[jira] [Commented] (CXF-8940) ws-security.must-understand works only if security.enable.streaming is true

Sat, 14 Oct 2023 12:11:05 -0700 


    [ 
https://issues.apache.org/jira/browse/CXF-8940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17775302#comment-17775302
 ] 

Peter Palaga commented on CXF-8940:
-----------------------------------

I can see WSSecurityInterceptorProvider being created and registered at 
PolicyInterceptorProviderRegistryImpl, but 
WSSecurityInterceptorProvider.getOutInterceptors() is never called. Is that 
perhaps because mustUnderstand is actually not policy driven and there is no  
qname through which it could be retrieved from the registry?

> ws-security.must-understand works only if security.enable.streaming is true
> ---------------------------------------------------------------------------
>
>                 Key: CXF-8940
>                 URL: https://issues.apache.org/jira/browse/CXF-8940
>             Project: CXF
>          Issue Type: Bug
>            Reporter: Peter Palaga
>            Priority: Major
>
> I am unfortunately not sure at all how to reproduce this with plain CXF. If a 
> test is required to demonstrate the issue, I'd be thankful for pointing me to 
> an existing test I could adapt.
> I am able to reproduce this with quarkus-cxf - here are the steps to 
> reproduce:
> {code}
> git clone g...@github.com:ppalaga/quarkus-cxf.git
> cd quarkus-cxf
> git checkout CXF-8940
> mvnd clean install -DskipTests -Dquarkus.build.skip
> cd integration-tests/ws-security-policy
> mvnd clean test 
> -Dtest=UsernameTokenSecurityPolicyTest#helloUsernameTokenNoMustUnderstand
> ...
> [ERROR]   
> UsernameTokenSecurityPolicyTest>AbstractUsernameTokenSecurityPolicyTest.helloUsernameTokenNoMustUnderstand:180
>  
> Expecting actual:
>   "REQ_OUT
>     Address: https://localhost:8444/services/helloUsernameToken
>     HttpMethod: POST
>     Content-Type: text/xml
>     ExchangeId: 03fe3642-ab5b-4b85-b712-b8ed107f5a71
>     ServiceName: UsernameTokenPolicyHelloService
>     PortName: UsernameTokenPolicyHelloServicePort
>     PortTypeName: UsernameTokenPolicyHelloService
>     Headers: {SOAPAction="", Accept=*/*, Connection=Keep-Alive}
>     Payload: <soap:Envelope 
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
>   <soap:Header>
>     <wsse:Security 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>  soap:mustUnderstand="1">
>       <wsse:UsernameToken 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  wsu:Id="UsernameToken-4e64841c-ad35-48fd-b7ee-70e5f978e098">
>         <wsse:Username>cxf-user</wsse:Username>
>         <wsse:Password 
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>secret</wsse:Password>
>         <wsse:Nonce 
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>5rs0Ra3q0FPLXFguajlTwQ==</wsse:Nonce>
>         <wsu:Created>2023-10-05T22:40:54.436Z</wsu:Created>
>       </wsse:UsernameToken>
>     </wsse:Security>
>   </soap:Header>
>   <soap:Body>
>     <ns2:hello xmlns:ns2="http://policy.security.it.cxf.quarkiverse.io/";>
>       <arg0>helloUsernameTokenNoMustUnderstand</arg0>
>     </ns2:hello>
>   </soap:Body>
> </soap:Envelope>
> "
> not to contain:
>   "soap:mustUnderstand="1""
> {code}
> Running the same logic with 
> {{quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.security.enable.streaming
>  = true}} works as expected:
> {code}
> mvnd clean test 
> -Dtest=UsernameTokenSecurityPolicyStaxTest#helloUsernameTokenNoMustUnderstand
> ...
> BUILD SUCCESS
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to