[
https://issues.apache.org/jira/browse/CXF-8986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17827563#comment-17827563
]
Freeman Yue Fang commented on CXF-8986:
---
Hi [~jondruse],
This behaviour(expected) actually comes from your test, in your
custom-encrypt-sign-policy.xml
and
encrypt-sign-policy.xml
two different policies share the same policy ID, the PoliyEngine in CXF won't
rebuild policy again if found the Policy with same ID existent already.
So if you change your testcase like
{code}
---
a/integration-tests/ws-security-policy/src/main/resources/custom-encrypt-sign-policy.xml
+++
b/integration-tests/ws-security-policy/src/main/resources/custom-encrypt-sign-policy.xml
@@ -1,5 +1,5 @@
-http://www.w3.org/ns/ws-policy;
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd;
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702;>
{code}
You can find it works as expected.
Freeman
> Ws-security-policy: if more policies are used in the same JVM, their
> algorithm suites influence each other
> --
>
> Key: CXF-8986
> URL: https://issues.apache.org/jira/browse/CXF-8986
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
>Affects Versions: 4.0.4
>Reporter: Jiri Ondrusek
>Priority: Major
>
> I'm fixing some tests in quarkus-cxf and I found a behavior which seems to be
> not desired. On the other hand I might be missing some information and this
> behavior is expected.
> Reproducer:
> # Clone and build
> [https://github.com/JiriOndrusek/quarkus-cxf/tree/suite-influence-reprodocer]
> # Run (with remote debug)
> {code:java}
> ./mvnw clean test -f integration-tests/ws-security-policy
> -Dtest="EncryptSignPolicyTest#helloEncryptSign" -Dmaven.surefire.debug{code}
> Check value of effectivePolicy in this line
> [https://github.com/apache/cxf/blob/main/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java#L98]
> Look into
> {code:java}
> effectivePolicy->policy->policyComponents->exactlyOne->policyComponents->all->policyComponents->asymmetricBinding->alghoritnSuite->alghorithSuiteType{code}
> Value is *Basic256*
> # Run different test by this command
> {code:java}
> ./mvnw clean test -f integration-tests/ws-security-policy
> -Dtest="CustomEncryptSignPolicyTest#helloDefaultCustomValues"
> -Dmaven.surefire.debug{code}
> Debug the same place and you can see, that the alghoritmSuiteType is
> *CustomAlgorithmSuite*
> # Now run both tests together by
> {code:java}
> ./mvnw clean test -f integration-tests/ws-security-policy
> -Dtest="EncryptSignPolicyTest#helloEncryptSign,CustomEncryptSignPolicyTest#helloDefaultCustomValues"
> -Dmaven.surefire.debug{code}
> The first breakpoint is triggered by
> {code:java}
> CustomEncryptSignPolicyTest#helloDefaultCustomValues{code}
> and you can see hat the alghoritmSuiteType is *CustomAlgorithmSuite*
> The second breakpoint belongs to
> {code:java}
> EncryptSignPolicyTest#helloEncryptSign{code}
> , but the value in the efectivePolicy->..->asymmetricBinding is
> *CustomAlgorithmSuite*
> This is wrong, the correct value should be *Basic256*
> I changed test `CustomEncryptSignPolicyTest#helloDefaultCustomValues` to use
> *Basic128Rsa15* (to verify that the culprit is not the customAlgorithmSuite)
> and the result was wrong as with default values.
> Single execution showed *Basic128Rsa15* or *Basic256* (depends on the test),
> but execution of both tests showed *Basic128Rsa15* in both cases.
> I think that the behavior is wrong. I have a test suite running on FIPS
> machine. If tests are executed alone all works correctly (some tests asserts
> success, some tests asserts failure). If I run tests together, the tests
> which should fail, are successful.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
