You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2013/06/13 17:06:42 UTC
Re: Mustunderstand hardcodes = true in PolicyBasedWSS4JOutInterceptor
Yes, please submit a patch for this.
Colm.
On Thu, Jun 13, 2013 at 3:53 PM, <od...@accenture.com> wrote:
> Hi,
>
> We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard
> codes mustUnderstand = true (line 99). This is configurable in the
> WSS4JOutInterceptor today, but not when using policy.
>
> public void handleMessage(SoapMessage message) throws Fault {
> Collection<AssertionInfo> ais;
> SOAPMessage saaj = message.getContent(SOAPMessage.class);
>
> boolean mustUnderstand = true;
> String actor = null;
>
> Obviously this makes sense in most cases, but we have some intermediaries
> which do not understand security...
>
> Would you accept a patch to have this configurable, for instance by
> creating a new property in SecurityConstants (for instance
> ws-security.mustsunderstand) and default to true?
>
> Best regards,
>
> Oddbjørn
>
> ___________________________________________________________________________________________
> Oddbjørn Heimdal
> Accenture Technology Consulting - Security
> Snarøyveien 30, P.O. Box 363, 1326 Lysaker, Norway
> Mobile: +47 99 72 19 12
> Email: oddbjorn.heimdal@accenture.com<mailto:
> oddbjorn.heimdal@accenture.com>
>
>
> ________________________________
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited.
>
> Where allowed by local law, electronic communications with Accenture and
> its affiliates, including e-mail and instant messaging (including content),
> may be scanned by our systems for the purposes of information security and
> assessment of internal compliance with Accenture policy.
>
>
> ______________________________________________________________________________________
>
> www.accenture.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Mustunderstand hardcodes = true in PolicyBasedWSS4JOutInterceptor
Posted by Colm O hEigeartaigh <co...@apache.org>.
I don't think a unit test is needed, as it's just setting a single
attribute. I will take care of the "ACTOR" attribute as part of this task.
Colm.
On Fri, Jun 14, 2013 at 2:11 PM, <od...@accenture.com> wrote:
> Hi,
>
> I have submitted a patch to the jira issue, CXF-5079, and we have
> verified the solution in our environment.
>
> Do we require a unit test and if so - any ideas on how this should be done?
>
> It also seems like SOAP actor is hardcoded, maybe we should consider a
> similar patch for this as well?
>
> Best regards,
>
> /Oddbjørn
>
>
> ___________________________________________________________________________________________
> Oddbjørn Heimdal
> Accenture Technology Consulting - Security
> Snarøyveien 30, P.O. Box 363, 1326 Lysaker, Norway
> Mobile: +47 99 72 19 12
> Email: oddbjorn.heimdal@accenture.com
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: 13. June 2013 17:07
> To: dev@cxf.apache.org
> Subject: Re: Mustunderstand hardcodes = true in
> PolicyBasedWSS4JOutInterceptor
>
> Yes, please submit a patch for this.
>
> Colm.
>
>
> On Thu, Jun 13, 2013 at 3:53 PM, <od...@accenture.com> wrote:
>
> > Hi,
> >
> > We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard
> > codes mustUnderstand = true (line 99). This is configurable in the
> > WSS4JOutInterceptor today, but not when using policy.
> >
> > public void handleMessage(SoapMessage message) throws Fault {
> > Collection<AssertionInfo> ais;
> > SOAPMessage saaj = message.getContent(SOAPMessage.class);
> >
> > boolean mustUnderstand = true;
> > String actor = null;
> >
> > Obviously this makes sense in most cases, but we have some
> > intermediaries which do not understand security...
> >
> > Would you accept a patch to have this configurable, for instance by
> > creating a new property in SecurityConstants (for instance
> > ws-security.mustsunderstand) and default to true?
> >
> > Best regards,
> >
> > Oddbjørn
> >
> > ______________________________________________________________________
> > _____________________
> > Oddbjørn Heimdal
> > Accenture Technology Consulting - Security Snarøyveien 30, P.O. Box
> > 363, 1326 Lysaker, Norway
> > Mobile: +47 99 72 19 12
> > Email: oddbjorn.heimdal@accenture.com<mailto:
> > oddbjorn.heimdal@accenture.com>
> >
> >
> > ________________________________
> > This message is for the designated recipient only and may contain
> > privileged, proprietary, or otherwise confidential information. If you
> > have received it in error, please notify the sender immediately and
> > delete the original. Any other use of the e-mail by you is prohibited.
> >
> > Where allowed by local law, electronic communications with Accenture
> > and its affiliates, including e-mail and instant messaging (including
> > content), may be scanned by our systems for the purposes of
> > information security and assessment of internal compliance with
> Accenture policy.
> >
> >
> > ______________________________________________________________________
> > ________________
> >
> > www.accenture.com
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited.
>
> Where allowed by local law, electronic communications with Accenture and
> its affiliates, including e-mail and instant messaging (including content),
> may be scanned by our systems for the purposes of information security and
> assessment of internal compliance with Accenture policy.
>
>
> ______________________________________________________________________________________
>
> www.accenture.com
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: Mustunderstand hardcodes = true in
PolicyBasedWSS4JOutInterceptor
Posted by od...@accenture.com.
Hi,
I have submitted a patch to the jira issue, CXF-5079, and we have verified the solution in our environment.
Do we require a unit test and if so - any ideas on how this should be done?
It also seems like SOAP actor is hardcoded, maybe we should consider a similar patch for this as well?
Best regards,
/Oddbjørn
___________________________________________________________________________________________
Oddbjørn Heimdal
Accenture Technology Consulting - Security
Snarøyveien 30, P.O. Box 363, 1326 Lysaker, Norway
Mobile: +47 99 72 19 12
Email: oddbjorn.heimdal@accenture.com
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: 13. June 2013 17:07
To: dev@cxf.apache.org
Subject: Re: Mustunderstand hardcodes = true in PolicyBasedWSS4JOutInterceptor
Yes, please submit a patch for this.
Colm.
On Thu, Jun 13, 2013 at 3:53 PM, <od...@accenture.com> wrote:
> Hi,
>
> We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard
> codes mustUnderstand = true (line 99). This is configurable in the
> WSS4JOutInterceptor today, but not when using policy.
>
> public void handleMessage(SoapMessage message) throws Fault {
> Collection<AssertionInfo> ais;
> SOAPMessage saaj = message.getContent(SOAPMessage.class);
>
> boolean mustUnderstand = true;
> String actor = null;
>
> Obviously this makes sense in most cases, but we have some
> intermediaries which do not understand security...
>
> Would you accept a patch to have this configurable, for instance by
> creating a new property in SecurityConstants (for instance
> ws-security.mustsunderstand) and default to true?
>
> Best regards,
>
> Oddbjørn
>
> ______________________________________________________________________
> _____________________
> Oddbjørn Heimdal
> Accenture Technology Consulting - Security Snarøyveien 30, P.O. Box
> 363, 1326 Lysaker, Norway
> Mobile: +47 99 72 19 12
> Email: oddbjorn.heimdal@accenture.com<mailto:
> oddbjorn.heimdal@accenture.com>
>
>
> ________________________________
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you
> have received it in error, please notify the sender immediately and
> delete the original. Any other use of the e-mail by you is prohibited.
>
> Where allowed by local law, electronic communications with Accenture
> and its affiliates, including e-mail and instant messaging (including
> content), may be scanned by our systems for the purposes of
> information security and assessment of internal compliance with Accenture policy.
>
>
> ______________________________________________________________________
> ________________
>
> www.accenture.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.
Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________
www.accenture.com