You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2015/06/16 14:39:00 UTC
[jira] [Commented] (CXF-6464) The derived key versions of
sign/encrypt in SymmetricBindingHandler don't support attachments
[ https://issues.apache.org/jira/browse/CXF-6464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14587962#comment-14587962 ]
ASF GitHub Bot commented on CXF-6464:
-------------------------------------
GitHub user spark404 opened a pull request:
https://github.com/apache/cxf/pull/77
CXF-6464 Add attachment support to derived key sign/encrypt
This depends on WSS-541 and won't build until that change is merged.
Note the dependency change to wss4j 2.1.2-SNAPSHOT to reflect this.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/spark404/cxf CXF-6464
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cxf/pull/77.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #77
----
commit 3ba4284a6d3feb9aa3ce9da950eea13e4c6e6f49
Author: Hugo Trippaers <ht...@schubergphilis.com>
Date: 2015-06-16T12:35:31Z
CXF-6464 Add attachment support to derived key sign/encrypt
----
> The derived key versions of sign/encrypt in SymmetricBindingHandler don't support attachments
> ---------------------------------------------------------------------------------------------
>
> Key: CXF-6464
> URL: https://issues.apache.org/jira/browse/CXF-6464
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 3.1.1
> Reporter: Hugo Trippaers
> Fix For: 3.1.2
>
>
> Adding a sp:Attachment policy to the binding policy eventually causes client requests to fail with the following exception.
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Cannot setup signature data structure
> Original Exception was org.apache.wss4j.common.ext.WSSecurityException: no attachment callbackhandler supplied
> at org.apache.wss4j.dom.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:204)
> at org.apache.wss4j.dom.message.WSSecDKSign.addReferencesToSign(WSSecDKSign.java:189)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignatureDK(SymmetricBindingHandler.java:732)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignature(SymmetricBindingHandler.java:757)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:342)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:126)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:174)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:108)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:95)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)