cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alessio Soldano (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4789) EndorsingSupportingTokens do not respect ProtectTokens assertion from paired binding policy
Date Thu, 07 Feb 2013 14:13:13 GMT

    [ https://issues.apache.org/jira/browse/CXF-4789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13573518#comment-13573518
] 

Alessio Soldano commented on CXF-4789:
--------------------------------------

In order for fixing this issue, the WSS-421 fix needs to be included. Moreover the following
patch is also required to allow validating the incoming message on server side:

{code}
Index: src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
===================================================================
--- src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
(revision 1442960)
+++ src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
(working copy)
@@ -539,7 +539,7 @@
                 CastUtils.cast((List<?>)signedResult.get(
                     WSSecurityEngineResult.TAG_DATA_REF_URIS
                 ));
-            if (sl != null && sl.size() == 1) {
+            if (sl != null && sl.size() >= 1) {
                 for (WSDataRef dataRef : sl) {
                     QName signedQName = dataRef.getName();
                     if (WSSecurityEngine.SIGNATURE.equals(signedQName)
{code}
                
> EndorsingSupportingTokens do not respect ProtectTokens assertion from paired binding
policy 
> --------------------------------------------------------------------------------------------
>
>                 Key: CXF-4789
>                 URL: https://issues.apache.org/jira/browse/CXF-4789
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.4.8
>            Reporter: Alessio Soldano
>
> I've a wsdl containing both a SymmetricBinding and an EndorsingSupportingTokens policies.
The binding one specifies ProtectTokens assertion. As a consequence as per WS-SecurityPolicy
1.2 Section 8.9, the signature for the endorsing supporting token should sign both the first
signature and the endorsing token, while it seems the latter is currently not covered.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message