasedWSS4JOutInterceptor
>
> Yes, please submit a patch for this.
>
> Colm.
>
>
> On Thu, Jun 13, 2013 at 3:53 PM, <oddbjorn.heimdal@accenture.com> wrote:
>
> > Hi,
> >
> > We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard
> > codes mustUnderstand = true (line 99). This is configurable in the
> > WSS4JOutInterceptor today, but not when using policy.
> >
> >         public void handleMessage(SoapMessage message) throws Fault {
> >             Collection<AssertionInfo> ais;
> >             SOAPMessage saaj = message.getContent(SOAPMessage.class);
> >
> >             boolean mustUnderstand = true;
> >             String actor = null;
> >
> > Obviously this makes sense in most cases, but we have some
> > intermediaries which do not understand security...
> >
> > Would you accept a patch to have this configurable, for instance by
> > creating a new property in SecurityConstants (for instance
> > ws-security.mustsunderstand) and default to true?
> >
> > Best regards,
> >
> > Oddbjørn
> >
> > ______________________________________________________________________
> > _____________________
> > Oddbjørn Heimdal
> > Accenture Technology Consulting -  Security Snarøyveien 30, P.O. Box
> > 363, 1326 Lysaker, Norway
> > Mobile: +47 99 72 19 12
> > Email: oddbjorn.heimdal@accenture.com<mailto:
> > oddbjorn.heimdal@accenture.com>
> >
> >
> > ________________________________
> > This message is for the designated recipient only and may contain
> > privileged, proprietary, or otherwise confidential information. If you
> > have received it in error, please notify the sender immediately and
> > delete the original. Any other use of the e-mail by you is prohibited.
> >
> > Where allowed by local law, electronic communications with Accenture
> > and its affiliates, including e-mail and instant messaging (including
> > content), may be scanned by our systems for the purposes of
> > information security and assessment of internal compliance with
> Accenture policy.
> >
> >
> > ______________________________________________________________________
> > ________________
> >
> > www.accenture.com
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited.
>
> Where allowed by local law, electronic communications with Accenture and
> its affiliates, including e-mail and instant messaging (including content),
> may be scanned by our systems for the purposes of information security and
> assessment of internal compliance with Accenture policy.
>
>
> ______________________________________________________________________________________
>
> www.accenture.com
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message