You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Joerg Kessler (JIRA)" <ji...@apache.org> on 2018/06/01 10:37:00 UTC
[jira] [Created] (CXF-7748) WS-Addressing for One Way + Signature
fails
Joerg Kessler created CXF-7748:
----------------------------------
Summary: WS-Addressing for One Way + Signature fails
Key: CXF-7748
URL: https://issues.apache.org/jira/browse/CXF-7748
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 3.1.14
Reporter: Joerg Kessler
I am using CXF together in Apache Camel. I want to enable WS-Adressing for the provider including signing these headers by WS-Security if requested . This should especially work for One Way requests. When I set up this scenario (Camel-CXF to Camel-CXF including Signature) I get the error
org.apache.cxf.interceptor.Fault: No configured signature username detected
The call stack is
2018 06 01 06:57:37#+00#WARN#org.apache.cxf.phase.PhaseInterceptorChain##P1369096596#http-bio-8041-exec-5#na#wda71513f#jkt01ifl#web#w7e2e2211#na#na#na#na#Interceptor for \{http://xi.com/xiveri/source_runtime}JKCXF_TEST_IN\#\{http://xi.com/xiveri/source_runtime}JKCXF_TEST_IN has thrown exception, unwinding noworg.apache.cxf.interceptor.Fault: No configured signature username detected at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:232) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:114) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:190) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:109) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:96) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf.ws.addressing.impl.InternalContextUtils.rebaseResponse(InternalContextUtils.java:280) at org.apache.cxf.ws.addressing.impl.MAPAggregatorImpl.mediate(MAPAggregatorImpl.java:469) at org.apache.cxf.ws.addressing.impl.MAPAggregatorImpl.handleMessage(MAPAggregatorImpl.java:142) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:189) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:303) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:222) at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:278) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.sap.esb.security.cloud.authentication.CloudAuthenticationFilter.doFilter(CloudAuthenticationFilter.java:92) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.sap.core.communication.server.CertValidatorFilter.doFilter(CertValidatorFilter.java:331) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110) at org.eclipse.virgo.web.enterprise.security.valve.OpenEjbSecurityInitializationValve.invoke(OpenEjbSecurityInitializationValve.java:44) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:498) at com.sap.core.jpaas.security.auth.service.lib.AbstractAuthenticator.invoke(AbstractAuthenticator.java:170) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962) at com.sap.core.tenant.valve.TenantValidationValve.invokeNextValve(TenantValidationValve.java:182) at com.sap.core.tenant.valve.TenantValidationValve.invoke(TenantValidationValve.java:97) at com.sap.js.statistics.tomcat.valve.RequestTracingValve.callNextValve(RequestTracingValve.java:82) at com.sap.js.statistics.tomcat.valve.RequestTracingValve.invoke(RequestTracingValve.java:49) at com.sap.core.js.monitoring.tomcat.valve.RequestTracingValve.invoke(RequestTracingValve.java:27) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1152) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:622) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:807) Caused by: org.apache.cxf.ws.policy.PolicyException: No configured signature username detected at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandler.java:92) at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1831) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:711) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:188) ... 52 common frames omitted
As you can see from the call stack the error occurs in MAPAggregatorImpl in a code line
InternalContextUtils.rebaseResponse(maps.getReplyTo(),
maps,
message);
OneWay messages do not have a response. Therefore I think this code should never be called in this case. The code seems to be meant for decoupled endpoints which is not the case in my scenario. I have replaced the lines 467-473
i if (isOneway
|| !ContextUtils.isGenericAddress(maps.getReplyTo())) {
InternalContextUtils.rebaseResponse(maps.getReplyTo(),
maps,
message);
}
if (!isOneway) {
by the lines
if (isOneway
&& !ContextUtils.isGenericAddress(maps.getReplyTo())) {
InternalContextUtils.rebaseResponse(maps.getReplyTo(),
maps,
message);
}
if (!isOneway) {
if(!ContextUtils.isGenericAddress(maps.getReplyTo())){
InternalContextUtils.rebaseResponse(maps.getReplyTo(),
maps,
message);
}
This ensures that the rebaseResponse method is only called for OneWay messages if decoupled endpoints are used. After that change the test method testResponderInboundNoMessageIdOneWay() fails because it is executed for non decoupled scenario where there should be no inbound response message. So this test should be executed for the decoupled use case:
@Test()
public void testResponderInboundNoMessageIdOneWay() throws Exception {
SetupMessageArgs args = new SetupMessageArgs();
args.requestor = false;
args.outbound = false;
args.oneway = true;
args.usingAddressing = false;
args.mapsInContext = false;
args.decoupled = true;
args.zeroLengthAction = true;
args.fault = false;
args.noMessageId = true;
Message message = setUpMessage(args);
aggregator.setAllowDuplicates(false);
aggregator.mediate(message, true);
control.verify();
verifyMessage(message, false, false, false /*check*/);
}
Since the code is unchanged in CXF 3.2.4 I expect this problem to be present also there.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)