Disable address overrides in HTTP transport by default
Hi I wonder if we can try and disable address overrides by default in the HTTP transport ? It causes side-effects, a typical issue is when we have multiple CXF servlets covering the same endpoint, or when multiple host addresses are involved. This override was added originally to get WSDL generated properly but I'm not sure it is needed now. It is not needed for JAX-RS and I've just tried and run JAX-WS tests with the overrides disabled and it looked OK, though I see some Ws-Sec tests failing. However it appears it is not related. Can someone please try and run the tests with this property set to true by default ? At the moment, users can actually go and set this property to true themselves, but if "true" works by default then I guess we can just set it to true, and if needed the users will just set it back to false Sergey
Re: Mustunderstand hardcodes = true in PolicyBasedWSS4JOutInterceptor
Yes, please submit a patch for this.
Colm.
On Thu, Jun 13, 2013 at 3:53 PM, wrote:
> Hi,
>
> We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard
> codes mustUnderstand = true (line 99). This is configurable in the
> WSS4JOutInterceptor today, but not when using policy.
>
> public void handleMessage(SoapMessage message) throws Fault {
> Collection ais;
> SOAPMessage saaj = message.getContent(SOAPMessage.class);
>
> boolean mustUnderstand = true;
> String actor = null;
>
> Obviously this makes sense in most cases, but we have some intermediaries
> which do not understand security...
>
> Would you accept a patch to have this configurable, for instance by
> creating a new property in SecurityConstants (for instance
> ws-security.mustsunderstand) and default to true?
>
> Best regards,
>
> Oddbjørn
>
> ___
> Oddbjørn Heimdal
> Accenture Technology Consulting - Security
> Snarøyveien 30, P.O. Box 363, 1326 Lysaker, Norway
> Mobile: +47 99 72 19 12
> Email: oddbjorn.heim...@accenture.com oddbjorn.heim...@accenture.com>
>
>
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited.
>
> Where allowed by local law, electronic communications with Accenture and
> its affiliates, including e-mail and instant messaging (including content),
> may be scanned by our systems for the purposes of information security and
> assessment of internal compliance with Accenture policy.
>
>
> __
>
> www.accenture.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Mustunderstand hardcodes = true in PolicyBasedWSS4JOutInterceptor
Hi,
We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard codes
mustUnderstand = true (line 99). This is configurable in the
WSS4JOutInterceptor today, but not when using policy.
public void handleMessage(SoapMessage message) throws Fault {
Collection ais;
SOAPMessage saaj = message.getContent(SOAPMessage.class);
boolean mustUnderstand = true;
String actor = null;
Obviously this makes sense in most cases, but we have some intermediaries which
do not understand security...
Would you accept a patch to have this configurable, for instance by creating a
new property in SecurityConstants (for instance ws-security.mustsunderstand)
and default to true?
Best regards,
Oddbjørn
___
Oddbjørn Heimdal
Accenture Technology Consulting - Security
Snarøyveien 30, P.O. Box 363, 1326 Lysaker, Norway
Mobile: +47 99 72 19 12
Email: oddbjorn.heim...@accenture.com
This message is for the designated recipient only and may contain privileged,
proprietary, or otherwise confidential information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the e-mail by you is prohibited.
Where allowed by local law, electronic communications with Accenture and its
affiliates, including e-mail and instant messaging (including content), may be
scanned by our systems for the purposes of information security and assessment
of internal compliance with Accenture policy.
__
www.accenture.com
JAX-RS: marshalling/unmarshalling between cxf 2.5 and cxf 2.7
Hello,
I have a restful service which implements the following interface:
@Path("/service/")
public interface ServiceInterface {
@POST
@Path("/resources/")
public void op(Resource1 r);
}
and I have two classes Resource1 and Resource2, such that Resource2 extends
Resource1.
(I am not using @XmlSeeAlso annotation in Resource1 class to bind on
Resource2 class).
I would like to call the service method op, using an instance of Resource2.
Before, by using CXF 2.5, the Resource2 instance is marshalled to the
following XML :
default
0
and an exception is thrown at reception because the expected root element is
"resource1" not "resource2".
While by using CXF 2.7, the Resource2 instance is marshalled to the
following XML:
default
And there isn't any exception at reception.
That means, in CXF 2.5, the marshalling type was the dynamic type, while in
the cxf 2.7 version, the marshalling type is the static type.
What does make this change between the two versions? Which class was
modified?
and for which reason this modification was done between the two versions?
Regards,
Diana
--
View this message in context:
http://cxf.547215.n5.nabble.com/JAX-RS-marshalling-unmarshalling-between-cxf-2-5-and-cxf-2-7-tp5729203.html
Sent from the cxf-dev mailing list archive at Nabble.com.
CXF Custom Validation Interceptor with custom response not working
I am trying to write a Custom CXF Interceptor to do some validations on SOAP request to a web service. Based on the validation results, I want to block the request to web service and return the response with some modified parameters. For this, I have written custom CXF ininterceptor extending from AbstractPhaseInterceptor, to run in phase USER_LOGICAL, which does validations, but I am not able to stop the subsequent call to web service and also not able to pass the Custom Response object(Response object type is same as web service return type). How can I do this using interceptors? -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-Custom-Validation-Interceptor-with-custom-response-not-working-tp5729202.html Sent from the cxf-dev mailing list archive at Nabble.com.
RE: Mocking LDAP server for integration tests
Spring also supports starting an embedded LDAP server. See here: http://stackoverflow.com/questions/544550/spring-embedded-ldap-server-in-unit-tests http://stackoverflow.com/questions/13396708/integration-tests-with-spring-security-and-ldap?lq=1 Thanks Oli From: Andrei Shakirin [ashaki...@talend.com] Sent: 13 June 2013 15:21 To: dev@cxf.apache.org Cc: cohei...@apache.org Subject: RE: Mocking LDAP server for integration tests Thanks Colm, I will take a look in WSS4J. > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Donnerstag, 13. Juni 2013 11:14 > To: dev@cxf.apache.org > Subject: Re: Mocking LDAP server for integration tests > > WSS4J trunk has an "integration" module which uses Apache DS as a > Kerberos > Server: > > http://svn.apache.org/viewvc/webservices/wss4j/trunk/integration/ > > Colm. > > > On Thu, Jun 13, 2013 at 10:12 AM, Andrei Shakirin > wrote: > > > Hi, > > > > I am working on integration tests for XKMS and thinking about mocking > > (or using lightweight) LDAP server. > > I found some topics regarding this: > > > > - in UnboundID (https://www.unboundid.com/products/ldap-sdk/) > > > > - Mocking using Mockito ( > > http://java.dzone.com/articles/mocking-out-ldapjndi-unit) > > > > Has anybody experience to do it in Apache projects, is there any "typical" > > solution for it? > > > > Regards, > > Andrei. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
RE: Mocking LDAP server for integration tests
Thanks Colm, I will take a look in WSS4J. > -Original Message- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Donnerstag, 13. Juni 2013 11:14 > To: dev@cxf.apache.org > Subject: Re: Mocking LDAP server for integration tests > > WSS4J trunk has an "integration" module which uses Apache DS as a > Kerberos > Server: > > http://svn.apache.org/viewvc/webservices/wss4j/trunk/integration/ > > Colm. > > > On Thu, Jun 13, 2013 at 10:12 AM, Andrei Shakirin > wrote: > > > Hi, > > > > I am working on integration tests for XKMS and thinking about mocking > > (or using lightweight) LDAP server. > > I found some topics regarding this: > > > > - in UnboundID (https://www.unboundid.com/products/ldap-sdk/) > > > > - Mocking using Mockito ( > > http://java.dzone.com/articles/mocking-out-ldapjndi-unit) > > > > Has anybody experience to do it in Apache projects, is there any "typical" > > solution for it? > > > > Regards, > > Andrei. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
DOSGI util module?
Hi all, Currently each module in DOSGi has its own utility methods and classes, and I recently did some refactoring to extract a few more of them out of the business logic. However, there is some duplication between them which is bad for structure an maintenance (e.g. 5 different versions of getting a String+ service property). There is also currently a runtime dependency of the discovery-distributed bundle on the discovery-local bundle due to import of its utils. As I see it, there are 3 main options: 1. Keep the bundles independent with duplicate code (and decide whether to leave the existing discovery modules' dependency or remove that one too via duplication). 2. Create a separate util module but without a runtime dependency between bundles, by adding the util package to the Private-Package bundle configuration of the other bundles (which causes the classes from that package to be copied into the other generated bundle jars). 3. Create a separate util module with its own bundle that the other bundles depend on at runtime. I'm undecided between #2 and #3, but prefer to move away from the current situation (#1). I figured I'd open it up for discussion here - what do you all think? Any other ideas? Amichai
Re: Mocking LDAP server for integration tests
WSS4J trunk has an "integration" module which uses Apache DS as a Kerberos Server: http://svn.apache.org/viewvc/webservices/wss4j/trunk/integration/ Colm. On Thu, Jun 13, 2013 at 10:12 AM, Andrei Shakirin wrote: > Hi, > > I am working on integration tests for XKMS and thinking about mocking (or > using lightweight) LDAP server. > I found some topics regarding this: > > - in UnboundID (https://www.unboundid.com/products/ldap-sdk/) > > - Mocking using Mockito ( > http://java.dzone.com/articles/mocking-out-ldapjndi-unit) > > Has anybody experience to do it in Apache projects, is there any "typical" > solution for it? > > Regards, > Andrei. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Mocking LDAP server for integration tests
Hi, I am working on integration tests for XKMS and thinking about mocking (or using lightweight) LDAP server. I found some topics regarding this: - in UnboundID (https://www.unboundid.com/products/ldap-sdk/) - Mocking using Mockito (http://java.dzone.com/articles/mocking-out-ldapjndi-unit) Has anybody experience to do it in Apache projects, is there any "typical" solution for it? Regards, Andrei.
RE: Mapping URL from confluence to cxf docs
Thanks, Dan! > -Original Message- > From: Daniel Kulp [mailto:dk...@apache.org] > Sent: Dienstag, 11. Juni 2013 18:46 > To: dev@cxf.apache.org > Subject: Re: Mapping URL from confluence to cxf docs > > > On Jun 11, 2013, at 11:57 AM, Andrei Shakirin > wrote: > > > Hi, > > > > I document XKMS service and a little bit confused regarding mapping > confluence URLs to CXF docs URLs. > > Confluence URL is: > > > https://cwiki.apache.org/confluence/display/CXF20DOC/XML+Key+Manage > men > > t+Service+%28XKMS%29 > > > > I expect that URL http://cxf.apache.org/docs/XML-Key-Management- > Service-%28XKMS%29 works, but it doesn't. > > > > Any ideas how this confluence URL was mapped? > > http://cxf.apache.org/docs/xml-key-management-service-xkms.html > > You can actually look in the svn repo where it's stuck: > https://svn- > master.apache.org/repos/infra/websites/production/cxf/content/ > > > > -- > Daniel Kulp > dk...@apache.org - http://dankulp.com/blog Talend Community Coder - > http://coders.talend.com
