cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Wulff <owu...@talend.com>
Subject TransformOutInterceptor removes WS-Addressing prefix
Date Thu, 01 Mar 2012 08:15:19 GMT
Hi there



I've configured the TransformOutInterceptor in the STS to support the old WS-Trust standard:



        <bean id="transformerOut"
                class="org.apache.cxf.interceptor.transform.TransformOutInterceptor">
                <property name="outTransformElements">
                        <map>
                               <entry key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*"
 value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" />
                        </map>
                </property>
        </bean>

For some reason, the transform interceptor removed the wsa ns prefix in the AppliesTo and
thus becomes invalid xml.



I've tested this with soapUI. Here is the incoming request and the returned response. Any
ideas?



request:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Header>
      <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-1">
            <wsse:Username>alice</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soap:Header>
   <soap:Body>
      <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
         <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</wst:KeyType>
         <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
         <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
         <wsp:AppliesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">
            <wsa:EndpointReference>
               <wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
            </wsa:EndpointReference>
         </wsp:AppliesTo>
         <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
            <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
            <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
            <ic:ClaimType Optional="false" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
         </wst:Claims>
      </wst:RequestSecurityToken>
   </soap:Body>
</soap:Envelope>





response:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header/><soap:Body><ns2:RequestSecurityTokenResponseCollection
xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200802" xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:ns5="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ns2:RequestSecurityTokenResponse><ns2:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns2:TokenType><ns2:RequestedSecurityToken><saml1:Assertion
xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AssertionID="_B89DBAA8B9BDD6399413305878132971"
IssueInstant="2012-03-01T07:43:33.229Z" Issuer="STS SOA LAB" MajorVersion="1" MinorVersion="1"
xsi:type="saml1:AssertionType"><saml1:Conditions NotBefore="2012-03-01T07:43:33.308Z"
NotOnOrAfter="2012-03-01T07:48:33.308Z"><saml1:AudienceRestrictionCondition><saml1:Audience>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="http://cxf.apache.org/sts">alice</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute
AttributeName="givenname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue
xsi:type="xs:string">Oliver</saml1:AttributeValue></saml1:Attribute><saml1:Attribute
AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue
xsi:type="xs:string">Wulff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute
AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml1:AttributeValue
xsi:type="xs:string">oliver.wulff@example.com</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#_B89DBAA8B9BDD6399413305878132971"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8dPFtAoJ5fLMAfm4YN4Ifh3fhmE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nCTcCczlbcJgDU5MTicRQnVv1xHVW7X6pYepQE54MNRFSBzF1aSvHp9+1IfJbBaQnOT1yn1WtQ4eJdyld8PXSF6PDjSVsftx5/ADBPYyndRx4JX64z5bu5ih9jiURLCDLoEn9G3gJJgN7DH56XzFxb9FHAXo3mDqSAOKuxM5/zc=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIHHDCCBQSgAwIBAgIKbaKC4wABAADlMjANBgkqhkiG9w0BAQUFADBlMRQwEgYKCZImiZPyLGQB
GRYEY29ycDEWMBQGCgmSJomT8ixkARkWBnp1cmljaDEUMBIGCgmSJomT8ixkARkWBGVtZWExHzAd
BgNVBAMTFlp1cmljaCBJc3N1aW5nIENBIE5vIDEwHhcNMTEwOTEzMTQxNTIyWhcNMTMwOTAyMTQx
NTIyWjB5MQswCQYDVQQGEwJDSDEiMCAGA1UEChMZWnVyaWNoIEZpbmFuY2lhbCBTZXJ2aWNlczEM
MAoGA1UECxMDTEFCMRAwDgYDVQQDEwdTVFMgR0FEMSYwJAYJKoZIhvcNAQkBFhdtYXJnby5jcm9u
aW5AenVyaWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwFKcP+zd9SG/xsrhV8F4
WzE+DC3VXB8c2litGplYg67WzHbGvleJltii1Vm6NHKfQG5Aet+UvePe4P+YsmvsnzpoJ/grsst+
+b4qkzMaxPFwhDG2kg+XY9j3UGF2J99gi8lIx6r2q7muUcimNy8TOLMjwUI7nrvclQrpqSKpEa0C
AwEAAaOCAzwwggM4MAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUmNwtKqKWcJ/Rk3H+xkubksvejAcw
HwYDVR0jBBgwFoAUYsbQkZrdQYEgA79rNBwTKCp12FowggEiBgNVHR8EggEZMIIBFTCCARGgggEN
oIIBCYaBx2xkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIwTm8lMjAxLENOPWNlcGtp
MDAwMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29u
ZmlndXJhdGlvbixEQz16dXJpY2gsREM9Y29ycD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jh
c2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGPWh0dHA6Ly9wa2kuenVyaWNoLmNv
bS9aSUNBL1p1cmljaCUyMElzc3VpbmclMjBDQSUyME5vJTIwMS5jcmwwggE7BggrBgEFBQcBAQSC
AS0wggEpMIG9BggrBgEFBQcwAoaBsGxkYXA6Ly8vQ049WnVyaWNoJTIwSXNzdWluZyUyMENBJTIw
Tm8lMjAxLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D
b25maWd1cmF0aW9uLERDPXp1cmljaCxEQz1jb3JwP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RD
bGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MGcGCCsGAQUFBzAChltodHRwOi8vcGtpLnp1cmlj
aC5jb20vWklDQS9jZXBraTAwMDEuZW1lYS56dXJpY2guY29ycF9adXJpY2glMjBJc3N1aW5nJTIw
Q0ElMjBObyUyMDEoMSkuY3J0MDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIaqzXqHyZwAgf2J
LYH05mWH9M5IYoTSkQDyr2gCAWQCAQ8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCcG
CSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggIB
AIKfuo0p023qrM6n4+fNihfJ1xnZO1zes4uomPkj4OK97JQc3RDP/oymC4bPwN+20dmF+N7ng+Er
3yZQ6Wwgr9UvGJuEBU8GtU3QU57X/TAsmVK9fvw0pkcrbqJo8/UVRfMB/Q16+xTdRB65ROmbCqhE
fZgv7xLjJjcjBwUMP7ZvxNr3cibvDrNDHu/r5sUwlUZZemmg0e/Z8ytBDS1cMiE8z7aVzFMTzzHC
vNS+czY11yMXsh0TqZEzIfESCGx71xnMgTekvo+0vx5z7BFAfD8J5svVdcEAuD/h5pjyQJWssrvm
mdudn6VDl00mP24DvU5H2g2P5LoMSLp2JpgXUNd155nd3c+RwaKCYpUtIabkth0/bpueIg8P8bG/
A1rTp/KQ0QwKe6ZUK44aWBeNcxoXsvedyxUqSInO2uwKHbN/K8qXwMCRDnvPCuCkP0TyOzn4xhmC
amnBdGPKbX61B3wmJWehxrhLPmvg00LvY+LHHJ7WxQ4G5cQv+11flYrqpF21aC9gNqNTqd/Lf9Z0
dZ3Jj6G7IkBmT/dIXBofi+XKq6xn4CiK/OUsR89T62tHdUu113+wCQKdd58AxKHYm48L58+LWnmQ
SWDspTToK2g0B8/EPDfMhiuRfchgViWpp4zvAvZPUzPJSzxkvkTD3zBeaBZFYDq6cgIbGe5g3H5j</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml1:Assertion></ns2:RequestedSecurityToken><ns2:RequestedAttachedReference><ns4:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">#_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedAttachedReference><ns2:RequestedUnattachedReference><ns4:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"><ns4:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_B89DBAA8B9BDD6399413305878132971</ns4:KeyIdentifier></ns4:SecurityTokenReference></ns2:RequestedUnattachedReference><wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference><wsa:Address>https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf</wsa:Address>
            </wsa:EndpointReference>
         </wsp:AppliesTo><ns2:Lifetime><ns3:Created>2012-03-01T07:43:33.435Z</ns3:Created><ns3:Expires>2012-03-01T07:48:33.435Z</ns3:Expires></ns2:Lifetime></ns2:RequestSecurityTokenResponse></ns2:RequestSecurityTokenResponseCollection></soap:Body></soap:Envelope>





------

Oliver Wulff

http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
Talend Application Integration Division http://www.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message