[jira] Commented: (CXF-3042) SymmetricBinding used only for request causes error

Wed, 06 Oct 2010 04:54:58 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-3042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918481#action_12918481
 ] 

Glen Mazza commented on CXF-3042:
---------------------------------

Does SymmetricBinding make sense if only the client is using it?  What is the 
specification that defines how one-way SymmetricBinding is to work?  You write 
"at the operation level but only using it for the request message", what are 
you using the response message--pure, unencrypted text?  I'm not sure if this 
is actually a bug or just an enhancement request (or even if this is something 
that should be supported.)  I need more enlightenment here.

> SymmetricBinding used only for request causes error
> ---------------------------------------------------
>
>                 Key: CXF-3042
>                 URL: https://issues.apache.org/jira/browse/CXF-3042
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.10
>            Reporter: Dennis Sosnoski
>         Attachments: effective1.tgz
>
>
> When specifying SymmetricBinding at the operation level but only using it for 
> the request message,everything looks reasonable on the wire but the client 
> throws an exception when processing the response (tested with both 2.2.10 and 
> the 2.3 nightly):
>      [java] WARNING: Interceptor for 
> {http://ws.sosnoski.com/library/wsdl}CXFLibrary#{http://ws.sosnoski.com/library/wsdl}addBook
>  has thrown exception, unwinding now
>      [java] org.apache.cxf.interceptor.Fault: These policy alternatives can 
> not be satisfied: 
>      [java] 
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: No 
> derived keys found.
>      [java]     at 
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47)
>      [java]     at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
>      [java]     at 
> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
>      [java]     at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2198)
>      [java]     at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
>      [java]     at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
>      [java]     at 
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
>      [java]     at 
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
>      [java]     at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
>      [java]     at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
>      [java]     at 
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
>      [java]     at 
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
>      [java]     at 
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
>      [java]     at 
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>      [java]     at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> The error appears to be caused by the client receiving a response without 
> security headers (which is correct according to the WSDL/policy).
> Here's an edited version of the WSDL:
> <wsdl:definitions targetNamespace="http://ws.sosnoski.com/library/wsdl";
>     xmlns:wns="http://ws.sosnoski.com/library/wsdl";
>     xmlns:tns="http://ws.sosnoski.com/library/types";
>     xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
>     xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/";>
>   
>   <!-- Policy for Username Token with hashed password, sent from client to 
> server only -->
>   <wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
>       
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>       xmlns:wsp="http://www.w3.org/ns/ws-policy";
>       xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
>     <sp:SupportingTokens>
>       <wsp:Policy>
>         <sp:UsernameToken sp:IncludeToken=
>             
> "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
>           <wsp:Policy>
>             <sp:HashPassword/>
>           </wsp:Policy>
>         </sp:UsernameToken>
>       </wsp:Policy>
>     </sp:SupportingTokens>
>   </wsp:Policy>
>   
>   <!-- Policy for symmetric binding, using an ephemeral key generated by the 
> client and
>    sent to the server as part of the request, using asymmetric encryption 
> with the server
>    public key to secure the symmetric key. -->
>   <wsp:Policy wsu:Id="SymmEncr"
>       
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
>       xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";
>       xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
>     <sp:SymmetricBinding>
>       <wsp:Policy>
>         <sp:ProtectionToken>
>           <wsp:Policy>
>             <sp:X509Token 
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
>               <wsp:Policy>
>                 <sp:RequireDerivedKeys/>
>                 <sp:RequireThumbprintReference/>
>                 <sp:WssX509V3Token10/>
>               </wsp:Policy>
>             </sp:X509Token>
>           </wsp:Policy>
>         </sp:ProtectionToken>
>         <sp:AlgorithmSuite>
>           <wsp:Policy>
>             <sp:Basic128Rsa15/>
>           </wsp:Policy>
>         </sp:AlgorithmSuite>
>         <sp:OnlySignEntireHeadersAndBody/>
>       </wsp:Policy>
>     </sp:SymmetricBinding>
>     <sp:Wss11>
>       <wsp:Policy>
>         <sp:MustSupportRefKeyIdentifier/>
>         <sp:MustSupportRefThumbprint/>
>         <sp:MustSupportRefEncryptedKey/>
>       </wsp:Policy>
>     </sp:Wss11>
>   </wsp:Policy>
>   
>   <!-- Policy for encrypting the message body. -->
>   <wsp:Policy wsu:Id="EncrBody" xmlns:wsu=
>       
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>       xmlns:wsp="http://www.w3.org/ns/ws-policy";
>       xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
>     <sp:EncryptedParts>
>       <sp:Body/>
>     </sp:EncryptedParts>
>   </wsp:Policy>
>   ...
>   <wsdl:binding name="LibrarySoapBinding" type="wns:Library">
>   
>     <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"; 
> URI="#UsernameToken"/>
>     ...
>     <wsdl:operation name="addBook">
>   
>       <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"; 
> URI="#SymmEncr"/>
>   
>       <wsdlsoap:operation soapAction="urn:addBook"/>
>       <wsdl:input name="addBookRequest">
>         <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"; 
> URI="#EncrBody"/>
>         <wsdlsoap:body use="literal"/>
>       </wsdl:input>
>       <wsdl:output name="addBookResponse">
>         <wsdlsoap:body use="literal"/>
>       </wsdl:output>
>       <wsdl:fault name="addDuplicateFault">
>         <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"; 
> URI="#EncrBody"/>
>         <wsdlsoap:fault name="addDuplicateFault" use="literal"/>
>       </wsdl:fault>
>     </wsdl:operation>
>    ...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to