cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5609) Won't pass verification of explicit WSS Policy AsymmetricBinding -> Layout -> Policy -> Lax
Date Thu, 13 Mar 2014 14:54:42 GMT

    [ https://issues.apache.org/jira/browse/CXF-5609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13933335#comment-13933335
] 

Colm O hEigeartaigh commented on CXF-5609:
------------------------------------------


It may be valid, but that doesn't mean that it needs to be supported :-) Having said that
it's straightforward enough to support, so will fix it.

Colm.

> Won't pass verification of explicit WSS Policy AsymmetricBinding -> Layout -> Policy
-> Lax
> -------------------------------------------------------------------------------------------
>
>                 Key: CXF-5609
>                 URL: https://issues.apache.org/jira/browse/CXF-5609
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.6.13, 2.7.10
>            Reporter: Modestas Vainius
>            Assignee: Colm O hEigeartaigh
>             Fix For: 3.0.0, 2.7.11
>
>
> Hello,
> I can't seem to get CXF WS-* validator to accept a message for service which has <sp:Layout>
<wsp:Policy> <sp:Lax /> policy explicitly defined in the WSDL. Maybe I'm missing
something, but all I get is:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
>    <soap:Body>
>       <soap:Fault>
>          <faultcode>soap:Server</faultcode>
>          <faultstring>These policy alternatives can not be satisfied: 
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout</faultstring>
>       </soap:Fault>
>    </soap:Body>
> </soap:Envelope>
> I did some debugging on the issue and it appears that both org.apache.cxf.ws.security.policy.builders.LayoutBuilder
and org.apache.cxf.ws.security.policy.model.AsymmetricBinding add org.apache.cxf.ws.security.policy.model.Layout
assertions to the expected policy. However org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractBindingPolicyValidator.checkProperties(SymmetricAsymmetricBindingBase,
AssertionInfo, AssertionInfoMap, List<WSSecurityEngineResult>, List<WSSecurityEngineResult>,
Message) successfully asserts only one of Layout instances while another one remains untouched
and causes the failure to occur. If I comment out sp:Layout from WSDL, validation passes since
LayoutBuilder never adds its Layout instance.
> I guess that removing LayoutBuilder would fix the problem but I'm not sure if this is
the right thing to do.
> Relevant excerpt from WSDL:
> <wsp:Policy wsu:Id="SignAndEncrypt"
> 		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> 		xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
> 		wsdl:required="true">
> 		<wsp:ExactlyOne>
> 			<wsp:All>
> 				<sp:AsymmetricBinding>
> 					<wsp:Policy>
> 						<sp:InitiatorToken>
> 							<wsp:Policy>
> 								<sp:X509Token
> 									sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
> 									<wsp:Policy>
> 										<sp:WssX509V3Token10 />
> 									</wsp:Policy>
> 								</sp:X509Token>
> 							</wsp:Policy>
> 						</sp:InitiatorToken>
> 						<sp:RecipientToken>
> 							<wsp:Policy>
> 								<sp:X509Token
> 									sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
> 									<wsp:Policy>
> 										<sp:WssX509V3Token10 />
> 									</wsp:Policy>
> 								</sp:X509Token>
> 							</wsp:Policy>
> 						</sp:RecipientToken>
> 						<sp:AlgorithmSuite>
> 							<wsp:Policy>
> 								<sp:Basic256Rsa15 />
> 								<sp:TripleDesRsa15 />
> 								<sp:Basic128Rsa15 />
> 							</wsp:Policy>
> 						</sp:AlgorithmSuite>
> 						<sp:IncludeTimestamp />
> 						<sp:EncryptSignature />
> 						<sp:OnlySignEntireHeadersAndBody />
> 					</wsp:Policy>
> 				</sp:AsymmetricBinding>
> 				<sp:Wss10>
> 					<wsp:Policy>
> 						<sp:MustSupportRefIssuerSerial />
> 						<sp:MustSupportRefEmbeddedToken />
> 					</wsp:Policy>
> 				</sp:Wss10>
> 				<sp:Layout>
> 					<wsp:Policy>
> 						<sp:Lax />
> 					</wsp:Policy>
> 				</sp:Layout>
> 				<sp:SignedParts>
> 					<sp:Body />
> 					<sp:Header Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
> 					<sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> 				</sp:SignedParts>
> 				<sp:EncryptedParts>
> 					<sp:Body />
> 				</sp:EncryptedParts>
> 			</wsp:All>
> 		</wsp:ExactlyOne>
> 	</wsp:Policy>



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message