[
https://issues.apache.org/jira/browse/CXF-8940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17775308#comment-17775308
]
Freeman Yue Fang commented on CXF-8940:
---------------------------------------
Hi Peter,
I think the problem comes from that if in the policy files only have Supporting
Tokens(like UsernameToken) but no Security Binding(like HTTPS
TransportBinding), the PolicyBasedWSS4JOutInterceptor can't be added, this is
the difference between your test and current test in CXF codebase.
And I think we should address it in UsernameTokenInterceptorProvider, I have a
PR ready here
https://github.com/apache/cxf/pull/1473
Cheers
Freeman
> ws-security.must-understand works only if security.enable.streaming is true
> ---------------------------------------------------------------------------
>
> Key: CXF-8940
> URL: https://issues.apache.org/jira/browse/CXF-8940
> Project: CXF
> Issue Type: Bug
> Reporter: Peter Palaga
> Priority: Major
>
> I am unfortunately not sure at all how to reproduce this with plain CXF. If a
> test is required to demonstrate the issue, I'd be thankful for pointing me to
> an existing test I could adapt.
> I am able to reproduce this with quarkus-cxf - here are the steps to
> reproduce:
> {code}
> git clone g...@github.com:ppalaga/quarkus-cxf.git
> cd quarkus-cxf
> git checkout CXF-8940
> mvnd clean install -DskipTests -Dquarkus.build.skip
> cd integration-tests/ws-security-policy
> mvnd clean test
> -Dtest=UsernameTokenSecurityPolicyTest#helloUsernameTokenNoMustUnderstand
> ...
> [ERROR]
> UsernameTokenSecurityPolicyTest>AbstractUsernameTokenSecurityPolicyTest.helloUsernameTokenNoMustUnderstand:180
>
> Expecting actual:
> "REQ_OUT
> Address: https://localhost:8444/services/helloUsernameToken
> HttpMethod: POST
> Content-Type: text/xml
> ExchangeId: 03fe3642-ab5b-4b85-b712-b8ed107f5a71
> ServiceName: UsernameTokenPolicyHelloService
> PortName: UsernameTokenPolicyHelloServicePort
> PortTypeName: UsernameTokenPolicyHelloService
> Headers: {SOAPAction="", Accept=*/*, Connection=Keep-Alive}
> Payload: <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
> <soap:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soap:mustUnderstand="1">
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="UsernameToken-4e64841c-ad35-48fd-b7ee-70e5f978e098">
> <wsse:Username>cxf-user</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>secret</wsse:Password>
> <wsse:Nonce
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>5rs0Ra3q0FPLXFguajlTwQ==</wsse:Nonce>
> <wsu:Created>2023-10-05T22:40:54.436Z</wsu:Created>
> </wsse:UsernameToken>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <ns2:hello xmlns:ns2="http://policy.security.it.cxf.quarkiverse.io/";>
> <arg0>helloUsernameTokenNoMustUnderstand</arg0>
> </ns2:hello>
> </soap:Body>
> </soap:Envelope>
> "
> not to contain:
> "soap:mustUnderstand="1""
> {code}
> Running the same logic with
> {{quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.security.enable.streaming
> = true}} works as expected:
> {code}
> mvnd clean test
> -Dtest=UsernameTokenSecurityPolicyStaxTest#helloUsernameTokenNoMustUnderstand
> ...
> BUILD SUCCESS
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
