wsp:Policy is still required by the following fragment:
<wsp:Policy xmlns:wsp="...">
(
<sp:HttpBasicAuthentication /> |
<sp:HttpDigestAuthentication /> |
<sp:RequireClientCertificate /> |
...
)?
the "?" refers to the children of the Policy. So HttpsToken must still have
a <wsp:Policy> child element, the fact that the children are all optional
is irrelevant.
Colm.
On Mon, May 28, 2012 at 3:32 PM, COURTAULT Francois <
[email protected]> wrote:
> Hello,
>
> I don't read the spec the same way than you, sorry.
>
> The spec says:
> <sp:HttpsToken xmlns:sp="..." ... >
> (
>
> <sp:Issuer>wsa:EndpointReferenceType</sp:Issuer> |
>
> <sp:IssuerName>xs:anyURI</sp:IssuerName>
>
> ) ?
>
> <wst:Claims Dialect="..."> ... </wst:Claims> ?
>
> <wsp:Policy xmlns:wsp="...">
> (
> <sp:HttpBasicAuthentication /> |
> <sp:HttpDigestAuthentication /> |
> <sp:RequireClientCertificate /> |
> ...
> )?
> ...
> </wsp:Policy>
> ...
> </sp:HttpsToken>
>
> And "?" means 0 or 1
> So, according to me, you can have <sp:HttpsToken.... with an empty
> <wsp:Policy /> policy.
> More, the spec that:
> - /sp:HttpsToken/wsp:Policy/sp:HttpBasicAuthentication is OPTIONAL
> - /sp:HttpsToken/wsp:Policy/sp:HttpDigestAuthentication is OPTIONAL
> - /sp:HttpsToken/wsp:Policy/sp:RequireClientCertificate is OPTIONAL
> Which is coherent with the ?
>
> So ??????
>
> Best Regards.
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:[email protected]]
> Sent: lundi 28 mai 2012 15:39
> To: COURTAULT Francois
> Cc: [email protected]
> Subject: Re: Regression with UT over HTTPS on 2.6.1
>
>
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/os/ws-securitypolicy-1.3-spec-os.html
>
> "sp:HttpsToken/wsp:Policy
>
> This REQUIRED element identifies additional requirements for use of the
> sp:HttpsToken assertion."
>
> Colm.
>
>
> On Mon, May 28, 2012 at 2:33 PM, COURTAULT Francois <
> [email protected]> wrote:
>
> > Hello,
> >
> > This means that the policy I have attached is not compliant: right?
> > Could you give me please a pointer or the spec paragraph which
> > specifies this ?
> >
> > Best Regards.
> >
> > -----Original Message-----
> > From: Colm O hEigeartaigh [mailto:[email protected]]
> > Sent: lundi 28 mai 2012 15:18
> > To: [email protected]
> > Subject: Re: Regression with UT over HTTPS on 2.6.1
> >
> > It's not a regression, but a stricter enforcement of the
> > WS-SecurityPolicy spec. You need to add a "<wsp:Policy/>" child to the
> > sp:HttpsToken element to be compliant.
> >
> > Colm.
> >
> > On Mon, May 28, 2012 at 1:12 PM, COURTAULT Francois <
> > [email protected]> wrote:
> >
> > > Hello,****
> > >
> > > ** **
> > >
> > > With the same WSS policy used, attached, at server side, I got this
> > error:
> > > ****
> > >
> > > 28 mai 2012 14:08:43
> > > org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyPro
> > > vi
> > > der
> > > getElementPolicy****
> > >
> > > ATTENTION: Failed to build the policy
> > > 'Wssp1.2-2007-Https-UsernameToken-Plain.xml':sp:HttpsToken/wsp:Polic
> > > y
> > > must have a value****
> > >
> > > Exception in thread "main" *javax.xml.ws.soap.SOAPFaultException*:
> > > sp:HttpsToken/wsp:Policy must have a value****
> > >
> > > whereas I didn't get any error on 2.5.4.****
> > >
> > > ** **
> > >
> > > Do I have to enter an issue in CXF 2.6.1 ?****
> > >
> > > ** **
> > >
> > > Best Regards.****
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
