Hi Chris,
I'm confused by your mail. Nonce + Created are already supported in the
AbstractBindingBuilder:
if (token.isCreated() && token.getPasswordType() !=
UsernameToken.PasswordType.HashPassword) {
utBuilder.addCreated();
}
if (token.isNonce() && token.getPasswordType() !=
UsernameToken.PasswordType.HashPassword) {
utBuilder.addNonce();
}
Can I see the exact encrypted + signed security policy that is not working?
Colm.
On Wed, Oct 15, 2014 at 11:03 AM, Chris <[email protected]> wrote:
> coheigea wrote
> > Actually, the UsernameTokenInterceptor (which is used when there is no
> > security binding) does not support Nonce + Created. I've added support
> > here:
> >
> > https://issues.apache.org/jira/browse/CXF-6051
> >
> > Colm.
>
> Thanks Colm,
> It is also not supported with the encrypred and signed username token
> policy
> (Oracle server with
> *oracle/wss10_username_token_with_message_protection_service_policy*).
>
> Again I have a "working fix" to CXF 3.0.1, which I will give here
>
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.java
>
> In/ PolicyBasedWSS4JOutInterceptorInternal.public void
> handleMessage(SoapMessage message) throws Fault / (at about line 140),
> here we assert the "Created" and Nonce if they are present so that they can
> be picked up from "aim" later.
>
> / ais = getAllAssertionsByLocalname(aim,
> SPConstants.SYMMETRIC_BINDING);
> if (!ais.isEmpty()) {
> for (AssertionInfo ai : ais) {
> transport = (AbstractBinding)ai.getAssertion();
> ai.setAsserted(true);
> }
> }
>
> //**************************
> // BEGIN MODIFICATION
> //**************************
> ais = aim.get(SP13Constants.CREATED);
> if (ais != null && !ais.isEmpty()) {
> for (AssertionInfo ai : ais) {
> ai.setAsserted(true);
> }
> }
>
>
> ais = aim.get(SP13Constants.NONCE);
>
> if (ais != null && !ais.isEmpty()) {
> for (AssertionInfo ai : ais) {
> ai.setAsserted(true);
> }
> }
> //**************************
> // END MODIFICATION
> //**************************
>
> if (transport == null && isRequestor(message)) {
> Policy policy = new Policy();
> transport = new
> TransportBinding(org.apache.wss4j.policy.SPConstants.SPVersion.SP11,
> policy);
> }/
>
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.java
>
> In /protected void handleUsernameTokenSupportingToken( UsernameToken token,
> boolean endorse, boolean encryptedToken, List<SupportingToken> ret ) throws
> WSSecurityException/ (around line 596), here we set the properties in the
> utBuilder if they are asserted in the "aim":
> /
> } else {
>
> WSSecUsernameToken utBuilder = addUsernameToken(token);
> if (utBuilder != null) {
>
> //***************************
> // Beginning of Modification
> //***************************
> AssertionInfoMap aim = message.get(AssertionInfoMap.class);
> boolean haveNonce = false;
> boolean haveCreated = false;
>
> Collection<AssertionInfo> nonces =
> aim.getAssertionInfo(SP13Constants.NONCE);
> for(AssertionInfo nonce: nonces) {
> if (nonce.isAsserted()) {
> haveNonce = true;
> }
> }
>
> Collection<AssertionInfo> createds =
> aim.getAssertionInfo(SP13Constants.CREATED);
> for(AssertionInfo created: createds) {
> if(created.isAsserted()) {
> haveCreated = true;
> }
> }
>
> if (haveCreated) {
> utBuilder.addCreated();
> }
>
> if (haveNonce) {
> utBuilder.addNonce();
> }
>
> //***************************
> // End of modification
> //***************************
> utBuilder.prepare(saaj.getSOAPPart());
>
> Element e = utBuilder.getUsernameTokenElement();
>
> //********************************************
> // Beginning of Modification (Logging only)
> //********************************************
>
> if(LOG.isLoggable(Level.FINE)) {
> Document d = e.getOwnerDocument();
> DOMImplementationLS domImplLS =
> (DOMImplementationLS)
> d.getImplementation();
> LSSerializer serializer =
> domImplLS.createLSSerializer();
> LOG.fine("Username Token: " +
> serializer.writeToString(e));
> }
> //********************************************
> // End of Modification (Logging only)
> //********************************************
>
> addSupportingElement(utBuilder.getUsernameTokenElement());
> ret.add(new SupportingToken(token, utBuilder));
>
> //WebLogic and WCF always encrypt these/
>
> Also I just wanted to sat thank you for your support to get a "real" fix
> info a future release, so hopefully we can use vanilla unpached code in
> future.
>
>
>
>
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749905.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
