cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris <czbrook...@ybs.co.uk>
Subject I have a wotking fix in the signed/encrypted version now (and thanks Colm)
Date Wed, 15 Oct 2014 10:03:27 GMT
coheigea wrote
> Actually, the UsernameTokenInterceptor (which is used when there is no
> security binding) does not support Nonce + Created. I've added support
> here:
> 
> https://issues.apache.org/jira/browse/CXF-6051
> 
> Colm.

Thanks Colm,
It is also not supported with the encrypred and signed username token policy
(Oracle server with
*oracle/wss10_username_token_with_message_protection_service_policy*).

Again I have a "working fix" to CXF 3.0.1, which I will give here

org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.java

In/ PolicyBasedWSS4JOutInterceptorInternal.public void
handleMessage(SoapMessage message) throws Fault / (at about line 140),
here we assert the "Created" and Nonce if they are present so that they can
be picked up from "aim" later.

 /             ais = getAllAssertionsByLocalname(aim,
SPConstants.SYMMETRIC_BINDING);
                if (!ais.isEmpty()) {
                    for (AssertionInfo ai : ais) {
                        transport = (AbstractBinding)ai.getAssertion();
                        ai.setAsserted(true);
                    }                    
                }
                
                //**************************
                // BEGIN MODIFICATION
                //**************************
                ais = aim.get(SP13Constants.CREATED);
                if (ais != null && !ais.isEmpty()) {
                    for (AssertionInfo ai : ais) {
                    	 ai.setAsserted(true);
                    }                    
                }


                ais = aim.get(SP13Constants.NONCE);
                
                if (ais != null && !ais.isEmpty()) {
                    for (AssertionInfo ai : ais) {
                        ai.setAsserted(true);
                    }                    
                }
                //**************************
                // END MODIFICATION
                //**************************
                
                if (transport == null && isRequestor(message)) {
                    Policy policy = new Policy();
                    transport = new
TransportBinding(org.apache.wss4j.policy.SPConstants.SPVersion.SP11,
                                                     policy);
                }/

org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.java

In /protected void handleUsernameTokenSupportingToken( UsernameToken token,
boolean endorse, boolean encryptedToken, List<SupportingToken> ret ) throws
WSSecurityException/ (around line 596), here we set the properties in the
utBuilder if they are asserted in the "aim":
/
 } else {
        	
            WSSecUsernameToken utBuilder = addUsernameToken(token);
            if (utBuilder != null) {
                
                //***************************
                // Beginning of Modification
                //***************************
                AssertionInfoMap aim = message.get(AssertionInfoMap.class);
                boolean haveNonce = false;
                boolean haveCreated = false;
                
                Collection<AssertionInfo> nonces =
aim.getAssertionInfo(SP13Constants.NONCE);
                for(AssertionInfo nonce: nonces) {
                	if (nonce.isAsserted()) {
                		haveNonce = true;
                	}
                }
                
                Collection<AssertionInfo> createds =
aim.getAssertionInfo(SP13Constants.CREATED);
                for(AssertionInfo created: createds) {
                	if(created.isAsserted()) {
                		haveCreated = true;
                	}
                }
                
                if (haveCreated) {
                	utBuilder.addCreated();
                }
                
                if (haveNonce) {
                	utBuilder.addNonce();
                }
            	
                //***************************
                // End of modification
                //***************************
                utBuilder.prepare(saaj.getSOAPPart());

            	Element e = utBuilder.getUsernameTokenElement();
            	
                //********************************************
                // Beginning of Modification (Logging only)
                //********************************************
            	
            	if(LOG.isLoggable(Level.FINE)) {
	            	Document d = e.getOwnerDocument();
	            	DOMImplementationLS domImplLS = (DOMImplementationLS)
d.getImplementation();
	            	LSSerializer serializer = domImplLS.createLSSerializer();
	            	LOG.fine("Username Token: " + serializer.writeToString(e));
            	}
                //********************************************
                // End of Modification (Logging only)
                //********************************************
            	
                addSupportingElement(utBuilder.getUsernameTokenElement());
                ret.add(new SupportingToken(token, utBuilder));
                
                //WebLogic and WCF always encrypt these/

Also I just wanted to sat thank you for your support to get a "real" fix
info a future release, so hopefully we can use vanilla unpached code in
future.



 





--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749905.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message