cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexandros Karypidis <akary...@yahoo.gr>
Subject Re: WS-Security _DEMANDS_ "target part" be present, breaking WS-RM (Bug?)
Date Fri, 11 Dec 2009 20:51:06 GMT
Ok, thank. I will look at it over the weekend and try to submit a 
test-case/patch.

Daniel Kulp wrote:
> Hmm.....
>
> The only thing I can think of is to subclass the WSS4JOutInterceptor to 
> override a method or two to turn off the ENCRYPTION_PARTS thing if the body 
> contains one of the RM messages.   
>
> You can probably override the the "getString(String key, Object mc)" call to 
> do something like:
>
> if (key.equals(WSHandlerConstants.ENCRYPTION_PARTS)) {
>     SoapMessage m = (SoapMessage)mc;
>     SOAPMessage doc = msg.getContent(SOAPMessage.class);
>     SOAPBody body = doc.getSOAPBody();
>     //check the content of body and return null if RM.....
> }
> return super.getString(key, mc);
>
>
> Dan
>
>
>
>
> On Fri December 11 2009 10:58:10 am Alexandros Karypidis wrote:
>   
>> Hi,
>>
>> SHORT STORY:
>>
>> I need to encrypt an element in my SOAP message. Therefore I configure
>> my sending endpoint as follows:
>>
>> This generally works, but breaks if I enable WS-ReliableMessaging (with
>> a policy in the WSDL). In that case, when trying to send a message the
>> interceptor fails with:
>>
>> 	org.apache.ws.security.WSSecurityException:
>> 		General security error (WSEncryptBody/WSSignEnvelope:
>> 			Element to encrypt/sign not found: {http://messaging/}deliver)
>>
>> Now, apparently this is caused by WS-RM injecting a "CreateSequence"
>> message which does not contain my "target" element. I can see only three
>> ways out of this and I appreciate any help.
>>
>> LONG STORY:
>>
>> My thoughts on getting around this are below, but I need help from
>> someone more knowledgable:
>>
>> 1) I don't know if it's possible to have the WS-Security interceptor be
>> added _before_ the WS-RM interceptor (I assume this would result in WSS
>> "not seeing" RM-injected messages). Although I add the "WSS" interceptor
>> with code, the RM interceptor is added automatically by a policy in the
>> WSDL. I add WSS with:
>>
>>         Map<String, Object> outProps = new HashMap<String, Object>();
>>         WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
>>         // ...
>>         outProps.put(WSHandlerConstants.ENCRYPTION_PARTS,
>> "{Content}{http://messaging/}deliver");
>>         org.apache.cxf.endpoint.Client client =
>> org.apache.cxf.frontend.ClientProxy.getClient(portStub);
>>         org.apache.cxf.endpoint.Endpoint cxfEndpoint =
>>  client.getEndpoint(); cxfEndpoint.getOutInterceptors().add(wssOut);
>>
>> 2) Is it possible to define the "target part" as "optional" so that WSS
>> does not abort when it fails to find the element?
>>
>> 3) Are neither (1) nor (2) possible, in which case I should open a bug
>> report (and start coding)?
>>
>>     
>
>   


Mime
View raw message