[jira] Resolved: (CXF-3156) Have web service client cache SAML tokens used in SOAP calls

Wed, 22 Dec 2010 08:35:29 -0800 

     [ 
https://issues.apache.org/jira/browse/CXF-3156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Glen Mazza resolved CXF-3156.
-----------------------------

       Resolution: Fixed
    Fix Version/s: 2.3.2

Fix made by Colm to WSS4J 1.5.11 which will be in CXF 2.3.2.

> Have web service client cache SAML tokens used in SOAP calls
> ------------------------------------------------------------
>
>                 Key: CXF-3156
>                 URL: https://issues.apache.org/jira/browse/CXF-3156
>             Project: CXF
>          Issue Type: Wish
>            Reporter: Glen Mazza
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.3.2
>
>         Attachments: 20101129DoubleItMetroWSTrust.zip
>
>
> Metro web service providers (and perhaps others) return references to SAML 
> Tokens provided by the client during the SOAP call, but do not return the 
> tokens themselves (nor is apparent that they should.)  Presently Metro 
> clients but not CXF clients can process these responses.  A CXF client 
> attempting to process a Metro response (sample one here[1]) returns this 
> error, saying it cannot find the token:
> [INFO] Nov 29, 2010 3:14:33 PM 
> org.apache.cxf.service.factory.ReflectionServiceFactoryBean 
> buildServiceFromWSDL
> [INFO] INFO: Creating Service 
> {http://www.example.org/contract/DoubleIt}DoubleItService from WSDL: 
> file:/media/NewDriveExt3/soperawork/DoubleItMetroWSTrust/client-cxf/src/main/resources/DoubleItService.wsdl
> [INFO] Nov 29, 2010 3:14:34 PM 
> org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl build
> [INFO] WARNING: No assertion builder for type 
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireInternalReference
>  registered.
> [INFO] Nov 29, 2010 3:14:35 PM 
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> [INFO] WARNING: 
> [INFO] org.apache.ws.security.WSSecurityException: Referenced security token 
> could not be retrieved (Reference 
> "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO]        at 
> org.apache.ws.security.message.token.SecurityTokenReference.getKeyIdentifierTokenElement(SecurityTokenReference.java:200)
> [INFO]        at 
> org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:356)
> [INFO]        at 
> org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:162)
> [INFO]        at 
> org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:113)
> [INFO]        at 
> org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:76)
> [INFO]        at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
> [INFO]        at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
> [INFO]        at 
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
> [INFO]        at 
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO]        at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO]        at 
> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO]        at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO]        at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO]        at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO]        at 
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO]        at 
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO]        at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO]        at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO]        at 
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO]        at 
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO]        at 
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO]        at 
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO]        at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO]        at $Proxy24.doubleIt(Unknown Source)
> [INFO]        at client.WSClient.doubleIt(WSClient.java:17)
> [INFO]        at client.WSClient.main(WSClient.java:11)
> [INFO] Nov 29, 2010 3:14:35 PM org.apache.cxf.phase.PhaseInterceptorChain 
> doDefaultLogging
> [INFO] WARNING: Interceptor for 
> {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt
>  has thrown exception, unwinding now
> [INFO] org.apache.cxf.binding.soap.SoapFault: Referenced security token could 
> not be retrieved (Reference "#uuid-88b8189f-9616-48f4-9ea8-ac2b7703baed")
> [INFO]        at 
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:597)
> [INFO]        at 
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:268)
> [INFO]        at 
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
> [INFO]        at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO]        at 
> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:733)
> [INFO]        at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2201)
> [INFO]        at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2071)
> [INFO]        at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1925)
> [INFO]        at 
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> [INFO]        at 
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:662)
> [INFO]        at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> [INFO]        at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:247)
> [INFO]        at 
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
> [INFO]        at 
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
> [INFO]        at 
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
> [INFO]        at 
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
> [INFO]        at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> [INFO]        at $Proxy24.doubleIt(Unknown Source)
> [INFO]        at client.WSClient.doubleIt(WSClient.java:17)
> [INFO]        at client.WSClient.main(WSClient.java:11)
> Part of the problem MAY be that Metro prefixes the Assertion key with a "#" 
> indicating the token is within the message body.  A bug report has been sent 
> to them on this issue[2], however I believe CXF would presently fail even if 
> the "#" was not there, as the client-side storage/retrieval of SAML tokens is 
> not yet in place.
> [1] 
> https://issues.apache.org/jira/secure/attachment/12460040/WSS238Results.txt
> [2] http://java.net/jira/browse/WSIT-1490

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to