[
https://issues.apache.org/jira/browse/CXF-9167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18024396#comment-18024396
]
Guillaume Bouchon commented on CXF-9167:
----------------------------------------
Hi Freeman
Thanks for you answer.
My problem is that in my case, Validator are not suitable :
The legacy system is not totally compliant with Basic Security Profile and in
particular regarding the rule :
R5417 Any SIG_KEY_INFO MUST contain a SECURITY_TOKEN_REFERENCE child element.
In my case, we have the following KeyInfo :
{noformat}
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIHDzCCBPe...</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>{noformat}
I know that it's not ok, but we don't have the choice for now, the service is
not planned to be changed soon. (we asked for)
The problem is, by default, the SignatureProcessor is rejecting this KeyInfo.
The only way I found, is to implement a custom signature processor handling
this KeyInfo
I've tried with a custom Validator, but apparently the KeyInfo is rejected
before reaching the validator.
So, for now, for my particular case, the only option is to add a custom
processor I think
Isn't possible to expose the constructor in {{PolicyBasedWSS4JInInterceptor ?
}}{{WSS4JInInterceptor does, I don't really understand why it's not possible in
}}{{PolicyBasedWSS4JInInterceptor, the feature should be available in both
implementations.}}
Also, maybe i'm wrong, the Validators can only be added by using the
{{WSS4JInInterceptor(Map<String, Object> properties) constructor, no ?}}
{code:java}
public WSS4JInInterceptor(Map<String, Object> properties) {
this();
setProperties(properties);
WSSConfig config = WSSConfig.getNewInstance();
...
// Set any custom WSS4J Validator instances that are configured
Map<QName, Object> validatorMap = CastUtils.cast(
(Map<?, ?>)properties.get(VALIDATOR_MAP));
if (validatorMap == null) {
validatorMap = CastUtils.cast((Map<?,
?>)properties.get(ConfigurationConstants.VALIDATOR_MAP));
}
if (validatorMap != null) {
for (Map.Entry<QName, Object> entry : validatorMap.entrySet()) {
Object val = entry.getValue();
if (val instanceof Class<?>) {
config.setValidator(entry.getKey(), (Class<?>)val);
} else if (val instanceof Validator) {
config.setValidator(entry.getKey(), (Validator)val);
}
}
}
defaultConfig = config;
} {code}
Regards
> Enable Custom Processor Injection in PolicyBasedWSS4JInInterceptor
> ------------------------------------------------------------------
>
> Key: CXF-9167
> URL: https://issues.apache.org/jira/browse/CXF-9167
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 4.1.3
> Reporter: Guillaume Bouchon
> Priority: Minor
>
> {*}Description{*}:
> Dear CXF team,
> To integrate with a legacy service, I need to implement a custom
> {{Processor}} based on {{{}SignatureProcessor{}}}. According to the
> documentation (WS-Security - Apache CXF), this requires configuring the
> {{WSS4JInInterceptor}} with a custom processor via the
> {{"wss4j.processor.map"}} property.
> This setup works correctly when using {{{}WSS4JInInterceptor(Map<String,
> Object> properties){}}}.
> However, in my case, I am using {{{}PolicyBasedWSS4JInInterceptor{}}}, which
> extends {{WSS4JInInterceptor}} but does *not* expose the constructor that
> accepts a {{{}Map<String, Object>{}}}. As a result, it is currently
> *impossible* to inject a custom processor when using
> {{{}PolicyBasedWSS4JInInterceptor{}}}.
> I am aware of a similar request made in the past (CXF-3706), but after
> reviewing the current codebase, I can confirm that there is still no viable
> way to achieve this with {{{}PolicyBasedWSS4JInInterceptor{}}}.
> {*}Request{*}:
> Would it be possible to add a constructor to
> {{PolicyBasedWSS4JInInterceptor}} that accepts a {{Map<String, Object>}}
> (similar to {{{}WSS4JInInterceptor{}}}) to allow custom processor injection?
> Thank you for your consideration.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
