Hello,
But there is one in the policy I have sent to you.
Extract:
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
So what's wrong ?
Best Regards.
From: Colm O hEigeartaigh [mailto:[email protected]]
Sent: lundi 28 mai 2012 17:19
To: COURTAULT Francois
Cc: [email protected]
Subject: Re: Regression with UT over HTTPS on 2.6.1
wsp:Policy is still required by the following fragment:
<wsp:Policy xmlns:wsp="...">
(
<sp:HttpBasicAuthentication /> |
<sp:HttpDigestAuthentication /> |
<sp:RequireClientCertificate /> |
...
)?
the "?" refers to the children of the Policy. So HttpsToken must still have a
<wsp:Policy> child element, the fact that the children are all optional is
irrelevant.
Colm.
On Mon, May 28, 2012 at 3:32 PM, COURTAULT Francois
<[email protected]<mailto:[email protected]>> wrote:
Hello,
I don't read the spec the same way than you, sorry.
The spec says:
<sp:HttpsToken xmlns:sp="..." ... >
(
<sp:Issuer>wsa:EndpointReferenceType</sp:Issuer> |
<sp:IssuerName>xs:anyURI</sp:IssuerName>
) ?
<wst:Claims Dialect="..."> ... </wst:Claims> ?
<wsp:Policy xmlns:wsp="...">
(
<sp:HttpBasicAuthentication /> |
<sp:HttpDigestAuthentication /> |
<sp:RequireClientCertificate /> |
...
)?
...
</wsp:Policy>
...
</sp:HttpsToken>
And "?" means 0 or 1
So, according to me, you can have <sp:HttpsToken.... with an empty <wsp:Policy
/> policy.
More, the spec that:
- /sp:HttpsToken/wsp:Policy/sp:HttpBasicAuthentication is OPTIONAL
- /sp:HttpsToken/wsp:Policy/sp:HttpDigestAuthentication is OPTIONAL
- /sp:HttpsToken/wsp:Policy/sp:RequireClientCertificate is OPTIONAL
Which is coherent with the ?
So ??????
Best Regards.
-----Original Message-----
From: Colm O hEigeartaigh
[mailto:[email protected]<mailto:[email protected]>]
Sent: lundi 28 mai 2012 15:39
To: COURTAULT Francois
Cc: [email protected]<mailto:[email protected]>
Subject: Re: Regression with UT over HTTPS on 2.6.1
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/os/ws-securitypolicy-1.3-spec-os.html
"sp:HttpsToken/wsp:Policy
This REQUIRED element identifies additional requirements for use of the
sp:HttpsToken assertion."
Colm.
On Mon, May 28, 2012 at 2:33 PM, COURTAULT Francois <
[email protected]<mailto:[email protected]>> wrote:
> Hello,
>
> This means that the policy I have attached is not compliant: right?
> Could you give me please a pointer or the spec paragraph which
> specifies this ?
>
> Best Regards.
>
> -----Original Message-----
> From: Colm O hEigeartaigh
> [mailto:[email protected]<mailto:[email protected]>]
> Sent: lundi 28 mai 2012 15:18
> To: [email protected]<mailto:[email protected]>
> Subject: Re: Regression with UT over HTTPS on 2.6.1
>
> It's not a regression, but a stricter enforcement of the
> WS-SecurityPolicy spec. You need to add a "<wsp:Policy/>" child to the
> sp:HttpsToken element to be compliant.
>
> Colm.
>
> On Mon, May 28, 2012 at 1:12 PM, COURTAULT Francois <
> [email protected]<mailto:[email protected]>> wrote:
>
> > Hello,****
> >
> > ** **
> >
> > With the same WSS policy used, attached, at server side, I got this
> error:
> > ****
> >
> > 28 mai 2012 14:08:43
> > org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyPro
> > vi
> > der
> > getElementPolicy****
> >
> > ATTENTION: Failed to build the policy
> > 'Wssp1.2-2007-Https-UsernameToken-Plain.xml':sp:HttpsToken/wsp:Polic
> > y
> > must have a value****
> >
> > Exception in thread "main" *javax.xml.ws.soap.SOAPFaultException*:
> > sp:HttpsToken/wsp:Policy must have a value****
> >
> > whereas I didn't get any error on 2.5.4.****
> >
> > ** **
> >
> > Do I have to enter an issue in CXF 2.6.1 ?****
> >
> > ** **
> >
> > Best Regards.****
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
