cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <gma...@talend.com>
Subject Re: Regression with UT over HTTPS on 2.6.1
Date Tue, 29 May 2012 18:33:04 GMT
No, I believe Colm was rather clear that a new ws:Policy element needs 
to be added as a child element of the sp:HttpsToken (if you break it up 
into two parts: <sp:HttpsToken> and </sp:HttpsToken> it might be clearer 
for you.)   Not as a sibling element to the <sp:HttpsToken/> as you have 
it below.

Glen


On 05/29/2012 12:46 PM, COURTAULT Francois wrote:
> Resending ...
>
> -----Original Message-----
> From: COURTAULT Francois [mailto:Francois.COURTAULT@gemalto.com]
> Sent: lundi 28 mai 2012 19:36
> To: coheigea@apache.org
> Cc: users@cxf.apache.org
> Subject: RE: Regression with UT over HTTPS on 2.6.1
>
> Hello,
>
> Sorry, you mean that in the policy file, I should have
>        <sp:TransportToken>
>          <wsp:Policy>
>            <sp:HttpsToken/>
>               <wsp:Policy/>
>          </wsp:Policy>
>        </sp:TransportToken>
>
> Instead of:
>        <sp:TransportToken>
>          <wsp:Policy>
>            <sp:HttpsToken/>
>          </wsp:Policy>
>        </sp:TransportToken>
>
> Right ?
>
> Best Regards.
>
> From: COURTAULT Francois
> Sent: lundi 28 mai 2012 17:25
> To: 'coheigea@apache.org'
> Cc: users@cxf.apache.org
> Subject: RE: Regression with UT over HTTPS on 2.6.1
>
> Hello,
>
> But there is one in the policy I have sent to you.
> Extract:
>       <sp:TransportToken>
>          <wsp:Policy>
>            <sp:HttpsToken/>
>            </wsp:Policy>
>        </sp:TransportToken>
>
> So what's wrong ?
>
> Best Regards.
>
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: lundi 28 mai 2012 17:19
> To: COURTAULT Francois
> Cc: users@cxf.apache.org<mailto:users@cxf.apache.org>
> Subject: Re: Regression with UT over HTTPS on 2.6.1
>
> wsp:Policy is still required by the following fragment:
>
> <wsp:Policy xmlns:wsp="...">
>     (
>       <sp:HttpBasicAuthentication />  |
>       <sp:HttpDigestAuthentication />  |
>       <sp:RequireClientCertificate />  |
>       ...
>     )?
>
> the "?" refers to the children of the Policy. So HttpsToken must still have a<wsp:Policy>
 child element, the fact that the children are all optional is irrelevant.
>
> Colm.
> On Mon, May 28, 2012 at 3:32 PM, COURTAULT Francois<Francois.COURTAULT@gemalto.com<mailto:Francois.COURTAULT@gemalto.com>>
 wrote:
> Hello,
>
> I don't read the spec the same way than you, sorry.
>
> The spec says:
> <sp:HttpsToken xmlns:sp="..." ...>
>   (
>
>     <sp:Issuer>wsa:EndpointReferenceType</sp:Issuer>  |
>
>     <sp:IssuerName>xs:anyURI</sp:IssuerName>
>
>   ) ?
>
>   <wst:Claims Dialect="...">  ...</wst:Claims>  ?
>
>   <wsp:Policy xmlns:wsp="...">
>     (
>       <sp:HttpBasicAuthentication />  |
>       <sp:HttpDigestAuthentication />  |
>       <sp:RequireClientCertificate />  |
>       ...
>     )?
>     ...
>   </wsp:Policy>
>   ...
> </sp:HttpsToken>
>
> And "?" means 0 or 1
> So, according to me, you can have<sp:HttpsToken.... with an empty<wsp:Policy />
 policy.
> More, the spec that:
>     - /sp:HttpsToken/wsp:Policy/sp:HttpBasicAuthentication is OPTIONAL
>     - /sp:HttpsToken/wsp:Policy/sp:HttpDigestAuthentication is OPTIONAL
>     - /sp:HttpsToken/wsp:Policy/sp:RequireClientCertificate is OPTIONAL Which is coherent
with the ?
>
> So ??????
>
> Best Regards.
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org<mailto:coheigea@apache.org>]
> Sent: lundi 28 mai 2012 15:39
> To: COURTAULT Francois
> Cc: users@cxf.apache.org<mailto:users@cxf.apache.org>
> Subject: Re: Regression with UT over HTTPS on 2.6.1
>
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/os/ws-securitypolicy-1.3-spec-os.html
>
> "sp:HttpsToken/wsp:Policy
>
> This REQUIRED element identifies additional requirements for use of the sp:HttpsToken
assertion."
>
> Colm.
>
>
> On Mon, May 28, 2012 at 2:33 PM, COURTAULT Francois<  Francois.COURTAULT@gemalto.com<mailto:Francois.COURTAULT@gemalto.com>>
 wrote:
>
>> Hello,
>>
>> This means that the policy I have attached is not compliant: right?
>> Could you give me please a pointer or the spec paragraph which
>> specifies this ?
>>
>> Best Regards.
>>
>> -----Original Message-----
>> From: Colm O hEigeartaigh
>> [mailto:coheigea@apache.org<mailto:coheigea@apache.org>]
>> Sent: lundi 28 mai 2012 15:18
>> To: users@cxf.apache.org<mailto:users@cxf.apache.org>
>> Subject: Re: Regression with UT over HTTPS on 2.6.1
>>
>> It's not a regression, but a stricter enforcement of the
>> WS-SecurityPolicy spec. You need to add a "<wsp:Policy/>" child to the
>> sp:HttpsToken element to be compliant.
>>
>> Colm.
>>
>> On Mon, May 28, 2012 at 1:12 PM, COURTAULT Francois<
>> Francois.COURTAULT@gemalto.com<mailto:Francois.COURTAULT@gemalto.com>> 
wrote:
>>
>>> Hello,****
>>>
>>> ** **
>>>
>>> With the same WSS policy used, attached,  at server side, I got this
>> error:
>>> ****
>>>
>>> 28 mai 2012 14:08:43
>>> org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyPro
>>> vi
>>> der
>>> getElementPolicy****
>>>
>>> ATTENTION: Failed to build the policy
>>> 'Wssp1.2-2007-Https-UsernameToken-Plain.xml':sp:HttpsToken/wsp:Polic
>>> y
>>> must have a value****
>>>
>>> Exception in thread "main" *javax.xml.ws.soap.SOAPFaultException*:
>>> sp:HttpsToken/wsp:Policy must have a value****
>>>
>>> whereas I didn't get any error on 2.5.4.****
>>>
>>> ** **
>>>
>>> Do I have to enter an issue in CXF 2.6.1 ?****
>>>
>>> ** **
>>>
>>> Best Regards.****
>>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com


-- 
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza


Mime
View raw message