[jira] [Assigned] (CXF-8940) ws-security.must-understand works only if security.enable.streaming is true
[ https://issues.apache.org/jira/browse/CXF-8940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Freeman Yue Fang reassigned CXF-8940: - Assignee: Freeman Yue Fang > ws-security.must-understand works only if security.enable.streaming is true > --- > > Key: CXF-8940 > URL: https://issues.apache.org/jira/browse/CXF-8940 > Project: CXF > Issue Type: Bug >Reporter: Peter Palaga >Assignee: Freeman Yue Fang >Priority: Major > > I am unfortunately not sure at all how to reproduce this with plain CXF. If a > test is required to demonstrate the issue, I'd be thankful for pointing me to > an existing test I could adapt. > I am able to reproduce this with quarkus-cxf - here are the steps to > reproduce: > {code} > git clone g...@github.com:ppalaga/quarkus-cxf.git > cd quarkus-cxf > git checkout CXF-8940 > mvnd clean install -DskipTests -Dquarkus.build.skip > cd integration-tests/ws-security-policy > mvnd clean test > -Dtest=UsernameTokenSecurityPolicyTest#helloUsernameTokenNoMustUnderstand > ... > [ERROR] > UsernameTokenSecurityPolicyTest>AbstractUsernameTokenSecurityPolicyTest.helloUsernameTokenNoMustUnderstand:180 > > Expecting actual: > "REQ_OUT > Address: https://localhost:8444/services/helloUsernameToken > HttpMethod: POST > Content-Type: text/xml > ExchangeId: 03fe3642-ab5b-4b85-b712-b8ed107f5a71 > ServiceName: UsernameTokenPolicyHelloService > PortName: UsernameTokenPolicyHelloServicePort > PortTypeName: UsernameTokenPolicyHelloService > Headers: {SOAPAction="", Accept=*/*, Connection=Keep-Alive} > Payload: xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > soap:mustUnderstand="1"> >xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="UsernameToken-4e64841c-ad35-48fd-b7ee-70e5f978e098"> > cxf-user > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>secret > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>5rs0Ra3q0FPLXFguajlTwQ== > 2023-10-05T22:40:54.436Z > > > > > http://policy.security.it.cxf.quarkiverse.io/";> > helloUsernameTokenNoMustUnderstand > > > > " > not to contain: > "soap:mustUnderstand="1"" > {code} > Running the same logic with > {{quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.security.enable.streaming > = true}} works as expected: > {code} > mvnd clean test > -Dtest=UsernameTokenSecurityPolicyStaxTest#helloUsernameTokenNoMustUnderstand > ... > BUILD SUCCESS > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (CXF-8949) Move CxfMessageHeadersRelayTest to camel-cxf-soap
[ https://issues.apache.org/jira/browse/CXF-8949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Peter Palaga closed CXF-8949. - Resolution: Invalid This is where I should have created it: https://issues.apache.org/jira/browse/CAMEL-20040 > Move CxfMessageHeadersRelayTest to camel-cxf-soap > - > > Key: CXF-8949 > URL: https://issues.apache.org/jira/browse/CXF-8949 > Project: CXF > Issue Type: Bug >Reporter: Peter Palaga >Priority: Major > > The named test currently lives under > [camel-cxf-spring-soap|https://github.com/apache/camel/blob/0e26ffa824b7529fb916a53c327d7daeb78205ed/components/camel-cxf/camel-cxf-spring-soap/src/test/java/org/apache/camel/component/cxf/soap/headers/CxfMessageHeadersRelayTest.java#L731CxfMessageHeadersRelayTest] > but there does not seem to be anything Spring specific in the test. Moreover > it is cited on the CXF component page > https://camel.apache.org/components/4.0.x/cxf-component.html#_how_to_get_and_set_soap_headers_in_pojo_mode. > > We should attempt to move the test to > [camel-cxf-soap|https://github.com/apache/camel/tree/main/components/camel-cxf/camel-cxf-soap] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CXF-8949) Move CxfMessageHeadersRelayTest to camel-cxf-soap
[ https://issues.apache.org/jira/browse/CXF-8949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779075#comment-17779075 ] Peter Palaga commented on CXF-8949: --- Oh, I am so sorry for the noise. Of course this belongs to Camel. > Move CxfMessageHeadersRelayTest to camel-cxf-soap > - > > Key: CXF-8949 > URL: https://issues.apache.org/jira/browse/CXF-8949 > Project: CXF > Issue Type: Bug >Reporter: Peter Palaga >Priority: Major > > The named test currently lives under > [camel-cxf-spring-soap|https://github.com/apache/camel/blob/0e26ffa824b7529fb916a53c327d7daeb78205ed/components/camel-cxf/camel-cxf-spring-soap/src/test/java/org/apache/camel/component/cxf/soap/headers/CxfMessageHeadersRelayTest.java#L731CxfMessageHeadersRelayTest] > but there does not seem to be anything Spring specific in the test. Moreover > it is cited on the CXF component page > https://camel.apache.org/components/4.0.x/cxf-component.html#_how_to_get_and_set_soap_headers_in_pojo_mode. > > We should attempt to move the test to > [camel-cxf-soap|https://github.com/apache/camel/tree/main/components/camel-cxf/camel-cxf-soap] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CXF-8949) Move CxfMessageHeadersRelayTest to camel-cxf-soap
[ https://issues.apache.org/jira/browse/CXF-8949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779069#comment-17779069 ] Colm O hEigeartaigh commented on CXF-8949: -- [~ppalaga] - did you mean to create this in the Camel Jira project? > Move CxfMessageHeadersRelayTest to camel-cxf-soap > - > > Key: CXF-8949 > URL: https://issues.apache.org/jira/browse/CXF-8949 > Project: CXF > Issue Type: Bug >Reporter: Peter Palaga >Priority: Major > > The named test currently lives under > [camel-cxf-spring-soap|https://github.com/apache/camel/blob/0e26ffa824b7529fb916a53c327d7daeb78205ed/components/camel-cxf/camel-cxf-spring-soap/src/test/java/org/apache/camel/component/cxf/soap/headers/CxfMessageHeadersRelayTest.java#L731CxfMessageHeadersRelayTest] > but there does not seem to be anything Spring specific in the test. Moreover > it is cited on the CXF component page > https://camel.apache.org/components/4.0.x/cxf-component.html#_how_to_get_and_set_soap_headers_in_pojo_mode. > > We should attempt to move the test to > [camel-cxf-soap|https://github.com/apache/camel/tree/main/components/camel-cxf/camel-cxf-soap] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (CXF-8949) Move CxfMessageHeadersRelayTest to camel-cxf-soap
Peter Palaga created CXF-8949: - Summary: Move CxfMessageHeadersRelayTest to camel-cxf-soap Key: CXF-8949 URL: https://issues.apache.org/jira/browse/CXF-8949 Project: CXF Issue Type: Bug Reporter: Peter Palaga The named test currently lives under [camel-cxf-spring-soap|https://github.com/apache/camel/blob/0e26ffa824b7529fb916a53c327d7daeb78205ed/components/camel-cxf/camel-cxf-spring-soap/src/test/java/org/apache/camel/component/cxf/soap/headers/CxfMessageHeadersRelayTest.java#L731CxfMessageHeadersRelayTest] but there does not seem to be anything Spring specific in the test. Moreover it is cited on the CXF component page https://camel.apache.org/components/4.0.x/cxf-component.html#_how_to_get_and_set_soap_headers_in_pojo_mode. We should attempt to move the test to [camel-cxf-soap|https://github.com/apache/camel/tree/main/components/camel-cxf/camel-cxf-soap] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CXF-8811) Support useReqSigCert for encrypting the responses from JAX-RS JOSE
[ https://issues.apache.org/jira/browse/CXF-8811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17778995#comment-17778995 ] Markus Haugsdal commented on CXF-8811: -- [~coheigea] I looked at this a while ago while working with end-to-end encryption. Are you aware if not having this feature is the intention with the current implementation? > Support useReqSigCert for encrypting the responses from JAX-RS JOSE > - > > Key: CXF-8811 > URL: https://issues.apache.org/jira/browse/CXF-8811 > Project: CXF > Issue Type: Improvement > Components: JAX-RS Security >Reporter: Markus Haugsdal >Assignee: Sergey Beryozkin >Priority: Minor > > Cloned a similar issue. Is it possible to get this feature for endpoints > using JAX-RS JOSE? That is, using the JwsSignatureVerifier used to validate > the signature to encrypt the response. > WS endpoints can get a ws.security.encryption.username property set to > 'useReqSigCert', meaning that the specific client certificate use to create a > signature of the payload needs to be used for encrypting the outbound payload. > RS endpoints need to support this mode too. Additionally, the in signature > and encryption interceptors on both the client and server ends need to > default (two-way POSTs) to using the encryption properties for the signature > validation and the signature properties for the decryption, in line with the > way WS endpoints operate. -- This message was sent by Atlassian Jira (v8.20.10#820010)