Yes that looks right. Colm.
On Wed, May 30, 2012 at 8:12 AM, COURTAULT Francois < [email protected]> wrote: > Hello everyone, > > You are right, I made a mistake in the extract policy I have sent. > So could you confirm that the right section is: > <sp:TransportToken> > <wsp:Policy> > <sp:HttpsToken> > <wsp:Policy/> > </sp:HttpsToken> > </wsp:Policy> > </sp:TransportToken> > > Instead of: > <sp:TransportToken> > <wsp:Policy> > <sp:HttpsToken/> > </wsp:Policy> > </sp:TransportToken> > ? > > Best Regards. > > -----Original Message----- > From: Glen Mazza [mailto:[email protected]] > Sent: mardi 29 mai 2012 20:33 > To: [email protected] > Subject: Re: Regression with UT over HTTPS on 2.6.1 > > No, I believe Colm was rather clear that a new ws:Policy element needs to > be added as a child element of the sp:HttpsToken (if you break it up into > two parts: <sp:HttpsToken> and </sp:HttpsToken> it might be clearer > for you.) Not as a sibling element to the <sp:HttpsToken/> as you have > it below. > > Glen > > > On 05/29/2012 12:46 PM, COURTAULT Francois wrote: > > Resending ... > > > > -----Original Message----- > > From: COURTAULT Francois [mailto:[email protected]] > > Sent: lundi 28 mai 2012 19:36 > > To: [email protected] > > Cc: [email protected] > > Subject: RE: Regression with UT over HTTPS on 2.6.1 > > > > Hello, > > > > Sorry, you mean that in the policy file, I should have > > <sp:TransportToken> > > <wsp:Policy> > > <sp:HttpsToken/> > > <wsp:Policy/> > > </wsp:Policy> > > </sp:TransportToken> > > > > Instead of: > > <sp:TransportToken> > > <wsp:Policy> > > <sp:HttpsToken/> > > </wsp:Policy> > > </sp:TransportToken> > > > > Right ? > > > > Best Regards. > > > > From: COURTAULT Francois > > Sent: lundi 28 mai 2012 17:25 > > To: '[email protected]' > > Cc: [email protected] > > Subject: RE: Regression with UT over HTTPS on 2.6.1 > > > > Hello, > > > > But there is one in the policy I have sent to you. > > Extract: > > <sp:TransportToken> > > <wsp:Policy> > > <sp:HttpsToken/> > > </wsp:Policy> > > </sp:TransportToken> > > > > So what's wrong ? > > > > Best Regards. > > > > From: Colm O hEigeartaigh [mailto:[email protected]] > > Sent: lundi 28 mai 2012 17:19 > > To: COURTAULT Francois > > Cc: [email protected]<mailto:[email protected]> > > Subject: Re: Regression with UT over HTTPS on 2.6.1 > > > > wsp:Policy is still required by the following fragment: > > > > <wsp:Policy xmlns:wsp="..."> > > ( > > <sp:HttpBasicAuthentication /> | > > <sp:HttpDigestAuthentication /> | > > <sp:RequireClientCertificate /> | > > ... > > )? > > > > the "?" refers to the children of the Policy. So HttpsToken must still > have a<wsp:Policy> child element, the fact that the children are all > optional is irrelevant. > > > > Colm. > > On Mon, May 28, 2012 at 3:32 PM, COURTAULT Francois< > [email protected]<mailto:[email protected]>> > wrote: > > Hello, > > > > I don't read the spec the same way than you, sorry. > > > > The spec says: > > <sp:HttpsToken xmlns:sp="..." ...> > > ( > > > > <sp:Issuer>wsa:EndpointReferenceType</sp:Issuer> | > > > > <sp:IssuerName>xs:anyURI</sp:IssuerName> > > > > ) ? > > > > <wst:Claims Dialect="..."> ...</wst:Claims> ? > > > > <wsp:Policy xmlns:wsp="..."> > > ( > > <sp:HttpBasicAuthentication /> | > > <sp:HttpDigestAuthentication /> | > > <sp:RequireClientCertificate /> | > > ... > > )? > > ... > > </wsp:Policy> > > ... > > </sp:HttpsToken> > > > > And "?" means 0 or 1 > > So, according to me, you can have<sp:HttpsToken.... with an > empty<wsp:Policy /> policy. > > More, the spec that: > > - /sp:HttpsToken/wsp:Policy/sp:HttpBasicAuthentication is OPTIONAL > > - /sp:HttpsToken/wsp:Policy/sp:HttpDigestAuthentication is OPTIONAL > > - /sp:HttpsToken/wsp:Policy/sp:RequireClientCertificate is OPTIONAL > Which is coherent with the ? > > > > So ?????? > > > > Best Regards. > > > > -----Original Message----- > > From: Colm O hEigeartaigh > > [mailto:[email protected]<mailto:[email protected]>] > > Sent: lundi 28 mai 2012 15:39 > > To: COURTAULT Francois > > Cc: [email protected]<mailto:[email protected]> > > Subject: Re: Regression with UT over HTTPS on 2.6.1 > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/os/ws-security > > policy-1.3-spec-os.html > > > > "sp:HttpsToken/wsp:Policy > > > > This REQUIRED element identifies additional requirements for use of the > sp:HttpsToken assertion." > > > > Colm. > > > > > > On Mon, May 28, 2012 at 2:33 PM, COURTAULT Francois< > [email protected]<mailto:[email protected]>> > wrote: > > > >> Hello, > >> > >> This means that the policy I have attached is not compliant: right? > >> Could you give me please a pointer or the spec paragraph which > >> specifies this ? > >> > >> Best Regards. > >> > >> -----Original Message----- > >> From: Colm O hEigeartaigh > >> [mailto:[email protected]<mailto:[email protected]>] > >> Sent: lundi 28 mai 2012 15:18 > >> To: [email protected]<mailto:[email protected]> > >> Subject: Re: Regression with UT over HTTPS on 2.6.1 > >> > >> It's not a regression, but a stricter enforcement of the > >> WS-SecurityPolicy spec. You need to add a "<wsp:Policy/>" child to > >> the sp:HttpsToken element to be compliant. > >> > >> Colm. > >> > >> On Mon, May 28, 2012 at 1:12 PM, COURTAULT Francois< > >> [email protected]<mailto:[email protected]>> > wrote: > >> > >>> Hello,**** > >>> > >>> ** ** > >>> > >>> With the same WSS policy used, attached, at server side, I got this > >> error: > >>> **** > >>> > >>> 28 mai 2012 14:08:43 > >>> org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyPro > >>> vi > >>> der > >>> getElementPolicy**** > >>> > >>> ATTENTION: Failed to build the policy > >>> 'Wssp1.2-2007-Https-UsernameToken-Plain.xml':sp:HttpsToken/wsp:Polic > >>> y > >>> must have a value**** > >>> > >>> Exception in thread "main" *javax.xml.ws.soap.SOAPFaultException*: > >>> sp:HttpsToken/wsp:Policy must have a value**** > >>> > >>> whereas I didn't get any error on 2.5.4.**** > >>> > >>> ** ** > >>> > >>> Do I have to enter an issue in CXF 2.6.1 ?**** > >>> > >>> ** ** > >>> > >>> Best Regards.**** > >>> > >> > >> > >> -- > >> Colm O hEigeartaigh > >> > >> Talend Community Coder > >> http://coders.talend.com > >> > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > -- > Glen Mazza > Talend Community Coders > coders.talend.com > blog: www.jroller.com/gmazza > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
