[
https://issues.apache.org/jira/browse/CXF-8940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Palaga updated CXF-8940:
------------------------------
Description:
I am unfortunately not sure at all how to reproduce this with plain CXF. If a
test is required to demonstrate the issue, I'd be thankful for pointing me to
an existing test I could adapt.
I am able to reproduce this with quarkus-cxf - here are the steps to reproduce:
{code}
git clone [email protected]:ppalaga/quarkus-cxf.git
cd quarkus-cxf
git checkout CXF-8940
mvnd clean install -DskipTests -Dquarkus.build.skip
cd integration-tests/ws-security-policy
mvnd clean test
-Dtest=UsernameTokenSecurityPolicyTest#helloUsernameTokenNoMustUnderstand
...
[ERROR]
UsernameTokenSecurityPolicyTest>AbstractUsernameTokenSecurityPolicyTest.helloUsernameTokenNoMustUnderstand:180
Expecting actual:
"REQ_OUT
Address: https://localhost:8444/services/helloUsernameToken
HttpMethod: POST
Content-Type: text/xml
ExchangeId: 03fe3642-ab5b-4b85-b712-b8ed107f5a71
ServiceName: UsernameTokenPolicyHelloService
PortName: UsernameTokenPolicyHelloServicePort
PortTypeName: UsernameTokenPolicyHelloService
Headers: {SOAPAction="", Accept=*/*, Connection=Keep-Alive}
Payload: <soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<soap:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soap:mustUnderstand="1">
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-4e64841c-ad35-48fd-b7ee-70e5f978e098">
<wsse:Username>cxf-user</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>secret</wsse:Password>
<wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>5rs0Ra3q0FPLXFguajlTwQ==</wsse:Nonce>
<wsu:Created>2023-10-05T22:40:54.436Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<ns2:hello xmlns:ns2="http://policy.security.it.cxf.quarkiverse.io/";>
<arg0>helloUsernameTokenNoMustUnderstand</arg0>
</ns2:hello>
</soap:Body>
</soap:Envelope>
"
not to contain:
"soap:mustUnderstand="1""
{code}
Running the same logic with
{{quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.security.enable.streaming
= true}} works as expected:
{code}
mvnd clean test
-Dtest=UsernameTokenSecurityPolicyStaxTest#helloUsernameTokenNoMustUnderstand
...
BUILD SUCCESS
{code}
was:
I am unfortunately not sure at all how to reproduce this with plain CXF. If a
test is required to demonstrate the issue, I'd be thankful for pointing me to
an existing test I could adapt.
I am able to reproduce this with quarkus-cxf - here are the steps to reproduce:
{code}
git clone [email protected]:ppalaga/quarkus-cxf.git
cd quarkus-cxf
mvnd clean install -DskipTests -Dquarkus.build.skip
cd integration-tests/ws-security-policy
mvnd clean test
-Dtest=UsernameTokenSecurityPolicyTest#helloUsernameTokenNoMustUnderstand
{code}
> ws-security.must-understand works only if security.enable.streaming is true
> ---------------------------------------------------------------------------
>
> Key: CXF-8940
> URL: https://issues.apache.org/jira/browse/CXF-8940
> Project: CXF
> Issue Type: Bug
> Reporter: Peter Palaga
> Priority: Major
>
> I am unfortunately not sure at all how to reproduce this with plain CXF. If a
> test is required to demonstrate the issue, I'd be thankful for pointing me to
> an existing test I could adapt.
> I am able to reproduce this with quarkus-cxf - here are the steps to
> reproduce:
> {code}
> git clone [email protected]:ppalaga/quarkus-cxf.git
> cd quarkus-cxf
> git checkout CXF-8940
> mvnd clean install -DskipTests -Dquarkus.build.skip
> cd integration-tests/ws-security-policy
> mvnd clean test
> -Dtest=UsernameTokenSecurityPolicyTest#helloUsernameTokenNoMustUnderstand
> ...
> [ERROR]
> UsernameTokenSecurityPolicyTest>AbstractUsernameTokenSecurityPolicyTest.helloUsernameTokenNoMustUnderstand:180
>
> Expecting actual:
> "REQ_OUT
> Address: https://localhost:8444/services/helloUsernameToken
> HttpMethod: POST
> Content-Type: text/xml
> ExchangeId: 03fe3642-ab5b-4b85-b712-b8ed107f5a71
> ServiceName: UsernameTokenPolicyHelloService
> PortName: UsernameTokenPolicyHelloServicePort
> PortTypeName: UsernameTokenPolicyHelloService
> Headers: {SOAPAction="", Accept=*/*, Connection=Keep-Alive}
> Payload: <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
> <soap:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soap:mustUnderstand="1">
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="UsernameToken-4e64841c-ad35-48fd-b7ee-70e5f978e098">
> <wsse:Username>cxf-user</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>secret</wsse:Password>
> <wsse:Nonce
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>5rs0Ra3q0FPLXFguajlTwQ==</wsse:Nonce>
> <wsu:Created>2023-10-05T22:40:54.436Z</wsu:Created>
> </wsse:UsernameToken>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <ns2:hello xmlns:ns2="http://policy.security.it.cxf.quarkiverse.io/";>
> <arg0>helloUsernameTokenNoMustUnderstand</arg0>
> </ns2:hello>
> </soap:Body>
> </soap:Envelope>
> "
> not to contain:
> "soap:mustUnderstand="1""
> {code}
> Running the same logic with
> {{quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.security.enable.streaming
> = true}} works as expected:
> {code}
> mvnd clean test
> -Dtest=UsernameTokenSecurityPolicyStaxTest#helloUsernameTokenNoMustUnderstand
> ...
> BUILD SUCCESS
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
