Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 461A298E2 for ; Thu, 1 Mar 2012 13:17:14 +0000 (UTC) Received: (qmail 20518 invoked by uid 500); 1 Mar 2012 13:17:13 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 20469 invoked by uid 500); 1 Mar 2012 13:17:13 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 20458 invoked by uid 99); 1 Mar 2012 13:17:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Mar 2012 13:17:13 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sberyozkin@gmail.com designates 209.85.214.41 as permitted sender) Received: from [209.85.214.41] (HELO mail-bk0-f41.google.com) (209.85.214.41) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Mar 2012 13:17:07 +0000 Received: by bkwq16 with SMTP id q16so592492bkw.0 for ; Thu, 01 Mar 2012 05:16:46 -0800 (PST) Received-SPF: pass (google.com: domain of sberyozkin@gmail.com designates 10.204.152.75 as permitted sender) client-ip=10.204.152.75; Authentication-Results: mr.google.com; spf=pass (google.com: domain of sberyozkin@gmail.com designates 10.204.152.75 as permitted sender) smtp.mail=sberyozkin@gmail.com; dkim=pass header.i=sberyozkin@gmail.com Received: from mr.google.com ([10.204.152.75]) by 10.204.152.75 with SMTP id f11mr2544358bkw.127.1330607806162 (num_hops = 1); Thu, 01 Mar 2012 05:16:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=wiTH17/uEpiEJauT5FYqc/NQM6R2FsTTVc+mlq/wvP4=; b=r1RjA98M2EEzG6J84NFmKYmHJhMxQZwILR2ZdaEn4cs0rpT6bCZ/SDaKU+c7aoCool EhKwB+c6iuE7VMKeSsb+GAnRk1gmuxlISdlfw3naOz+APuvryAChxP4xnA+/F12AOIP3 sWHXdZZubPi6xaaiHglKJ2l1dC3rYX1x1+OR4= Received: by 10.204.152.75 with SMTP id f11mr2035125bkw.127.1330607806045; Thu, 01 Mar 2012 05:16:46 -0800 (PST) Received: from [10.36.226.4] ([217.173.99.61]) by mx.google.com with ESMTPS id jc4sm3509144bkc.7.2012.03.01.05.16.45 (version=SSLv3 cipher=OTHER); Thu, 01 Mar 2012 05:16:45 -0800 (PST) Message-ID: <4F4F76BC.30106@gmail.com> Date: Thu, 01 Mar 2012 13:16:44 +0000 From: Sergey Beryozkin User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11 MIME-Version: 1.0 To: Aki Yoshida CC: users@cxf.apache.org, Oliver Wulff Subject: Re: TransformOutInterceptor removes WS-Addressing prefix References: <79AB4452999C844D9920E03635332731116111@S10BE002.SH10.lan> <4F4F71F4.7040902@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Hi Aki On 01/03/12 13:08, Aki Yoshida wrote: > Hi Oli, Sergey, > there seems to be indeed some bug that causes the transformer to choke > on the addressing namespace. A very weird one because it only chokes > on the 2005/08 namespace and not the old 2004/08 namespace :-). > I could verify this strange behavior. > real strange :-) > @Sergey, > the message marked as the response in Oli's original mail can be used > as the input to the transformer. I can look into it sometime today > (unless you have already an idea or want to look into it later. let me > know). Please have a look as you've already spent some time on the issue - will be happy to back up if you'll have to deal with something else of the higher priority :-) Thanks, Sergey > > > regards, aki > > 2012/3/1 Sergey Beryozkin: >> Hi Oli, >> >> >> On 01/03/12 08:15, Oliver Wulff wrote: >>> >>> Hi there >>> >>> >>> >>> I've configured the TransformOutInterceptor in the STS to support the old >>> WS-Trust standard: >>> >>> >>> >>> >> >>> class="org.apache.cxf.interceptor.transform.TransformOutInterceptor"> >>> >>> >>> >> key="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}*" >>> value="{http://schemas.xmlsoap.org/ws/2005/02/trust}*" /> >>> >>> >>> >>> >>> For some reason, the transform interceptor removed the wsa ns prefix in >>> the AppliesTo and thus becomes invalid xml. >>> >>> >>> >>> I've tested this with soapUI. Here is the incoming request and the >>> returned response. Any ideas? >>> >>> >>> >>> request: >>> >>> >>> >>> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> >>> >>> alice >>> >> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password >>> >>> >>> >>> >>> >> xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" >>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> >>> >>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer >>> >>> http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 >>> >>> http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue >>> >>> >>> >>> https://nssstg1.msvcs.example.com/FIM/sps/spwsfstd/wsf >>> >>> >>> >> Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" >>> xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity"> >>> >> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/> >>> >> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/> >>> >> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/> >>> >>> >>> >>> >>> >>> >> >> is the above the way it should like ? How do the original and the broken >> payloads look like, which is what I believe Aki is asking too ? >> Please provide at least the original payload... >> >> Cheers, Sergey