[jira] [Assigned] (CXF-8940) ws-security.must-understand works only if security.enable.streaming is true
[
https://issues.apache.org/jira/browse/CXF-8940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Freeman Yue Fang reassigned CXF-8940:
-
Assignee: Freeman Yue Fang
> ws-security.must-understand works only if security.enable.streaming is true
> ---
>
> Key: CXF-8940
> URL: https://issues.apache.org/jira/browse/CXF-8940
> Project: CXF
> Issue Type: Bug
>Reporter: Peter Palaga
>Assignee: Freeman Yue Fang
>Priority: Major
>
> I am unfortunately not sure at all how to reproduce this with plain CXF. If a
> test is required to demonstrate the issue, I'd be thankful for pointing me to
> an existing test I could adapt.
> I am able to reproduce this with quarkus-cxf - here are the steps to
> reproduce:
> {code}
> git clone g...@github.com:ppalaga/quarkus-cxf.git
> cd quarkus-cxf
> git checkout CXF-8940
> mvnd clean install -DskipTests -Dquarkus.build.skip
> cd integration-tests/ws-security-policy
> mvnd clean test
> -Dtest=UsernameTokenSecurityPolicyTest#helloUsernameTokenNoMustUnderstand
> ...
> [ERROR]
> UsernameTokenSecurityPolicyTest>AbstractUsernameTokenSecurityPolicyTest.helloUsernameTokenNoMustUnderstand:180
>
> Expecting actual:
> "REQ_OUT
> Address: https://localhost:8444/services/helloUsernameToken
> HttpMethod: POST
> Content-Type: text/xml
> ExchangeId: 03fe3642-ab5b-4b85-b712-b8ed107f5a71
> ServiceName: UsernameTokenPolicyHelloService
> PortName: UsernameTokenPolicyHelloServicePort
> PortTypeName: UsernameTokenPolicyHelloService
> Headers: {SOAPAction="", Accept=*/*, Connection=Keep-Alive}
> Payload: xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
>
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soap:mustUnderstand="1">
>xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="UsernameToken-4e64841c-ad35-48fd-b7ee-70e5f978e098">
> cxf-user
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>secret
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>5rs0Ra3q0FPLXFguajlTwQ==
> 2023-10-05T22:40:54.436Z
>
>
>
>
> http://policy.security.it.cxf.quarkiverse.io/";>
> helloUsernameTokenNoMustUnderstand
>
>
>
> "
> not to contain:
> "soap:mustUnderstand="1""
> {code}
> Running the same logic with
> {{quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.security.enable.streaming
> = true}} works as expected:
> {code}
> mvnd clean test
> -Dtest=UsernameTokenSecurityPolicyStaxTest#helloUsernameTokenNoMustUnderstand
> ...
> BUILD SUCCESS
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Closed] (CXF-8949) Move CxfMessageHeadersRelayTest to camel-cxf-soap
[ https://issues.apache.org/jira/browse/CXF-8949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Peter Palaga closed CXF-8949. - Resolution: Invalid This is where I should have created it: https://issues.apache.org/jira/browse/CAMEL-20040 > Move CxfMessageHeadersRelayTest to camel-cxf-soap > - > > Key: CXF-8949 > URL: https://issues.apache.org/jira/browse/CXF-8949 > Project: CXF > Issue Type: Bug >Reporter: Peter Palaga >Priority: Major > > The named test currently lives under > [camel-cxf-spring-soap|https://github.com/apache/camel/blob/0e26ffa824b7529fb916a53c327d7daeb78205ed/components/camel-cxf/camel-cxf-spring-soap/src/test/java/org/apache/camel/component/cxf/soap/headers/CxfMessageHeadersRelayTest.java#L731CxfMessageHeadersRelayTest] > but there does not seem to be anything Spring specific in the test. Moreover > it is cited on the CXF component page > https://camel.apache.org/components/4.0.x/cxf-component.html#_how_to_get_and_set_soap_headers_in_pojo_mode. > > We should attempt to move the test to > [camel-cxf-soap|https://github.com/apache/camel/tree/main/components/camel-cxf/camel-cxf-soap] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CXF-8949) Move CxfMessageHeadersRelayTest to camel-cxf-soap
[ https://issues.apache.org/jira/browse/CXF-8949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779075#comment-17779075 ] Peter Palaga commented on CXF-8949: --- Oh, I am so sorry for the noise. Of course this belongs to Camel. > Move CxfMessageHeadersRelayTest to camel-cxf-soap > - > > Key: CXF-8949 > URL: https://issues.apache.org/jira/browse/CXF-8949 > Project: CXF > Issue Type: Bug >Reporter: Peter Palaga >Priority: Major > > The named test currently lives under > [camel-cxf-spring-soap|https://github.com/apache/camel/blob/0e26ffa824b7529fb916a53c327d7daeb78205ed/components/camel-cxf/camel-cxf-spring-soap/src/test/java/org/apache/camel/component/cxf/soap/headers/CxfMessageHeadersRelayTest.java#L731CxfMessageHeadersRelayTest] > but there does not seem to be anything Spring specific in the test. Moreover > it is cited on the CXF component page > https://camel.apache.org/components/4.0.x/cxf-component.html#_how_to_get_and_set_soap_headers_in_pojo_mode. > > We should attempt to move the test to > [camel-cxf-soap|https://github.com/apache/camel/tree/main/components/camel-cxf/camel-cxf-soap] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CXF-8949) Move CxfMessageHeadersRelayTest to camel-cxf-soap
[ https://issues.apache.org/jira/browse/CXF-8949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779069#comment-17779069 ] Colm O hEigeartaigh commented on CXF-8949: -- [~ppalaga] - did you mean to create this in the Camel Jira project? > Move CxfMessageHeadersRelayTest to camel-cxf-soap > - > > Key: CXF-8949 > URL: https://issues.apache.org/jira/browse/CXF-8949 > Project: CXF > Issue Type: Bug >Reporter: Peter Palaga >Priority: Major > > The named test currently lives under > [camel-cxf-spring-soap|https://github.com/apache/camel/blob/0e26ffa824b7529fb916a53c327d7daeb78205ed/components/camel-cxf/camel-cxf-spring-soap/src/test/java/org/apache/camel/component/cxf/soap/headers/CxfMessageHeadersRelayTest.java#L731CxfMessageHeadersRelayTest] > but there does not seem to be anything Spring specific in the test. Moreover > it is cited on the CXF component page > https://camel.apache.org/components/4.0.x/cxf-component.html#_how_to_get_and_set_soap_headers_in_pojo_mode. > > We should attempt to move the test to > [camel-cxf-soap|https://github.com/apache/camel/tree/main/components/camel-cxf/camel-cxf-soap] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (CXF-8949) Move CxfMessageHeadersRelayTest to camel-cxf-soap
Peter Palaga created CXF-8949: - Summary: Move CxfMessageHeadersRelayTest to camel-cxf-soap Key: CXF-8949 URL: https://issues.apache.org/jira/browse/CXF-8949 Project: CXF Issue Type: Bug Reporter: Peter Palaga The named test currently lives under [camel-cxf-spring-soap|https://github.com/apache/camel/blob/0e26ffa824b7529fb916a53c327d7daeb78205ed/components/camel-cxf/camel-cxf-spring-soap/src/test/java/org/apache/camel/component/cxf/soap/headers/CxfMessageHeadersRelayTest.java#L731CxfMessageHeadersRelayTest] but there does not seem to be anything Spring specific in the test. Moreover it is cited on the CXF component page https://camel.apache.org/components/4.0.x/cxf-component.html#_how_to_get_and_set_soap_headers_in_pojo_mode. We should attempt to move the test to [camel-cxf-soap|https://github.com/apache/camel/tree/main/components/camel-cxf/camel-cxf-soap] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CXF-8811) Support useReqSigCert for encrypting the responses from JAX-RS JOSE
[ https://issues.apache.org/jira/browse/CXF-8811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17778995#comment-17778995 ] Markus Haugsdal commented on CXF-8811: -- [~coheigea] I looked at this a while ago while working with end-to-end encryption. Are you aware if not having this feature is the intention with the current implementation? > Support useReqSigCert for encrypting the responses from JAX-RS JOSE > - > > Key: CXF-8811 > URL: https://issues.apache.org/jira/browse/CXF-8811 > Project: CXF > Issue Type: Improvement > Components: JAX-RS Security >Reporter: Markus Haugsdal >Assignee: Sergey Beryozkin >Priority: Minor > > Cloned a similar issue. Is it possible to get this feature for endpoints > using JAX-RS JOSE? That is, using the JwsSignatureVerifier used to validate > the signature to encrypt the response. > WS endpoints can get a ws.security.encryption.username property set to > 'useReqSigCert', meaning that the specific client certificate use to create a > signature of the payload needs to be used for encrypting the outbound payload. > RS endpoints need to support this mode too. Additionally, the in signature > and encryption interceptors on both the client and server ends need to > default (two-way POSTs) to using the encryption properties for the signature > validation and the signature properties for the decryption, in line with the > way WS endpoints operate. -- This message was sent by Atlassian Jira (v8.20.10#820010)
