Hello everyone,
You are right, I made a mistake in the extract policy I have sent.
So could you confirm that the right section is:
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken>
<wsp:Policy/>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
Instead of:
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
?
Best Regards.
-----Original Message-----
From: Glen Mazza [mailto:[email protected]]
Sent: mardi 29 mai 2012 20:33
To: [email protected]
Subject: Re: Regression with UT over HTTPS on 2.6.1
No, I believe Colm was rather clear that a new ws:Policy element needs to be
added as a child element of the sp:HttpsToken (if you break it up into two
parts: <sp:HttpsToken> and </sp:HttpsToken> it might be clearer
for you.) Not as a sibling element to the <sp:HttpsToken/> as you have
it below.
Glen
On 05/29/2012 12:46 PM, COURTAULT Francois wrote:
> Resending ...
>
> -----Original Message-----
> From: COURTAULT Francois [mailto:[email protected]]
> Sent: lundi 28 mai 2012 19:36
> To: [email protected]
> Cc: [email protected]
> Subject: RE: Regression with UT over HTTPS on 2.6.1
>
> Hello,
>
> Sorry, you mean that in the policy file, I should have
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken/>
> <wsp:Policy/>
> </wsp:Policy>
> </sp:TransportToken>
>
> Instead of:
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken/>
> </wsp:Policy>
> </sp:TransportToken>
>
> Right ?
>
> Best Regards.
>
> From: COURTAULT Francois
> Sent: lundi 28 mai 2012 17:25
> To: '[email protected]'
> Cc: [email protected]
> Subject: RE: Regression with UT over HTTPS on 2.6.1
>
> Hello,
>
> But there is one in the policy I have sent to you.
> Extract:
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken/>
> </wsp:Policy>
> </sp:TransportToken>
>
> So what's wrong ?
>
> Best Regards.
>
> From: Colm O hEigeartaigh [mailto:[email protected]]
> Sent: lundi 28 mai 2012 17:19
> To: COURTAULT Francois
> Cc: [email protected]<mailto:[email protected]>
> Subject: Re: Regression with UT over HTTPS on 2.6.1
>
> wsp:Policy is still required by the following fragment:
>
> <wsp:Policy xmlns:wsp="...">
> (
> <sp:HttpBasicAuthentication /> |
> <sp:HttpDigestAuthentication /> |
> <sp:RequireClientCertificate /> |
> ...
> )?
>
> the "?" refers to the children of the Policy. So HttpsToken must still have
> a<wsp:Policy> child element, the fact that the children are all optional is
> irrelevant.
>
> Colm.
> On Mon, May 28, 2012 at 3:32 PM, COURTAULT
> Francois<[email protected]<mailto:[email protected]>>
> wrote:
> Hello,
>
> I don't read the spec the same way than you, sorry.
>
> The spec says:
> <sp:HttpsToken xmlns:sp="..." ...>
> (
>
> <sp:Issuer>wsa:EndpointReferenceType</sp:Issuer> |
>
> <sp:IssuerName>xs:anyURI</sp:IssuerName>
>
> ) ?
>
> <wst:Claims Dialect="..."> ...</wst:Claims> ?
>
> <wsp:Policy xmlns:wsp="...">
> (
> <sp:HttpBasicAuthentication /> |
> <sp:HttpDigestAuthentication /> |
> <sp:RequireClientCertificate /> |
> ...
> )?
> ...
> </wsp:Policy>
> ...
> </sp:HttpsToken>
>
> And "?" means 0 or 1
> So, according to me, you can have<sp:HttpsToken.... with an empty<wsp:Policy
> /> policy.
> More, the spec that:
> - /sp:HttpsToken/wsp:Policy/sp:HttpBasicAuthentication is OPTIONAL
> - /sp:HttpsToken/wsp:Policy/sp:HttpDigestAuthentication is OPTIONAL
> - /sp:HttpsToken/wsp:Policy/sp:RequireClientCertificate is OPTIONAL Which
> is coherent with the ?
>
> So ??????
>
> Best Regards.
>
> -----Original Message-----
> From: Colm O hEigeartaigh
> [mailto:[email protected]<mailto:[email protected]>]
> Sent: lundi 28 mai 2012 15:39
> To: COURTAULT Francois
> Cc: [email protected]<mailto:[email protected]>
> Subject: Re: Regression with UT over HTTPS on 2.6.1
>
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/os/ws-security
> policy-1.3-spec-os.html
>
> "sp:HttpsToken/wsp:Policy
>
> This REQUIRED element identifies additional requirements for use of the
> sp:HttpsToken assertion."
>
> Colm.
>
>
> On Mon, May 28, 2012 at 2:33 PM, COURTAULT Francois<
> [email protected]<mailto:[email protected]>> wrote:
>
>> Hello,
>>
>> This means that the policy I have attached is not compliant: right?
>> Could you give me please a pointer or the spec paragraph which
>> specifies this ?
>>
>> Best Regards.
>>
>> -----Original Message-----
>> From: Colm O hEigeartaigh
>> [mailto:[email protected]<mailto:[email protected]>]
>> Sent: lundi 28 mai 2012 15:18
>> To: [email protected]<mailto:[email protected]>
>> Subject: Re: Regression with UT over HTTPS on 2.6.1
>>
>> It's not a regression, but a stricter enforcement of the
>> WS-SecurityPolicy spec. You need to add a "<wsp:Policy/>" child to
>> the sp:HttpsToken element to be compliant.
>>
>> Colm.
>>
>> On Mon, May 28, 2012 at 1:12 PM, COURTAULT Francois<
>> [email protected]<mailto:[email protected]>>
>> wrote:
>>
>>> Hello,****
>>>
>>> ** **
>>>
>>> With the same WSS policy used, attached, at server side, I got this
>> error:
>>> ****
>>>
>>> 28 mai 2012 14:08:43
>>> org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyPro
>>> vi
>>> der
>>> getElementPolicy****
>>>
>>> ATTENTION: Failed to build the policy
>>> 'Wssp1.2-2007-Https-UsernameToken-Plain.xml':sp:HttpsToken/wsp:Polic
>>> y
>>> must have a value****
>>>
>>> Exception in thread "main" *javax.xml.ws.soap.SOAPFaultException*:
>>> sp:HttpsToken/wsp:Policy must have a value****
>>>
>>> whereas I didn't get any error on 2.5.4.****
>>>
>>> ** **
>>>
>>> Do I have to enter an issue in CXF 2.6.1 ?****
>>>
>>> ** **
>>>
>>> Best Regards.****
>>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza
