RE: cfx and policy alternatives

[Rhenius, Karl Stefan]

Hi Sergey,

according to your answer this seems to be a bug? (That would be great,
because I could stop trying to find the right configuration :)

> Dan has enhanced the Neethi implementation to properly 
> support the policy  intersection but that is more likely to 
> affect the client side. But in this case, how does the server 
> knows the 2nd request is coming from the original client 
> which is supporting a SecureConversation policy ?

I attached the incoming message from my client and the servers response.
There are many header information, that could be used to track the
session, i.e.
<wsc:Identifier>BC4D3B6C7539DA347C12985615449223</wsc:Identifier> for
the SecureConversation.

I didn't checked, how the policy is chosen, so this is just speculative:
I would add the chosen policy somewhere in the exchange or message
object, so the outgoing handler can take an appropriate format. There is
no need to track a session, the first valid policy on the incoming side
should be used for the outgoing message.

I'm going to make a testcase for jira.

Bye
Karl

24.02.2011 16:32:24 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Inbound Message
----------------------------
ID: 4
Address: /AC_IPingService
Encoding: UTF-8
Content-Type: text/xml; charset=UTF-8
Headers: {content-type=[text/xml; charset=UTF-8], connection=[keep-alive],
Host=[localhost:9000], Content-Length=[2505], 
SOAPAction=["http://xmlsoap.org/Ping";],
User-Agent=[Apache CXF 2.3.2], Content-Type=[text/xml; charset=UTF-8],
Accept=[*/*], Pragma=[no-cache], Cache-Control=[no-cache]}
Payload:
<soap:Header>
            <Action 
xmlns="http://www.w3.org/2005/08/addressing";>http://xmlsoap.org/Ping</Action>
            <MessageID 
xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:80f44929-c895-4d32-8ddf-5200c9819c50</MessageID>
            <To 
xmlns="http://www.w3.org/2005/08/addressing";>http://localhost:9000/AC_IPingService</To>
            <ReplyTo xmlns="http://www.w3.org/2005/08/addressing";>
                  
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
            </ReplyTo>
            <wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 soap:mustUnderstand="1">
                  <wsc:SecurityContextToken 
xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"; 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 wsu:Id="sctId-BC4D3B6C7539DA347C12985615449224">
                        
<wsc:Identifier>BC4D3B6C7539DA347C12985615449223</wsc:Identifier>
                  </wsc:SecurityContextToken>
                  <xenc:ReferenceList 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
                        <xenc:DataReference URI="#EncDataId-5"/>
                  </xenc:ReferenceList>
            </wsse:Security>
      </soap:Header>
      <soap:Body 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 wsu:Id="Id-49194">
            <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
Id="EncDataId-5" Type="http://www.w3.org/2001/04/xmlenc#Content";>
                  <xenc:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                  <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
                        <wsse:SecurityTokenReference 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
                              <wsse:Reference 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 URI="#sctId-BC4D3B6C7539DA347C12985615449224" 
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
                        </wsse:SecurityTokenReference>
                  </ds:KeyInfo>
                  <xenc:CipherData>
                        
<xenc:CipherValue>DwekQEFKFzMxVvzdOioy3oCoZMdFA9Xlvq/0U82nehgl6xPQcgpChXHEp5tVqzr5coxAbtex+lX5NHAuiw5x0PivwjuWqzj0Qpw3SxlHXUjnGYZo+2fKZehF8a0Ruqi4ErgIPHH1wzxhj8erMbtmPbUOj0SHqk+Ahi7beLqXoOUcn+4GGYrCQgILK+xa3LgpaAiXeQ5xyULkI+S6vg5ZkGjSVR+U5Vg33oU5Abjua6JEW5Tb13masUp3+VTb2ghUhXLePFb5qyA4cAgsTbEEd/KTv5BGFCrued0NIMQX1su4ZtPY+6J96SfBovGGBWcE7hxwwMyA/0tjhdBMOS8d67cYEFTZSumFsKYChovwz3SgBZfX9eWxnAUmSh8aG9crQ28nRLiBQUyINzP6SqD+LifnsB+R9hOY+uaQAWpMnR9u054/KGb/Aib2q7YybjZM2ON014+30gN07zeZPIbVvg==</xenc:CipherValue>
                  </xenc:CipherData>
            </xenc:EncryptedData>
      </soap:Body>
</soap:Envelope>

######## PingServiceImpl: PING REQUEST ########

24.02.2011 16:32:24 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Outbound Message
---------------------------
ID: 4
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload:
      <soap:Header>
            <Action 
xmlns="http://www.w3.org/2005/08/addressing";>http://xmlsoap.org/Ping</Action>
            <MessageID 
xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:36a75c2e-d815-4929-b801-00bc2e9bf5c7</MessageID>
            <To 
xmlns="http://www.w3.org/2005/08/addressing";>http://www.w3.org/2005/08/addressing/anonymous</To>
            <RelatesTo 
xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:80f44929-c895-4d32-8ddf-5200c9819c50</RelatesTo>
      </soap:Header>
      <soap:Body>
            <ns2:PingResponse xmlns="http://xmlsoap.org/Ping"; 
xmlns:ns2="http://WSSec/wssc";>
                  <PingResponse>
                        <scenario>Scenario5</scenario>
                        <origin>CXF</origin>
                        <text>CXF : ping=-1823580971</text>
                  </PingResponse>
            </ns2:PingResponse>
      </soap:Body>
</soap:Envelope>