coheigea wrote
> Actually, the UsernameTokenInterceptor (which is used when there is no
> security binding) does not support Nonce + Created. I've added support
> here:
>
> https://issues.apache.org/jira/browse/CXF-6051
>
> Colm.
Thanks Colm,
It is also not supported with the encrypred and signed username token policy
(Oracle server with
*oracle/wss10_username_token_with_message_protection_service_policy*).
Again I have a "working fix" to CXF 3.0.1, which I will give here
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.java
In/ PolicyBasedWSS4JOutInterceptorInternal.public void
handleMessage(SoapMessage message) throws Fault / (at about line 140),
here we assert the "Created" and Nonce if they are present so that they can
be picked up from "aim" later.
/ ais = getAllAssertionsByLocalname(aim,
SPConstants.SYMMETRIC_BINDING);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
transport = (AbstractBinding)ai.getAssertion();
ai.setAsserted(true);
}
}
//**************************
// BEGIN MODIFICATION
//**************************
ais = aim.get(SP13Constants.CREATED);
if (ais != null && !ais.isEmpty()) {
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
}
ais = aim.get(SP13Constants.NONCE);
if (ais != null && !ais.isEmpty()) {
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
}
//**************************
// END MODIFICATION
//**************************
if (transport == null && isRequestor(message)) {
Policy policy = new Policy();
transport = new
TransportBinding(org.apache.wss4j.policy.SPConstants.SPVersion.SP11,
policy);
}/
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.java
In /protected void handleUsernameTokenSupportingToken( UsernameToken token,
boolean endorse, boolean encryptedToken, List<SupportingToken> ret ) throws
WSSecurityException/ (around line 596), here we set the properties in the
utBuilder if they are asserted in the "aim":
/
} else {
WSSecUsernameToken utBuilder = addUsernameToken(token);
if (utBuilder != null) {
//***************************
// Beginning of Modification
//***************************
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
boolean haveNonce = false;
boolean haveCreated = false;
Collection<AssertionInfo> nonces =
aim.getAssertionInfo(SP13Constants.NONCE);
for(AssertionInfo nonce: nonces) {
if (nonce.isAsserted()) {
haveNonce = true;
}
}
Collection<AssertionInfo> createds =
aim.getAssertionInfo(SP13Constants.CREATED);
for(AssertionInfo created: createds) {
if(created.isAsserted()) {
haveCreated = true;
}
}
if (haveCreated) {
utBuilder.addCreated();
}
if (haveNonce) {
utBuilder.addNonce();
}
//***************************
// End of modification
//***************************
utBuilder.prepare(saaj.getSOAPPart());
Element e = utBuilder.getUsernameTokenElement();
//********************************************
// Beginning of Modification (Logging only)
//********************************************
if(LOG.isLoggable(Level.FINE)) {
Document d = e.getOwnerDocument();
DOMImplementationLS domImplLS = (DOMImplementationLS)
d.getImplementation();
LSSerializer serializer =
domImplLS.createLSSerializer();
LOG.fine("Username Token: " +
serializer.writeToString(e));
}
//********************************************
// End of Modification (Logging only)
//********************************************
addSupportingElement(utBuilder.getUsernameTokenElement());
ret.add(new SupportingToken(token, utBuilder));
//WebLogic and WCF always encrypt these/
Also I just wanted to sat thank you for your support to get a "real" fix
info a future release, so hopefully we can use vanilla unpached code in
future.
--
View this message in context:
http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749905.html
Sent from the cxf-user mailing list archive at Nabble.com.
