You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Chris <cz...@ybs.co.uk> on 2014/10/15 12:03:27 UTC
I have a wotking fix in the signed/encrypted version now (and
thanks Colm)
coheigea wrote
> Actually, the UsernameTokenInterceptor (which is used when there is no
> security binding) does not support Nonce + Created. I've added support
> here:
>
> https://issues.apache.org/jira/browse/CXF-6051
>
> Colm.
Thanks Colm,
It is also not supported with the encrypred and signed username token policy
(Oracle server with
*oracle/wss10_username_token_with_message_protection_service_policy*).
Again I have a "working fix" to CXF 3.0.1, which I will give here
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.java
In/ PolicyBasedWSS4JOutInterceptorInternal.public void
handleMessage(SoapMessage message) throws Fault / (at about line 140),
here we assert the "Created" and Nonce if they are present so that they can
be picked up from "aim" later.
/ ais = getAllAssertionsByLocalname(aim,
SPConstants.SYMMETRIC_BINDING);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
transport = (AbstractBinding)ai.getAssertion();
ai.setAsserted(true);
}
}
//**************************
// BEGIN MODIFICATION
//**************************
ais = aim.get(SP13Constants.CREATED);
if (ais != null && !ais.isEmpty()) {
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
}
ais = aim.get(SP13Constants.NONCE);
if (ais != null && !ais.isEmpty()) {
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
}
//**************************
// END MODIFICATION
//**************************
if (transport == null && isRequestor(message)) {
Policy policy = new Policy();
transport = new
TransportBinding(org.apache.wss4j.policy.SPConstants.SPVersion.SP11,
policy);
}/
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.java
In /protected void handleUsernameTokenSupportingToken( UsernameToken token,
boolean endorse, boolean encryptedToken, List<SupportingToken> ret ) throws
WSSecurityException/ (around line 596), here we set the properties in the
utBuilder if they are asserted in the "aim":
/
} else {
WSSecUsernameToken utBuilder = addUsernameToken(token);
if (utBuilder != null) {
//***************************
// Beginning of Modification
//***************************
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
boolean haveNonce = false;
boolean haveCreated = false;
Collection<AssertionInfo> nonces =
aim.getAssertionInfo(SP13Constants.NONCE);
for(AssertionInfo nonce: nonces) {
if (nonce.isAsserted()) {
haveNonce = true;
}
}
Collection<AssertionInfo> createds =
aim.getAssertionInfo(SP13Constants.CREATED);
for(AssertionInfo created: createds) {
if(created.isAsserted()) {
haveCreated = true;
}
}
if (haveCreated) {
utBuilder.addCreated();
}
if (haveNonce) {
utBuilder.addNonce();
}
//***************************
// End of modification
//***************************
utBuilder.prepare(saaj.getSOAPPart());
Element e = utBuilder.getUsernameTokenElement();
//********************************************
// Beginning of Modification (Logging only)
//********************************************
if(LOG.isLoggable(Level.FINE)) {
Document d = e.getOwnerDocument();
DOMImplementationLS domImplLS = (DOMImplementationLS)
d.getImplementation();
LSSerializer serializer = domImplLS.createLSSerializer();
LOG.fine("Username Token: " + serializer.writeToString(e));
}
//********************************************
// End of Modification (Logging only)
//********************************************
addSupportingElement(utBuilder.getUsernameTokenElement());
ret.add(new SupportingToken(token, utBuilder));
//WebLogic and WCF always encrypt these/
Also I just wanted to sat thank you for your support to get a "real" fix
info a future release, so hopefully we can use vanilla unpached code in
future.
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749905.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: I have a wotking fix in the signed/encrypted version now (and
thanks Colm)
Posted by Chris <cz...@ybs.co.uk>.
Thanks,
That's unfortunate because Oracle's
*oracle/wss11_username_token_with_message_protection_service_policy* and
*oracle/wss11_message_protection_service_policy* don't behave themselves and
come up with an error:
BSP:R5215: Any SECURITY_TOKEN_REFERENCE to a PKIPATH_TOKEN MUST contain a
wsse11:TokenType attribute with a value of
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"
(the response contains
<wsse:SecurityTokenReference
TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
)
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749957.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: I have a wotking fix in the signed/encrypted version now (and
thanks Colm)
Posted by Colm O hEigeartaigh <co...@apache.org>.
Ok you are using a WS-SecurityPolicy 1.1 policy. sp13:Created + sp13:Nonce
do not apply for this version of the specification, and so that is why they
are not in the message.
Colm.
On Wed, Oct 15, 2014 at 12:13 PM, Chris <cz...@ybs.co.uk> wrote:
> Here is the policy from the WSDL:
>
> /<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> wsu:Id="Service6Soap1p2Soap12HttpPort_Fault_Policy">
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
> <sp:SignedElements
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
> <sp:EncryptedParts
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
> <sp:EncryptedElements
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
> </wsp:Policy>
> <wsp:Policy xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy"
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> wsu:Id="Service6Soap1p2Soap12HttpPort_Input_Policy">
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="fmw-context"
> Namespace="http://xmlns.oracle.com/fmw/context/1.0" />
> <sp:Header Name="" Namespace="
> http://www.w3.org/2005/08/addressing" />
> <sp:Header Name=""
> Namespace="
> http://schemas.xmlsoap.org/ws/2004/08/addressing" />
> </sp:SignedParts>
> <sp:SignedElements
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
> <sp:EncryptedParts
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="fmw-context"
> Namespace="http://xmlns.oracle.com/fmw/context/1.0" />
> </sp:EncryptedParts>
> <sp:EncryptedElements
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
> </wsp:Policy>
> <wsp:Policy xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy"
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> wsu:Id="Service6Soap1p2Soap12HttpPort_Output_Policy">
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:SignedParts>
> <sp:SignedElements
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
> <sp:EncryptedParts
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> <sp:EncryptedElements
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
> </wsp:Policy>
> <wsp:Policy xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy"
>
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>
>
> wsu:Id="wss10_username_token_with_message_protection_service_policy_timestamp_nonce">
> <sp:AsymmetricBinding
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
> <wsp:Policy>
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
> <wsp:Policy>
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic128 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10 xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy />
> </sp:Wss10>
> <sp:SignedSupportingTokens
> xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:UsernameToken
>
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy
>
> xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802">
> <sp:WssUsernameToken10 />
> <sp13:Created />
> <sp13:Nonce />
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SignedSupportingTokens>
> </wsp:Policy>
> /
> The following is the usename token part as produced by oracle, I added the
> Created and Nonce myself. Oracle does not request them even if if you set
> "required" on the server:
>
> /<sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:UsernameToken
>
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
> <sp:WssUsernameToken10 />
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SignedSupportingTokens>
> </wsp:Policy>/
>
>
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749913.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: I have a wotking fix in the signed/encrypted version now (and
thanks Colm)
Posted by Chris <cz...@ybs.co.uk>.
Here is the policy from the WSDL:
/<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Service6Soap1p2Soap12HttpPort_Fault_Policy">
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
<sp:SignedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
<sp:EncryptedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
</wsp:Policy>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Service6Soap1p2Soap12HttpPort_Input_Policy">
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="fmw-context"
Namespace="http://xmlns.oracle.com/fmw/context/1.0" />
<sp:Header Name="" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name=""
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
</sp:SignedParts>
<sp:SignedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="fmw-context"
Namespace="http://xmlns.oracle.com/fmw/context/1.0" />
</sp:EncryptedParts>
<sp:EncryptedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
</wsp:Policy>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Service6Soap1p2Soap12HttpPort_Output_Policy">
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:SignedParts>
<sp:SignedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
<sp:EncryptedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" />
</wsp:Policy>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="wss10_username_token_with_message_protection_service_policy_timestamp_nonce">
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy />
</sp:Wss10>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy
xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802">
<sp:WssUsernameToken10 />
<sp13:Created />
<sp13:Nonce />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:Policy>
/
The following is the usename token part as produced by oracle, I added the
Created and Nonce myself. Oracle does not request them even if if you set
"required" on the server:
/<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:Policy>/
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749913.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: I have a wotking fix in the signed/encrypted version now (and
thanks Colm)
Posted by Colm O hEigeartaigh <co...@apache.org>.
And what does the security policy in question look like?
Colm.
On Wed, Oct 15, 2014 at 11:34 AM, Chris <cz...@ybs.co.uk> wrote:
> At the time the lines you show are called the token "created" and "nonce"
> are
> false, and password type null:
>
> <http://cxf.547215.n5.nabble.com/file/n5749908/eclipse-ide.png>
>
> Tracing where and how these whould be set would have been too hard in the
> time I have, my fix is a "work-around" rather than a nice solution.
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749908.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: I have a wotking fix in the signed/encrypted version now (and
thanks Colm)
Posted by Chris <cz...@ybs.co.uk>.
At the time the lines you show are called the token "created" and "nonce" are
false, and password type null:
<http://cxf.547215.n5.nabble.com/file/n5749908/eclipse-ide.png>
Tracing where and how these whould be set would have been too hard in the
time I have, my fix is a "work-around" rather than a nice solution.
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749908.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: I have a wotking fix in the signed/encrypted version now (and
thanks Colm)
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Chris,
I'm confused by your mail. Nonce + Created are already supported in the
AbstractBindingBuilder:
if (token.isCreated() && token.getPasswordType() !=
UsernameToken.PasswordType.HashPassword) {
utBuilder.addCreated();
}
if (token.isNonce() && token.getPasswordType() !=
UsernameToken.PasswordType.HashPassword) {
utBuilder.addNonce();
}
Can I see the exact encrypted + signed security policy that is not working?
Colm.
On Wed, Oct 15, 2014 at 11:03 AM, Chris <cz...@ybs.co.uk> wrote:
> coheigea wrote
> > Actually, the UsernameTokenInterceptor (which is used when there is no
> > security binding) does not support Nonce + Created. I've added support
> > here:
> >
> > https://issues.apache.org/jira/browse/CXF-6051
> >
> > Colm.
>
> Thanks Colm,
> It is also not supported with the encrypred and signed username token
> policy
> (Oracle server with
> *oracle/wss10_username_token_with_message_protection_service_policy*).
>
> Again I have a "working fix" to CXF 3.0.1, which I will give here
>
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.java
>
> In/ PolicyBasedWSS4JOutInterceptorInternal.public void
> handleMessage(SoapMessage message) throws Fault / (at about line 140),
> here we assert the "Created" and Nonce if they are present so that they can
> be picked up from "aim" later.
>
> / ais = getAllAssertionsByLocalname(aim,
> SPConstants.SYMMETRIC_BINDING);
> if (!ais.isEmpty()) {
> for (AssertionInfo ai : ais) {
> transport = (AbstractBinding)ai.getAssertion();
> ai.setAsserted(true);
> }
> }
>
> //**************************
> // BEGIN MODIFICATION
> //**************************
> ais = aim.get(SP13Constants.CREATED);
> if (ais != null && !ais.isEmpty()) {
> for (AssertionInfo ai : ais) {
> ai.setAsserted(true);
> }
> }
>
>
> ais = aim.get(SP13Constants.NONCE);
>
> if (ais != null && !ais.isEmpty()) {
> for (AssertionInfo ai : ais) {
> ai.setAsserted(true);
> }
> }
> //**************************
> // END MODIFICATION
> //**************************
>
> if (transport == null && isRequestor(message)) {
> Policy policy = new Policy();
> transport = new
> TransportBinding(org.apache.wss4j.policy.SPConstants.SPVersion.SP11,
> policy);
> }/
>
> org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.java
>
> In /protected void handleUsernameTokenSupportingToken( UsernameToken token,
> boolean endorse, boolean encryptedToken, List<SupportingToken> ret ) throws
> WSSecurityException/ (around line 596), here we set the properties in the
> utBuilder if they are asserted in the "aim":
> /
> } else {
>
> WSSecUsernameToken utBuilder = addUsernameToken(token);
> if (utBuilder != null) {
>
> //***************************
> // Beginning of Modification
> //***************************
> AssertionInfoMap aim = message.get(AssertionInfoMap.class);
> boolean haveNonce = false;
> boolean haveCreated = false;
>
> Collection<AssertionInfo> nonces =
> aim.getAssertionInfo(SP13Constants.NONCE);
> for(AssertionInfo nonce: nonces) {
> if (nonce.isAsserted()) {
> haveNonce = true;
> }
> }
>
> Collection<AssertionInfo> createds =
> aim.getAssertionInfo(SP13Constants.CREATED);
> for(AssertionInfo created: createds) {
> if(created.isAsserted()) {
> haveCreated = true;
> }
> }
>
> if (haveCreated) {
> utBuilder.addCreated();
> }
>
> if (haveNonce) {
> utBuilder.addNonce();
> }
>
> //***************************
> // End of modification
> //***************************
> utBuilder.prepare(saaj.getSOAPPart());
>
> Element e = utBuilder.getUsernameTokenElement();
>
> //********************************************
> // Beginning of Modification (Logging only)
> //********************************************
>
> if(LOG.isLoggable(Level.FINE)) {
> Document d = e.getOwnerDocument();
> DOMImplementationLS domImplLS =
> (DOMImplementationLS)
> d.getImplementation();
> LSSerializer serializer =
> domImplLS.createLSSerializer();
> LOG.fine("Username Token: " +
> serializer.writeToString(e));
> }
> //********************************************
> // End of Modification (Logging only)
> //********************************************
>
> addSupportingElement(utBuilder.getUsernameTokenElement());
> ret.add(new SupportingToken(token, utBuilder));
>
> //WebLogic and WCF always encrypt these/
>
> Also I just wanted to sat thank you for your support to get a "real" fix
> info a future release, so hopefully we can use vanilla unpached code in
> future.
>
>
>
>
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749905.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com