cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CXF-2244) Server accepts an unsigned message when the policy requires a signed message.
Date Thu, 04 Jun 2009 18:35:07 GMT

    [ https://issues.apache.org/jira/browse/CXF-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12716363#action_12716363
] 

Daniel Kulp commented on CXF-2244:
----------------------------------


Could you attach/include the policy fragment?   That would allow me to test with the actual
policy to debug what/where the issue is occuring.

> Server accepts an unsigned message when the policy requires a signed message.
> -----------------------------------------------------------------------------
>
>                 Key: CXF-2244
>                 URL: https://issues.apache.org/jira/browse/CXF-2244
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.1
>         Environment: java 1.5, MacOS 10.5.7 CXF 2.2.2-SNAPSHOT
>            Reporter: Mary Thompson
>
> A policy is attached to the request message that requires the message body to be signed
and timestamped.
> Due to an error on the client side, a message is sent with a security header and time
stamp but is not signed.
> The server accepts the message anyway.
> The inbound message is:
> INFO: Inbound Message
> ----------------------------
> ID: 1
> Address: /AuthN
> Encoding: UTF-8
> Content-Type: application/soap+xml; action="http://oscars.es.net/OSCARS/AuthN/verifyUser";
charset=UTF-8
> Headers: {Content-Length=[908], Host=[localhost:9090], User-Agent=[Apache CXF 2.2.2-SNAPSHOT],
connection=[keep-alive], Pragma=[no-cache], Content-Type=[application/soap+xml; action="http://oscars.es.net/OSCARS/AuthN/verifyUser";
charset=UTF-8], content-type=[application/soap+xml; action="http://oscars.es.net/OSCARS/AuthN/verifyUser";
charset=UTF-8], Cache-Control=[no-cache], Accept=[*/*]}
> Payload: <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soap:mustUnderstand="true"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-1"><wsu:Created>2009-05-29T06:09:44.894Z</wsu:Created><wsu:Expires>2009-05-29T06:14:44.894Z</wsu:Expires></wsu:Timestamp></wsse:Security></soap:Header><soap:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-1692283"><verifyUserReq xmlns="http://oscars.es.net/OSCARS/AuthN"><login><LoginName>mrthompson</LoginName><Password>foobar</Password></login><DN><SubjectDN>CN=Mary
Thompson, DC=net, DC=es</SubjectDN><IssuerDN>CN=esnetCA, DC=net, DC=es</IssuerDN></DN></verifyUserReq></soap:Body></soap:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message