cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris <czbrook...@ybs.co.uk>
Subject Current situation: CXF client send nonce and timestamp
Date Tue, 14 Oct 2014 13:12:26 GMT
I have not yet been able to build a simple test case, but it seems clear that
the <sp13:Created /> and 
<sp13:Nonce /> elements are ignored in the client code. As I mentioned in a 
previous message
<http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749800.html>
 
these are being read correctly  by the 

 AssertionInfoMap aim = message.get(AssertionInfoMap.class); 

at the beginning of
  protected UsernameToken assertTokens(SoapMessage message, String
localname, boolean signed) 

in org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor

but not being returned in the token produced by that method.

Meanwhile I came up with a "fix" by modifying the UsernameTokenInterceptor:

/    protected void addToken(SoapMessage message) {
        UsernameToken tok = assertTokens(message);

        Header h = findSecurityHeader(message, true);
        WSSecUsernameToken utBuilder = 
            addUsernameToken(message, tok);
        if (utBuilder == null) {
            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
            Collection<AssertionInfo> ais = 
                getAllAssertionsByLocalname(aim,
SPConstants.USERNAME_TOKEN);
            for (AssertionInfo ai : ais) {
                if (ai.isAsserted()) {
                    ai.setAsserted(false);
                }
            }
            return;
        }
        
        //***************************
        // Beginning of Modification
        //***************************
        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
        boolean haveNonce = false;
        boolean haveCreated = false;
        
        Collection<AssertionInfo> nonces =
aim.getAssertionInfo(SP13Constants.NONCE);
        for(AssertionInfo nonce: nonces) {
        	if (nonce.isAsserted()) {
        		haveNonce = true;
        	}
        	
        }
        
        Collection<AssertionInfo> createds =
aim.getAssertionInfo(SP13Constants.CREATED);
        for(AssertionInfo created: createds) {
        	if(created.isAsserted()) {
        		haveCreated = true;
        	}
        }
        
        if (haveCreated) {
        	utBuilder.addCreated();
        }
        
        if (haveNonce) {
        	utBuilder.addNonce();
        }
        
        //***************************
        // End of modification
        //***************************
        
        Element el = (Element)h.getObject();
        utBuilder.prepare(el.getOwnerDocument());
        el.appendChild(utBuilder.getUsernameTokenElement());
    }
/


So I thought "all well and good" and then tried the username token with
message protection only to find that it uses a totally different class to
generate the embedded username token, and the changed code is not called! As
soon as I set the server to "created time and nonce required" it fails! This
also appears to be much more complex processing so finding where to fix the
code is a little difficult.

BTW I know that my "fix" is probably not the right way to do it, fixing the
underlying code to produce the correct values in the token, then passing
that through to the builder looked like much to much work within our
timescales






--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749873.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message