[jira] [Commented] (CXF-3646) Use of asymmetric key is implicit and defaults to RSA_SHA1 in the security policy implementation
[ https://issues.apache.org/jira/browse/CXF-3646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13061863#comment-13061863 ] Colm O hEigeartaigh commented on CXF-3646: -- Hi, The current implementation is correct according to the spec. RSA-SHA1 is the only algorithm used for asymmetric signature, even if you specify a Basic256Sha256... algorithm suite: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/cd/ws-securitypolicy-1.3-spec-cs-01.html#_Toc212617835 At least that's my reading of the spec - it's seems a bit odd that the asymmetric signature algorithm doesn't vary according to the Algorithm suite. Colm. Use of asymmetric key is implicit and defaults to RSA_SHA1 in the security policy implementation Key: CXF-3646 URL: https://issues.apache.org/jira/browse/CXF-3646 Project: CXF Issue Type: Bug Components: Core, WS-* Components Affects Versions: 2.3.2, 2.5 Environment: Linux Reporter: vaidya.krishnamurthy Labels: security Since the use of SHA1 has been recently discouraged I tried to switch to using atleast SHA256 ( http://www.w3.org/TR/xmldsig-core1/#sec-MessageDigests ) Currently the policy is set like this in the wsdl file : sp:AlgorithmSuite wsp:Policy sp:Basic256Sha256Rsa15/ /wsp:Policy /sp:AlgorithmSuite From the log I can see that a part of the message is signed with rsa-sha1 ds:Signature xmlns:ds=http://www.w3.org/2000/09/xmldsig#; Id=Signature-2 ds:SignedInfo ds:CanonicalizationMethod Algorithm=http://www.w3.org/2001/10/xml-exc-c14n#/ ds:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1/ ds:Reference URI=#Timestamp-1 -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (CXF-3647) Add schema validation explaination for samples/wsdl_first_xmlbeans README
Add schema validation explaination for samples/wsdl_first_xmlbeans README - Key: CXF-3647 URL: https://issues.apache.org/jira/browse/CXF-3647 Project: CXF Issue Type: Improvement Components: Samples Affects Versions: 2.4.1 Reporter: Torsten Mielke Similar to CXF-3640, the README of the wsdl_first_xmlbeans demo should also explain that the client will raise a schema validation exception at runtime. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CXF-3647) Add schema validation explaination for samples/wsdl_first_xmlbeans README
[ https://issues.apache.org/jira/browse/CXF-3647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Torsten Mielke updated CXF-3647: Attachment: CXF-3647.patch Attaching a possible patch based on the solution for CXF-3640. Add schema validation explaination for samples/wsdl_first_xmlbeans README - Key: CXF-3647 URL: https://issues.apache.org/jira/browse/CXF-3647 Project: CXF Issue Type: Improvement Components: Samples Affects Versions: 2.4.1 Reporter: Torsten Mielke Labels: Samples Attachments: CXF-3647.patch Similar to CXF-3640, the README of the wsdl_first_xmlbeans demo should also explain that the client will raise a schema validation exception at runtime. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (CXF-3647) Add schema validation explaination for samples/wsdl_first_xmlbeans README
[ https://issues.apache.org/jira/browse/CXF-3647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Freeman Fang reassigned CXF-3647: - Assignee: Freeman Fang Add schema validation explaination for samples/wsdl_first_xmlbeans README - Key: CXF-3647 URL: https://issues.apache.org/jira/browse/CXF-3647 Project: CXF Issue Type: Improvement Components: Samples Affects Versions: 2.4.1 Reporter: Torsten Mielke Assignee: Freeman Fang Labels: Samples Attachments: CXF-3647.patch Similar to CXF-3640, the README of the wsdl_first_xmlbeans demo should also explain that the client will raise a schema validation exception at runtime. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (CXF-3648) Wrong scope for commons-pool
Wrong scope for commons-pool Key: CXF-3648 URL: https://issues.apache.org/jira/browse/CXF-3648 Project: CXF Issue Type: Bug Reporter: Daniel Kulp Assignee: Daniel Kulp Fix For: 2.4.2 The jms transport has commons-pool as a runtime scope. However, it's not needed for compile and it's only needed at runtime if using ActiveMQ. The ActiveMQ poms would pull that in anyway. Thus, it should be either removed or moved to test scope. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-3648) Wrong scope for commons-pool
[ https://issues.apache.org/jira/browse/CXF-3648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Kulp resolved CXF-3648. -- Resolution: Fixed Wrong scope for commons-pool Key: CXF-3648 URL: https://issues.apache.org/jira/browse/CXF-3648 Project: CXF Issue Type: Bug Reporter: Daniel Kulp Assignee: Daniel Kulp Fix For: 2.4.2 The jms transport has commons-pool as a runtime scope. However, it's not needed for compile and it's only needed at runtime if using ActiveMQ. The ActiveMQ poms would pull that in anyway. Thus, it should be either removed or moved to test scope. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-3624) BinarySecurityToken validated by STSTokenValidator doesn't satisfy IssuedToken policy
[
https://issues.apache.org/jira/browse/CXF-3624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-3624.
--
Resolution: Fixed
BinarySecurityToken validated by STSTokenValidator doesn't satisfy
IssuedToken policy
-
Key: CXF-3624
URL: https://issues.apache.org/jira/browse/CXF-3624
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 2.4.1
Reporter: Oliver Wulff
Assignee: Colm O hEigeartaigh
Fix For: 2.4.2, 2.5
I've configured a JAX-WS endpoint to validate a BinarySecurityToken sent in
the WS-Security Header against an STS like this:
entry key=ws-security.bst.validator
bean class=org.apache.cxf.ws.security.trust.STSTokenValidator/
After successful validation, I get the following exception on the server side:
Jun 30, 2011 10:57:21 AM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for
{http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: These policy alternatives can not be
satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken
at
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (CXF-3649) Out policies are not being applied for an unchecked fault
Out policies are not being applied for an unchecked fault - Key: CXF-3649 URL: https://issues.apache.org/jira/browse/CXF-3649 Project: CXF Issue Type: Bug Components: WS-* Components Affects Versions: 2.4.1 Reporter: Daniel Kulp Assignee: Daniel Kulp Fix For: 2.4.2 If an application throws an unchecked exception or other exception that cannot be mapped into a FaultInfo in the WSDL, none of the policies are being applied. It should at least grab the policies for the operation/binding/service/port and apply those to make sure the addressing and basic security requirements are met. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-3649) Out policies are not being applied for an unchecked fault
[ https://issues.apache.org/jira/browse/CXF-3649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Kulp resolved CXF-3649. -- Resolution: Fixed Out policies are not being applied for an unchecked fault - Key: CXF-3649 URL: https://issues.apache.org/jira/browse/CXF-3649 Project: CXF Issue Type: Bug Components: WS-* Components Affects Versions: 2.4.1 Reporter: Daniel Kulp Assignee: Daniel Kulp Fix For: 2.4.2 If an application throws an unchecked exception or other exception that cannot be mapped into a FaultInfo in the WSDL, none of the policies are being applied. It should at least grab the policies for the operation/binding/service/port and apply those to make sure the addressing and basic security requirements are met. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira
