[jira] Created: (CXF-3156) Have web service client cache SAML tokens used in SOAP calls

Mon, 29 Nov 2010 12:29:34 -0800 

Have web service client cache SAML tokens used in SOAP calls
------------------------------------------------------------

                 Key: CXF-3156
                 URL: https://issues.apache.org/jira/browse/CXF-3156
             Project: CXF
          Issue Type: Wish
            Reporter: Glen Mazza


Metro web service providers (and perhaps others) return references to SAML 
Tokens provided by the client during the SOAP call, but do not return the 
tokens themselves (nor is apparent that they should.)  Presently Metro clients 
but not CXF clients can process these responses.  A CXF client attempting to 
process a Metro response (sample one here[1]) returns this error, saying it 
cannot find the token:

[INFO] Nov 29, 2010 3:14:33 PM 
org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
[INFO] INFO: Creating Service 
{http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: 
file:/media/NewDriveExt3/soperawork/DoubleItMetroWSTrust/client-cxf/src/main/resources/DoubleItService.wsdl
[INFO] Nov 29, 2010 3:14:34 PM 
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl build
[INFO] WARNING: No assertion builder for type 
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireInternalReference
 registered.
[INFO] Nov 29, 2010 3:14:35 PM 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
[INFO] WARNING: 
[INFO] org.apache.ws.security.WSSecurityException: Referenced security token 
could not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
[INFO]  at 
org.apache.ws.security.message.token.SecurityTokenReference.getKeyIdentifierTokenElement(SecurityTokenReference.java:200)
[INFO]  at 
org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:356)
[INFO]  at 
org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:162)
[INFO]  at 
org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:113)
[INFO]  at 
org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:76)
[INFO]  at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
[INFO]  at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
[INFO]  at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
[INFO]  at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
[INFO]  at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
[INFO]  at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
[INFO]  at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
[INFO]  at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
[INFO]  at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
[INFO]  at 
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
[INFO]  at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
[INFO]  at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
[INFO]  at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
[INFO]  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
[INFO]  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
[INFO]  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
[INFO]  at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
[INFO]  at 
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
[INFO]  at $Proxy24.doubleIt(Unknown Source)
[INFO]  at client.WSClient.doubleIt(WSClient.java:17)
[INFO]  at client.WSClient.main(WSClient.java:11)
[INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.phase.PhaseInterceptorChain 
doDefaultLogging
[INFO] WARNING: Interceptor for 
{http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt
 has thrown exception, unwinding now
[INFO] org.apache.cxf.binding.soap.SoapFault: Referenced security token could 
not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
[INFO]  at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:597)
[INFO]  at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:268)
[INFO]  at 
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
[INFO]  at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
[INFO]  at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
[INFO]  at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
[INFO]  at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
[INFO]  at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
[INFO]  at 
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
[INFO]  at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
[INFO]  at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
[INFO]  at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
[INFO]  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
[INFO]  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
[INFO]  at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
[INFO]  at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
[INFO]  at 
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
[INFO]  at $Proxy24.doubleIt(Unknown Source)
[INFO]  at client.WSClient.doubleIt(WSClient.java:17)
[INFO]  at client.WSClient.main(WSClient.java:11)

Part of the problem MAY be that Metro prefixes the Assertion key with a "#" 
indicating the token is within the message body.  A bug report has been sent to 
them on this issue[2], however I believe CXF would presently fail even if the 
"#" was not there, as the client-side storage/retrieval of SAML tokens is not 
yet in place.

[1] https://issues.apache.org/jira/secure/attachment/12460040/WSS238Results.txt
[2] http://java.net/jira/browse/WSIT-1490

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to