Re: WS-Security _DEMANDS_ "target part" be present, breaking WS-RM (Bug?)

Fri, 11 Dec 2009 12:51:43 -0800

Ok, thank. I will look at it over the weekend and try to submit a test-case/patch. 

Daniel Kulp wrote:

Hmm.....
The only thing I can think of is to subclass the WSS4JOutInterceptor to override a method or two to turn off the ENCRYPTION_PARTS thing if the body contains one of the RM messages. You can probably override the the "getString(String key, Object mc)" call to do something like: 

if (key.equals(WSHandlerConstants.ENCRYPTION_PARTS)) {
    SoapMessage m = (SoapMessage)mc;
    SOAPMessage doc = msg.getContent(SOAPMessage.class);
    SOAPBody body = doc.getSOAPBody();
    //check the content of body and return null if RM.....
}
return super.getString(key, mc);


Dan




On Fri December 11 2009 10:58:10 am Alexandros Karypidis wrote:

Hi,

SHORT STORY:

I need to encrypt an element in my SOAP message. Therefore I configure
my sending endpoint as follows:

This generally works, but breaks if I enable WS-ReliableMessaging (with
a policy in the WSDL). In that case, when trying to send a message the
interceptor fails with:

        org.apache.ws.security.WSSecurityException:
                General security error (WSEncryptBody/WSSignEnvelope:
                        Element to encrypt/sign not found: 
{http://messaging/}deliver)

Now, apparently this is caused by WS-RM injecting a "CreateSequence"
message which does not contain my "target" element. I can see only three
ways out of this and I appreciate any help.

LONG STORY:

My thoughts on getting around this are below, but I need help from
someone more knowledgable:

1) I don't know if it's possible to have the WS-Security interceptor be
added _before_ the WS-RM interceptor (I assume this would result in WSS
"not seeing" RM-injected messages). Although I add the "WSS" interceptor
with code, the RM interceptor is added automatically by a policy in the
WSDL. I add WSS with:

        Map<String, Object> outProps = new HashMap<String, Object>();
        WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
        // ...
        outProps.put(WSHandlerConstants.ENCRYPTION_PARTS,
"{Content}{http://messaging/}deliver";);
        org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(portStub);
        org.apache.cxf.endpoint.Endpoint cxfEndpoint =
 client.getEndpoint(); cxfEndpoint.getOutInterceptors().add(wssOut);

2) Is it possible to define the "target part" as "optional" so that WSS
does not abort when it fails to find the element?

3) Are neither (1) nor (2) possible, in which case I should open a bug
report (and start coding)?

Reply via email to