You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Aditya Sawhney (JIRA)" <ji...@apache.org> on 2008/10/16 02:06:44 UTC
[jira] Created: (WSS-148) WCF interop issue: Namespace not honored
incase of attributes.
WCF interop issue: Namespace not honored incase of attributes.
--------------------------------------------------------------
Key: WSS-148
URL: https://issues.apache.org/jira/browse/WSS-148
Project: WSS4J
Issue Type: Bug
Components: WSS4J Handlers
Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5
Reporter: Aditya Sawhney
Assignee: Ruchith Udayanga Fernando
WSS4J cannot authenticate the WS-Security profile consisting of UsernameToken. The SOAP header created by WCF is in the following format:
- <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
- <s:Header>
- <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
- <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
<o:Username>aditya</o:Username>
<o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aditya</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
- <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
- <getProductDetail xmlns="http://catalog.example/">
<productId xmlns="">SW123</productId>
</getProductDetail>
</s:Body>
</s:Envelope>
But, WSS4J is unable to validate it because it fails to determine the "passwordType" in UsernameToken constructor:
public UsernameToken(Element elem) throws WSSecurityException {
...
if (elementPassword != null) {
passwordType = elementPassword.getAttribute("Type");
}
As it tries to find "Type" attribute but in SOAP header it is "o:Type".
getAttributeNS should be used instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: [jira] Created: (WSS-148) WCF interop issue: Namespace not honored incase of attributes.
Posted by "Dittmann, Werner (NSN - DE/Munich)" <we...@nsn.com>.
According to the WSS specification
"Web Services Security, UsernameToken Profile 1.1,
OASIS Standard Specification, 1 February 2006 "
the Type attribute is _not_ namespace-qualified attribute.
Refer to page 8 of the mentioned spec. Thus I would assume the
problem is in WCF. Please confirm.
Regards,
Werner
> -----Original Message-----
> From: ext Aditya Sawhney (JIRA) [mailto:jira@apache.org]
> Sent: Thursday, October 16, 2008 2:07 AM
> To: wss4j-dev@ws.apache.org
> Subject: [jira] Created: (WSS-148) WCF interop issue:
> Namespace not honored incase of attributes.
>
> WCF interop issue: Namespace not honored incase of attributes.
> --------------------------------------------------------------
>
> Key: WSS-148
> URL: https://issues.apache.org/jira/browse/WSS-148
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Handlers
> Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5
> Reporter: Aditya Sawhney
> Assignee: Ruchith Udayanga Fernando
>
>
> WSS4J cannot authenticate the WS-Security profile consisting
> of UsernameToken. The SOAP header created by WCF is in the
> following format:
>
> - <s:Envelope
> xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-w
> ss-wssecurity-utility-1.0.xsd">
> - <s:Header>
> - <o:Security s:mustUnderstand="1"
> xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-w
> ss-wssecurity-secext-1.0.xsd">
> - <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
> <o:Username>aditya</o:Username>
> <o:Password
> o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws
> s-username-token-profile-1.0#PasswordText">aditya</o:Password>
> </o:UsernameToken>
> </o:Security>
> </s:Header>
> - <s:Body
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema">
> - <getProductDetail xmlns="http://catalog.example/">
> <productId xmlns="">SW123</productId>
> </getProductDetail>
> </s:Body>
> </s:Envelope>
>
> But, WSS4J is unable to validate it because it fails to
> determine the "passwordType" in UsernameToken constructor:
>
> public UsernameToken(Element elem) throws WSSecurityException {
> ...
> if (elementPassword != null) {
> passwordType = elementPassword.getAttribute("Type");
> }
>
> As it tries to find "Type" attribute but in SOAP header it is
> "o:Type".
> getAttributeNS should be used instead.
>
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-148) WCF interop issue: Namespace not
honored incase of attributes.
Posted by "Aditya Sawhney (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12652256#action_12652256 ]
Aditya Sawhney commented on WSS-148:
------------------------------------
Sure.
-Adi
> WCF interop issue: Namespace not honored incase of attributes.
> --------------------------------------------------------------
>
> Key: WSS-148
> URL: https://issues.apache.org/jira/browse/WSS-148
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Handlers
> Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5
> Reporter: Aditya Sawhney
> Assignee: Ruchith Udayanga Fernando
>
> WSS4J cannot authenticate the WS-Security profile consisting of UsernameToken. The SOAP header created by WCF is in the following format:
> - <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> - <s:Header>
> - <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> - <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
> <o:Username>aditya</o:Username>
> <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aditya</o:Password>
> </o:UsernameToken>
> </o:Security>
> </s:Header>
> - <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
> - <getProductDetail xmlns="http://catalog.example/">
> <productId xmlns="">SW123</productId>
> </getProductDetail>
> </s:Body>
> </s:Envelope>
> But, WSS4J is unable to validate it because it fails to determine the "passwordType" in UsernameToken constructor:
> public UsernameToken(Element elem) throws WSSecurityException {
> ...
> if (elementPassword != null) {
> passwordType = elementPassword.getAttribute("Type");
> }
> As it tries to find "Type" attribute but in SOAP header it is "o:Type".
> getAttributeNS should be used instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Resolved: (WSS-148) WCF interop issue: Namespace not honored
incase of attributes.
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-148?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-148.
-------------------------------------
Resolution: Won't Fix
> WCF interop issue: Namespace not honored incase of attributes.
> --------------------------------------------------------------
>
> Key: WSS-148
> URL: https://issues.apache.org/jira/browse/WSS-148
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Handlers
> Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5
> Reporter: Aditya Sawhney
> Assignee: Ruchith Udayanga Fernando
>
> WSS4J cannot authenticate the WS-Security profile consisting of UsernameToken. The SOAP header created by WCF is in the following format:
> - <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> - <s:Header>
> - <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> - <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
> <o:Username>aditya</o:Username>
> <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aditya</o:Password>
> </o:UsernameToken>
> </o:Security>
> </s:Header>
> - <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
> - <getProductDetail xmlns="http://catalog.example/">
> <productId xmlns="">SW123</productId>
> </getProductDetail>
> </s:Body>
> </s:Envelope>
> But, WSS4J is unable to validate it because it fails to determine the "passwordType" in UsernameToken constructor:
> public UsernameToken(Element elem) throws WSSecurityException {
> ...
> if (elementPassword != null) {
> passwordType = elementPassword.getAttribute("Type");
> }
> As it tries to find "Type" attribute but in SOAP header it is "o:Type".
> getAttributeNS should be used instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-148) WCF interop issue: Namespace not
honored incase of attributes.
Posted by "Dittmann, Werner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12640082#action_12640082 ]
Dittmann, Werner commented on WSS-148:
--------------------------------------
According to the WSS specification
"Web Services Security, UsernameToken Profile 1.1,
OASIS Standard Specification, 1 February 2006 "
the Type attribute is _not_ namespace-qualified attribute.
Refer to page 8 of the mentioned spec. Thus I would assume the
problem is in WCF. Please confirm.
Regards,
Werner
> WCF interop issue: Namespace not honored incase of attributes.
> --------------------------------------------------------------
>
> Key: WSS-148
> URL: https://issues.apache.org/jira/browse/WSS-148
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Handlers
> Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5
> Reporter: Aditya Sawhney
> Assignee: Ruchith Udayanga Fernando
>
> WSS4J cannot authenticate the WS-Security profile consisting of UsernameToken. The SOAP header created by WCF is in the following format:
> - <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> - <s:Header>
> - <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> - <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
> <o:Username>aditya</o:Username>
> <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aditya</o:Password>
> </o:UsernameToken>
> </o:Security>
> </s:Header>
> - <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
> - <getProductDetail xmlns="http://catalog.example/">
> <productId xmlns="">SW123</productId>
> </getProductDetail>
> </s:Body>
> </s:Envelope>
> But, WSS4J is unable to validate it because it fails to determine the "passwordType" in UsernameToken constructor:
> public UsernameToken(Element elem) throws WSSecurityException {
> ...
> if (elementPassword != null) {
> passwordType = elementPassword.getAttribute("Type");
> }
> As it tries to find "Type" attribute but in SOAP header it is "o:Type".
> getAttributeNS should be used instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-148) WCF interop issue: Namespace not
honored incase of attributes.
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12651970#action_12651970 ]
Colm O hEigeartaigh commented on WSS-148:
-----------------------------------------
Can this issue be closed?
Colm.
> WCF interop issue: Namespace not honored incase of attributes.
> --------------------------------------------------------------
>
> Key: WSS-148
> URL: https://issues.apache.org/jira/browse/WSS-148
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Handlers
> Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5
> Reporter: Aditya Sawhney
> Assignee: Ruchith Udayanga Fernando
>
> WSS4J cannot authenticate the WS-Security profile consisting of UsernameToken. The SOAP header created by WCF is in the following format:
> - <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> - <s:Header>
> - <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> - <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
> <o:Username>aditya</o:Username>
> <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aditya</o:Password>
> </o:UsernameToken>
> </o:Security>
> </s:Header>
> - <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
> - <getProductDetail xmlns="http://catalog.example/">
> <productId xmlns="">SW123</productId>
> </getProductDetail>
> </s:Body>
> </s:Envelope>
> But, WSS4J is unable to validate it because it fails to determine the "passwordType" in UsernameToken constructor:
> public UsernameToken(Element elem) throws WSSecurityException {
> ...
> if (elementPassword != null) {
> passwordType = elementPassword.getAttribute("Type");
> }
> As it tries to find "Type" attribute but in SOAP header it is "o:Type".
> getAttributeNS should be used instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Closed: (WSS-148) WCF interop issue: Namespace not honored
incase of attributes.
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-148?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-148.
-----------------------------------
> WCF interop issue: Namespace not honored incase of attributes.
> --------------------------------------------------------------
>
> Key: WSS-148
> URL: https://issues.apache.org/jira/browse/WSS-148
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Handlers
> Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5
> Reporter: Aditya Sawhney
> Assignee: Ruchith Udayanga Fernando
>
> WSS4J cannot authenticate the WS-Security profile consisting of UsernameToken. The SOAP header created by WCF is in the following format:
> - <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> - <s:Header>
> - <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> - <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
> <o:Username>aditya</o:Username>
> <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aditya</o:Password>
> </o:UsernameToken>
> </o:Security>
> </s:Header>
> - <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
> - <getProductDetail xmlns="http://catalog.example/">
> <productId xmlns="">SW123</productId>
> </getProductDetail>
> </s:Body>
> </s:Envelope>
> But, WSS4J is unable to validate it because it fails to determine the "passwordType" in UsernameToken constructor:
> public UsernameToken(Element elem) throws WSSecurityException {
> ...
> if (elementPassword != null) {
> passwordType = elementPassword.getAttribute("Type");
> }
> As it tries to find "Type" attribute but in SOAP header it is "o:Type".
> getAttributeNS should be used instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org