[jira] [Created] (CXF-6863) WS-RM 3.x does not work with attachments upon a network error
Akitoshi Yoshida created CXF-6863: - Summary: WS-RM 3.x does not work with attachments upon a network error Key: CXF-6863 URL: https://issues.apache.org/jira/browse/CXF-6863 Project: CXF Issue Type: Bug Components: WS-* Components Affects Versions: 3.0.9, 3.1.3 Reporter: Akitoshi Yoshida When sending messages with an attachment, the CXF 3.x WS-RM code may lose message at the client side when a network error occurs. This was working with CXF 2.x WS-RM. This problem is related to the change CXF-4866 which changed the way how the outgoing message is captured. Previously, the entire message was buffered and captured, which isolated this capturing from network issue. In 3.x, only the SOAP part is captured in this way and not the attachments. As a result, an exception will be thrown during the attachment serialization when a network error occurs and the message will not be correctly placed in the retransmission queue. By comparing CXF 3.x and 2.x code, In 3.x., AttachmentSerializer.writeProlog will directly writes to the IO and this can trigger a Fault from AttachmentOutInterceptor.handleMessage. URLConnectionHTTPConduit$URLConnectionWrappedOutputStream(AbstractThresholdOutputStream).write(byte[], int, int) line: 61 URLConnectionHTTPConduit$URLConnectionWrappedOutputStream(AbstractWrappedOutputStream).write(byte[]) line: 60 CacheAndWriteOutputStream.write(byte[]) line: 89 AttachmentSerializer.writeProlog() line: 182 AttachmentOutInterceptor.handleMessage(Message) line: 77 whereas in CXF 2.x, AttachmentSerializer.writeProlog will write to the buffered WriteOnCloseOutputStream, as its RetransmissionInterceptor inserts WriteOnCloseOutputStream to isolate itself from any network issue. WriteOnCloseOutputStream(CachedOutputStream).write(byte[]) line: 466 CacheAndWriteOutputStream.write(byte[]) line: 89 AttachmentSerializer.writeProlog() line: 172 AttachmentOutInterceptor.handleMessage(Message) line: 72 CXF 2.x, RetransmissionInterceptor inserted WriteOnCloseOutputStream to capture the message entirely. There seem to be other issues with attachments handling in CXF 3.x. Along with other issues CXF-6646, I am not sure how we should fix all these issues. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CXF-6646) CXF 3.x WSRM message may not be retrieved from database
[ https://issues.apache.org/jira/browse/CXF-6646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Akitoshi Yoshida updated CXF-6646: -- Assignee: (was: Akitoshi Yoshida) > CXF 3.x WSRM message may not be retrieved from database > --- > > Key: CXF-6646 > URL: https://issues.apache.org/jira/browse/CXF-6646 > Project: CXF > Issue Type: Bug > Components: WS-* Components >Affects Versions: 3.0.4 >Reporter: Kai Rommel > Attachments: > 0001-WSRM-enable-RMTxStore-for-different-database-impleme.patch, > 0002-WSRM-enable-RMTxStore-for-different-database-impleme.patch > > > With CXF-4866, CXF-352 changes to the RMTxStore implementation were > introduced. > Running the JUnit Tests for rt/ws/rm with a newer Derby version, some tests > will fail. > You can switch to version 10.8.2.2 and messages won't be recovered from > database, as database connection will be released before message is read. > I used the CachedOutputStream to cache the message. Find attached the patch > files. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CXF-6646) CXF 3.x WSRM message may not be retrieved from database
[ https://issues.apache.org/jira/browse/CXF-6646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15231879#comment-15231879 ] Akitoshi Yoshida commented on CXF-6646: --- While looking at the change introduced with CXF-4866, it seems to require a more drastic change to fix the issue. The patch currently attached to this ticket preserves the content in some cases but it uses a complex sequence of operations and it also does not cover for the attachments. If we are to stay in the current model, one option will be to go back to use CachedOutputStream in RMMessage and serialize the whole message including the attachments in one blob associated with this content. In that way, the DB operation is kept simpler (one table write) when storing a multipart message and it also keeps the management of attachment resources simpler (no need to cache the attachment streams separately). > CXF 3.x WSRM message may not be retrieved from database > --- > > Key: CXF-6646 > URL: https://issues.apache.org/jira/browse/CXF-6646 > Project: CXF > Issue Type: Bug > Components: WS-* Components >Affects Versions: 3.0.4 >Reporter: Kai Rommel >Assignee: Akitoshi Yoshida > Attachments: > 0001-WSRM-enable-RMTxStore-for-different-database-impleme.patch, > 0002-WSRM-enable-RMTxStore-for-different-database-impleme.patch > > > With CXF-4866, CXF-352 changes to the RMTxStore implementation were > introduced. > Running the JUnit Tests for rt/ws/rm with a newer Derby version, some tests > will fail. > You can switch to version 10.8.2.2 and messages won't be recovered from > database, as database connection will be released before message is read. > I used the CachedOutputStream to cache the message. Find attached the patch > files. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CXF-6769) Underscores in values of FIQL search expressions are incorrectly escaped
[
https://issues.apache.org/jira/browse/CXF-6769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15231929#comment-15231929
]
Torsten Römer commented on CXF-6769:
I've just tried this and while this would solve our problem, we unfortunately
can't use in our setup.
We are running in WildFly 8/10 which includes Apache CXF, but uses RESTEasy
instead of CXF's RS implementation. So we basically just include
cxf-rt-rs-extension-search in our WAR deployment and create our "own" instance
of FiqlParser (all we want to do is to convert an FIQL expression to an SQL
query):
{code}
final FiqlParser fiqlParser = new
FiqlParser<>(SearchBean.class);
final SearchCondition searchCondition =
fiqlParser.parse(search);
final SQLPrinterVisitor visitor = new
SQLPrinterVisitor(table);
searchCondition.accept(visitor);
final String sql = visitor.getQuery();
{code}
And like that we are not able to set the property.
Any suggestion?
> Underscores in values of FIQL search expressions are incorrectly escaped
>
>
> Key: CXF-6769
> URL: https://issues.apache.org/jira/browse/CXF-6769
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
>Affects Versions: 3.1.2
> Environment: Webapp deployed to WildFly 10
>Reporter: Torsten Römer
>Assignee: Sergey Beryozkin
>Priority: Minor
> Fix For: 3.1.6, 3.0.9, 3.2.0
>
>
> We are basically "just" using FIQLParser and SQLPrinterVisitor like this:
> final FiqlParser fiqlParser = new FiqlParser<>(SearchBean.class);
> final SearchCondition searchCondition = fiqlParser.parse(search);
> final SQLPrinterVisitor visitor = new
> SQLPrinterVisitor(table);
> searchCondition.accept(visitor);
> final String sql = visitor.getQuery();
> A search expression like this:
> text==VAL_UE
> yields an SQL query like this:
> SELECT * FROM some_table WHERE text = 'VAL[backslash]_UE'
> (Note [backslash] is supposed to mean a literal "\" which is swallowed here)
> If the table contains a row with text "VAL_UE", the query returns no results
> because the underscore in the value was preceded with a backslash.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (CXF-6864) STS Demo - Invalid Key
Charles Moulliard created CXF-6864:
--
Summary: STS Demo - Invalid Key
Key: CXF-6864
URL: https://issues.apache.org/jira/browse/CXF-6864
Project: CXF
Issue Type: Bug
Affects Versions: 3.0.9
Reporter: Charles Moulliard
The STS Demo packaged within the distribution of CXF 3.0.9 doesn't work
When the client issues the request to get the token from the STS server, the
following error is reported
Server
{code}
Apr 08, 2016 11:57:04 AM org.eclipse.jetty.server.AbstractConnector doStart
INFO: Started SelectChannelConnector@localhost:8080
Server ready...
Apr 08, 2016 11:57:42 AM
org.apache.cxf.services.SecurityTokenService.UT_Port.STS
INFO: Inbound Message
ID: 1
Address: http://localhost:8080/SecurityTokenService/UT?wsdl
Http-Method: GET
Content-Type:
Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
Content-Type=[null], Host=[localhost:8080], Pragma=[no-cache],
User-Agent=[Apache CXF 3.0.9]}
--
{code}
Client
{code}
WARNING: Interceptor for
{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Illegal key size
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:388)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:210)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:115)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:102)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at
org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:849)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:397)
at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.issueToken(IssuedTokenInterceptorProvider.java:531)
at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:165)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138)
at com.sun.proxy.$Proxy49.greetMe(Unknown Source)
at demo.wssec.client.Client.main(Client.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:291)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.cxf.ws.policy.PolicyException: Illegal key size
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler.policyNotAsserted(AbstractCommonBindingHandler.java:117)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doEncryptionDerived(SymmetricBindingHandler.java:492)
at
org.apache.cxf.ws.security.wss4j.policyhandler
[jira] [Updated] (CXF-6864) STS Demo - Invalid Key
[
https://issues.apache.org/jira/browse/CXF-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Charles Moulliard updated CXF-6864:
---
Description:
The STS Demo packaged within the distribution of CXF 3.0.9 doesn't work
When the client issues the request to get the token from the STS server, the
following error is reported
Server
{code}
Apr 08, 2016 11:57:04 AM org.eclipse.jetty.server.AbstractConnector doStart
INFO: Started SelectChannelConnector@localhost:8080
Server ready...
Apr 08, 2016 11:57:42 AM
org.apache.cxf.services.SecurityTokenService.UT_Port.STS
INFO: Inbound Message
ID: 1
Address: http://localhost:8080/SecurityTokenService/UT?wsdl
Http-Method: GET
Content-Type:
Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
Content-Type=[null], Host=[localhost:8080], Pragma=[no-cache],
User-Agent=[Apache CXF 3.0.9]}
--
{code}
Client
{code}
INFO: Creating Service {http://apache.org/hello_world_soap_http}SOAPService
from WSDL:
file:/Users/chmoulli/Downloads/apache-cxf-3.0.9/samples/sts/wsdl/hello_world.wsdl
Invoking greetMe...
Apr 08, 2016 11:57:42 AM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for
{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Illegal key size
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:388)
at
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:210)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:115)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:102)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at
org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:849)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
at
org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:397)
at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.issueToken(IssuedTokenInterceptorProvider.java:531)
at
org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:165)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138)
at com.sun.proxy.$Proxy49.greetMe(Unknown Source)
at demo.wssec.client.Client.main(Client.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:291)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.cxf.ws.policy.PolicyException: Illegal key size
at
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler.policyNotAsserted(AbstractCommonBindingHandler.java:117)
at
org.apache.cxf.ws.security.wss4j.p
[jira] [Commented] (CXF-6864) STS Demo - Invalid Key
[
https://issues.apache.org/jira/browse/CXF-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15231965#comment-15231965
]
Charles Moulliard commented on CXF-6864:
JDK version used : 8 with JCE
{code}
dabou:~/Downloads/apache-cxf-3.0.9/samples/sts$ java -version
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
dabou:~/Downloads/apache-cxf-3.0.9/samples/sts$ ll
/Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home/jre/lib/security/
total 288
drwxrwxr-x 10 root wheel340 Apr 10 2015 .
drwxrwxr-x 100 root wheel 3400 Apr 10 2015 ..
-rw-rw-r--1 root wheel 3026 Apr 10 2015 US_export_policy.jar
-rw-rw-r--1 root wheel 4054 Apr 10 2015 blacklist
-rw-rw-r--1 root wheel 1188 Apr 10 2015 blacklisted.certs
-rw-rw-r--1 root wheel 98626 Apr 10 2015 cacerts
-rw-rw-r--1 root wheel 2466 Apr 10 2015 java.policy
-rw-rw-r--1 root wheel 21270 Apr 10 2015 java.security
-rw-rw-r--1 root wheel 3527 Apr 10 2015 local_policy.jar
-rw-rw-r--1 root wheel 0 Apr 10 2015 trusted.libraries
{code}
> STS Demo - Invalid Key
> --
>
> Key: CXF-6864
> URL: https://issues.apache.org/jira/browse/CXF-6864
> Project: CXF
> Issue Type: Bug
>Affects Versions: 3.0.9
>Reporter: Charles Moulliard
>
> The STS Demo packaged within the distribution of CXF 3.0.9 doesn't work
> When the client issues the request to get the token from the STS server, the
> following error is reported
> Server
> {code}
> Apr 08, 2016 11:57:04 AM org.eclipse.jetty.server.AbstractConnector doStart
> INFO: Started SelectChannelConnector@localhost:8080
> Server ready...
> Apr 08, 2016 11:57:42 AM
> org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> INFO: Inbound Message
>
> ID: 1
> Address: http://localhost:8080/SecurityTokenService/UT?wsdl
> Http-Method: GET
> Content-Type:
> Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
> Content-Type=[null], Host=[localhost:8080], Pragma=[no-cache],
> User-Agent=[Apache CXF 3.0.9]}
> --
> {code}
> Client
> {code}
> INFO: Creating Service {http://apache.org/hello_world_soap_http}SOAPService
> from WSDL:
> file:/Users/chmoulli/Downloads/apache-cxf-3.0.9/samples/sts/wsdl/hello_world.wsdl
> Invoking greetMe...
> Apr 08, 2016 11:57:42 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Illegal key size
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:388)
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:210)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:115)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:102)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:849)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:397)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.issueToken(IssuedTokenInterceptorProvider.java:531)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterce
[jira] [Comment Edited] (CXF-6864) STS Demo - Invalid Key
[
https://issues.apache.org/jira/browse/CXF-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15231965#comment-15231965
]
Charles Moulliard edited comment on CXF-6864 at 4/8/16 10:11 AM:
-
JDK version used : 8 with JCE jar files
{code}
dabou:~/Downloads/apache-cxf-3.0.9/samples/sts$ java -version
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
dabou:~/Downloads/apache-cxf-3.0.9/samples/sts$ ll
/Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home/jre/lib/security/
total 288
drwxrwxr-x 10 root wheel340 Apr 10 2015 .
drwxrwxr-x 100 root wheel 3400 Apr 10 2015 ..
-rw-rw-r--1 root wheel 3026 Apr 10 2015 US_export_policy.jar
-rw-rw-r--1 root wheel 4054 Apr 10 2015 blacklist
-rw-rw-r--1 root wheel 1188 Apr 10 2015 blacklisted.certs
-rw-rw-r--1 root wheel 98626 Apr 10 2015 cacerts
-rw-rw-r--1 root wheel 2466 Apr 10 2015 java.policy
-rw-rw-r--1 root wheel 21270 Apr 10 2015 java.security
-rw-rw-r--1 root wheel 3527 Apr 10 2015 local_policy.jar
-rw-rw-r--1 root wheel 0 Apr 10 2015 trusted.libraries
{code}
was (Author: cmoulliard):
JDK version used : 8 with JCE
{code}
dabou:~/Downloads/apache-cxf-3.0.9/samples/sts$ java -version
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
dabou:~/Downloads/apache-cxf-3.0.9/samples/sts$ ll
/Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home/jre/lib/security/
total 288
drwxrwxr-x 10 root wheel340 Apr 10 2015 .
drwxrwxr-x 100 root wheel 3400 Apr 10 2015 ..
-rw-rw-r--1 root wheel 3026 Apr 10 2015 US_export_policy.jar
-rw-rw-r--1 root wheel 4054 Apr 10 2015 blacklist
-rw-rw-r--1 root wheel 1188 Apr 10 2015 blacklisted.certs
-rw-rw-r--1 root wheel 98626 Apr 10 2015 cacerts
-rw-rw-r--1 root wheel 2466 Apr 10 2015 java.policy
-rw-rw-r--1 root wheel 21270 Apr 10 2015 java.security
-rw-rw-r--1 root wheel 3527 Apr 10 2015 local_policy.jar
-rw-rw-r--1 root wheel 0 Apr 10 2015 trusted.libraries
{code}
> STS Demo - Invalid Key
> --
>
> Key: CXF-6864
> URL: https://issues.apache.org/jira/browse/CXF-6864
> Project: CXF
> Issue Type: Bug
>Affects Versions: 3.0.9
>Reporter: Charles Moulliard
>
> The STS Demo packaged within the distribution of CXF 3.0.9 doesn't work
> When the client issues the request to get the token from the STS server, the
> following error is reported
> Server
> {code}
> Apr 08, 2016 11:57:04 AM org.eclipse.jetty.server.AbstractConnector doStart
> INFO: Started SelectChannelConnector@localhost:8080
> Server ready...
> Apr 08, 2016 11:57:42 AM
> org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> INFO: Inbound Message
>
> ID: 1
> Address: http://localhost:8080/SecurityTokenService/UT?wsdl
> Http-Method: GET
> Content-Type:
> Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
> Content-Type=[null], Host=[localhost:8080], Pragma=[no-cache],
> User-Agent=[Apache CXF 3.0.9]}
> --
> {code}
> Client
> {code}
> INFO: Creating Service {http://apache.org/hello_world_soap_http}SOAPService
> from WSDL:
> file:/Users/chmoulli/Downloads/apache-cxf-3.0.9/samples/sts/wsdl/hello_world.wsdl
> Invoking greetMe...
> Apr 08, 2016 11:57:42 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Illegal key size
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:388)
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:210)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:115)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:102)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cx
[jira] [Commented] (CXF-6769) Underscores in values of FIQL search expressions are incorrectly escaped
[ https://issues.apache.org/jira/browse/CXF-6769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232001#comment-15232001 ] Sergey Beryozkin commented on CXF-6769: --- FiqlParser has another constructor which additionally accepts a Map of properties, that will do it. > Underscores in values of FIQL search expressions are incorrectly escaped > > > Key: CXF-6769 > URL: https://issues.apache.org/jira/browse/CXF-6769 > Project: CXF > Issue Type: Bug > Components: JAX-RS >Affects Versions: 3.1.2 > Environment: Webapp deployed to WildFly 10 >Reporter: Torsten Römer >Assignee: Sergey Beryozkin >Priority: Minor > Fix For: 3.1.6, 3.0.9, 3.2.0 > > > We are basically "just" using FIQLParser and SQLPrinterVisitor like this: > final FiqlParser fiqlParser = new FiqlParser<>(SearchBean.class); > final SearchCondition searchCondition = fiqlParser.parse(search); > final SQLPrinterVisitor visitor = new > SQLPrinterVisitor(table); > searchCondition.accept(visitor); > final String sql = visitor.getQuery(); > A search expression like this: > text==VAL_UE > yields an SQL query like this: > SELECT * FROM some_table WHERE text = 'VAL[backslash]_UE' > (Note [backslash] is supposed to mean a literal "\" which is swallowed here) > If the table contains a row with text "VAL_UE", the query returns no results > because the underscore in the value was preceded with a backslash. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CXF-6769) Underscores in values of FIQL search expressions are incorrectly escaped
[ https://issues.apache.org/jira/browse/CXF-6769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232047#comment-15232047 ] Torsten Römer commented on CXF-6769: Setting the property is fine, but since the Message given to MessageUtil.getContextualBoolean() is null in this case, the property is not considered and the defaultValue "true" is returned and the underscore is still escaped. Or am I missing something here? > Underscores in values of FIQL search expressions are incorrectly escaped > > > Key: CXF-6769 > URL: https://issues.apache.org/jira/browse/CXF-6769 > Project: CXF > Issue Type: Bug > Components: JAX-RS >Affects Versions: 3.1.2 > Environment: Webapp deployed to WildFly 10 >Reporter: Torsten Römer >Assignee: Sergey Beryozkin >Priority: Minor > Fix For: 3.1.6, 3.0.9, 3.2.0 > > > We are basically "just" using FIQLParser and SQLPrinterVisitor like this: > final FiqlParser fiqlParser = new FiqlParser<>(SearchBean.class); > final SearchCondition searchCondition = fiqlParser.parse(search); > final SQLPrinterVisitor visitor = new > SQLPrinterVisitor(table); > searchCondition.accept(visitor); > final String sql = visitor.getQuery(); > A search expression like this: > text==VAL_UE > yields an SQL query like this: > SELECT * FROM some_table WHERE text = 'VAL[backslash]_UE' > (Note [backslash] is supposed to mean a literal "\" which is swallowed here) > If the table contains a row with text "VAL_UE", the query returns no results > because the underscore in the value was preceded with a backslash. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CXF-6554) Exception thrown in LoggingInInterceptor
[
https://issues.apache.org/jira/browse/CXF-6554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232052#comment-15232052
]
David J. M. Karlsen commented on CXF-6554:
--
Any progress on this one? Still seeing the same in 3.1.1
> Exception thrown in LoggingInInterceptor
>
>
> Key: CXF-6554
> URL: https://issues.apache.org/jira/browse/CXF-6554
> Project: CXF
> Issue Type: Bug
>Affects Versions: 2.7.17
>Reporter: Damon Horrell
>Priority: Minor
>
> An exception is thrown for some inbound messages when logging is enabled via:
>
>
>
> Overriding the default 65536 character limit fixes the problem:
>
>
>
>
> -
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> [com.ctc.wstx.exc.WstxLazyException] Unexpected end of input block in entity
> reference
> at [row,col {unknown-source}]: [1017,49]
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158)
> at $Proxy42.getDocumentById(Unknown Source)
> at
> nz.govt.moh.eps.proxy.PrescriptionServiceProxy.getDocumentById(PrescriptionServiceProxy.java:82)
> at nz.govt.moh.eps.client.EpsTestClient.main(EpsTestClient.java:45)
> Caused by: [com.ctc.wstx.exc.WstxLazyException]
> com.ctc.wstx.exc.WstxEOFException: Unexpected end of input block in entity
> reference
> at [row,col {unknown-source}]: [1017,49]
> at
> com.ctc.wstx.exc.WstxLazyException.throwLazily(WstxLazyException.java:45)
> at com.ctc.wstx.sr.StreamScanner.throwLazyError(StreamScanner.java:728)
> at
> com.ctc.wstx.sr.BasicStreamReader.safeFinishToken(BasicStreamReader.java:3678)
> at com.ctc.wstx.sr.BasicStreamReader.getText(BasicStreamReader.java:860)
> at org.apache.cxf.staxutils.StaxUtils.copy(StaxUtils.java:748)
> at org.apache.cxf.staxutils.StaxUtils.copy(StaxUtils.java:697)
> at org.apache.cxf.staxutils.StaxUtils.copy(StaxUtils.java:621)
> at
> org.apache.cxf.interceptor.AbstractLoggingInterceptor.writePayload(AbstractLoggingInterceptor.java:164)
> at
> org.apache.cxf.interceptor.LoggingInInterceptor.logInputStream(LoggingInInterceptor.java:215)
> at
> org.apache.cxf.interceptor.LoggingInInterceptor.logging(LoggingInInterceptor.java:153)
> at
> org.apache.cxf.interceptor.LoggingInInterceptor.handleMessage(LoggingInInterceptor.java:79)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:849)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1632)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1520)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318)
> at
> org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
> at
> org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:223)
> at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:633)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:136)
> ... 3 more
> Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected end of input block
> in entity reference
> at [row,col {unknown-source}]: [1017,49]
> at
> com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOB(StreamScanner.java:699)
> at
> com.ctc.wstx.sr.StreamScanner.loadMoreFromCurrent(StreamScanner.java:1071)
> at
> com.ctc.wstx.sr.StreamScanner.getNextCharFromCurrent(StreamScanner.java:810)
> at com.ctc.wstx.sr.StreamScanner.resolveCharEnt(StreamScanner.java:2325)
> at
> com.ctc.wstx.sr.StreamScanner.resolveCharOnlyEntity(StreamScanner.java:1347)
> at
> com.ctc.wstx.sr.BasicStreamReader.readTextSecondary(BasicStreamReader.java:4715)
> at
> com.ctc.wstx.sr.BasicStreamReader.finishToken(BasicStreamReader.java:3722)
> at
> com.ctc.wstx.sr.BasicStreamReader.safeFinishToken(B
[jira] [Commented] (CXF-6769) Underscores in values of FIQL search expressions are incorrectly escaped
[ https://issues.apache.org/jira/browse/CXF-6769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232196#comment-15232196 ] Sergey Beryozkin commented on CXF-6769: --- Right I see...The only workaround then is to copy SQLPrinterVisitor.visit() into its subclass and block escaping the underscore. I guess for the next release I can try to make much easier to override it... > Underscores in values of FIQL search expressions are incorrectly escaped > > > Key: CXF-6769 > URL: https://issues.apache.org/jira/browse/CXF-6769 > Project: CXF > Issue Type: Bug > Components: JAX-RS >Affects Versions: 3.1.2 > Environment: Webapp deployed to WildFly 10 >Reporter: Torsten Römer >Assignee: Sergey Beryozkin >Priority: Minor > Fix For: 3.1.6, 3.0.9, 3.2.0 > > > We are basically "just" using FIQLParser and SQLPrinterVisitor like this: > final FiqlParser fiqlParser = new FiqlParser<>(SearchBean.class); > final SearchCondition searchCondition = fiqlParser.parse(search); > final SQLPrinterVisitor visitor = new > SQLPrinterVisitor(table); > searchCondition.accept(visitor); > final String sql = visitor.getQuery(); > A search expression like this: > text==VAL_UE > yields an SQL query like this: > SELECT * FROM some_table WHERE text = 'VAL[backslash]_UE' > (Note [backslash] is supposed to mean a literal "\" which is swallowed here) > If the table contains a row with text "VAL_UE", the query returns no results > because the underscore in the value was preceded with a backslash. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CXF-6769) Underscores in values of FIQL search expressions are incorrectly escaped
[ https://issues.apache.org/jira/browse/CXF-6769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232223#comment-15232223 ] Torsten Römer commented on CXF-6769: Fine, we'll either avoid underscores for now or implement the workaround. Thank you! > Underscores in values of FIQL search expressions are incorrectly escaped > > > Key: CXF-6769 > URL: https://issues.apache.org/jira/browse/CXF-6769 > Project: CXF > Issue Type: Bug > Components: JAX-RS >Affects Versions: 3.1.2 > Environment: Webapp deployed to WildFly 10 >Reporter: Torsten Römer >Assignee: Sergey Beryozkin >Priority: Minor > Fix For: 3.1.6, 3.0.9, 3.2.0 > > > We are basically "just" using FIQLParser and SQLPrinterVisitor like this: > final FiqlParser fiqlParser = new FiqlParser<>(SearchBean.class); > final SearchCondition searchCondition = fiqlParser.parse(search); > final SQLPrinterVisitor visitor = new > SQLPrinterVisitor(table); > searchCondition.accept(visitor); > final String sql = visitor.getQuery(); > A search expression like this: > text==VAL_UE > yields an SQL query like this: > SELECT * FROM some_table WHERE text = 'VAL[backslash]_UE' > (Note [backslash] is supposed to mean a literal "\" which is swallowed here) > If the table contains a row with text "VAL_UE", the query returns no results > because the underscore in the value was preceded with a backslash. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CXF-6864) STS Demo - Invalid Key
[
https://issues.apache.org/jira/browse/CXF-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232265#comment-15232265
]
Colm O hEigeartaigh commented on CXF-6864:
--
You need to install the unlimited security files in the JDK. See the README:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=distribution/src/main/release/samples/sts/README.txt;h=ea9d096e5c62cea575b7a6002b88a3925629e265;hb=HEAD
> STS Demo - Invalid Key
> --
>
> Key: CXF-6864
> URL: https://issues.apache.org/jira/browse/CXF-6864
> Project: CXF
> Issue Type: Bug
>Affects Versions: 3.0.9
>Reporter: Charles Moulliard
>
> The STS Demo packaged within the distribution of CXF 3.0.9 doesn't work
> When the client issues the request to get the token from the STS server, the
> following error is reported
> Server
> {code}
> Apr 08, 2016 11:57:04 AM org.eclipse.jetty.server.AbstractConnector doStart
> INFO: Started SelectChannelConnector@localhost:8080
> Server ready...
> Apr 08, 2016 11:57:42 AM
> org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> INFO: Inbound Message
>
> ID: 1
> Address: http://localhost:8080/SecurityTokenService/UT?wsdl
> Http-Method: GET
> Content-Type:
> Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
> Content-Type=[null], Host=[localhost:8080], Pragma=[no-cache],
> User-Agent=[Apache CXF 3.0.9]}
> --
> {code}
> Client
> {code}
> INFO: Creating Service {http://apache.org/hello_world_soap_http}SOAPService
> from WSDL:
> file:/Users/chmoulli/Downloads/apache-cxf-3.0.9/samples/sts/wsdl/hello_world.wsdl
> Invoking greetMe...
> Apr 08, 2016 11:57:42 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Illegal key size
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:388)
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:210)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:115)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:102)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:849)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:397)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.issueToken(IssuedTokenInterceptorProvider.java:531)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:165)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138)
> at com.sun.proxy.$Proxy49.greetMe(Unknown Source)
> at demo.wssec.client.Client.main(Client.java:77)
> at sun.reflect.NativeMethodAccessorImpl.
[jira] [Commented] (CXF-6862) Quoted path field in Cookies appears to be ignored by Chrome and Firefox
[ https://issues.apache.org/jira/browse/CXF-6862?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232270#comment-15232270 ] Brendon commented on CXF-6862: -- Hi Sergey, Thanks for looking at this so quickly! We pass the root path (/) to the NewCookie as a string without escaped quotes e.g. new NewCookie(etc, "/", etc). I wasn't very clear but when I mentioned that Firefox interprets the cookie as ""/"", I meant that if you inspect the cookie in developer tools it shows the / within double quotes but this probably isn't so important. The main thing is that the cookie was sent to the browser on the root path but the browser was storing it under the current path e.g. /login. Navigating to another page would then not include the cookie (unless it was under the previous path). e.g. /login/profile would pass the cookie but /profile wouldn't. I will check the latest snapshot when I get a chance and get let you know. > Quoted path field in Cookies appears to be ignored by Chrome and Firefox > > > Key: CXF-6862 > URL: https://issues.apache.org/jira/browse/CXF-6862 > Project: CXF > Issue Type: Bug > Components: JAX-RS >Affects Versions: 3.1.5, 3.1.6 >Reporter: Brendon > > I am attempting to update a project from v3.1.4 to v3.1.6 which includes a > fix for RFC 2109 compliance (https://issues.apache.org/jira/browse/CXF-6729) > but have hit a problem. > The problem is that since 3.1.5, the cookie path field is wrapped in > quotations if it has a special character. This quoted path appears to be > ignored by Firefox and Chrome (it does work in Safari though). > Example: > Our code base is setting path=/ to specify the root path. > This gets wrapped in quotations in NewCookieHeaderProvider's toString and > sent to the browser (Firefox). > Firefox then sees it as ""/"" and ignores it (presumable as "/" is not a > valid path). > The cookie is then set on the current path and not the root path. > This was not an issue in 3.1.4 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (FEDIZ-162) Make it possible to disable the requirement for a Signature when validating a SAML SSO AuthnRequest in the IdP
Colm O hEigeartaigh created FEDIZ-162: - Summary: Make it possible to disable the requirement for a Signature when validating a SAML SSO AuthnRequest in the IdP Key: FEDIZ-162 URL: https://issues.apache.org/jira/browse/FEDIZ-162 Project: CXF-Fediz Issue Type: Improvement Affects Versions: 1.3.0 Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Fix For: 1.3.1 Make it possible to disable the requirement for a Signature when validating a SAML SSO AuthnRequest in the IdP -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (FEDIZ-163) Default to disabling Deflate Encoding for the SAML SSO response
Colm O hEigeartaigh created FEDIZ-163: - Summary: Default to disabling Deflate Encoding for the SAML SSO response Key: FEDIZ-163 URL: https://issues.apache.org/jira/browse/FEDIZ-163 Project: CXF-Fediz Issue Type: Improvement Affects Versions: 1.3.0 Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Fix For: 1.3.1 In 1.3.0, the deflate encoding is used by default to encode SAML SSO Responses. However, the default web flow is to POST the response, and the deflate encoding is not supposed to be used here according to the spec. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CXF-6862) Quoted path field in Cookies appears to be ignored by Chrome and Firefox
[ https://issues.apache.org/jira/browse/CXF-6862?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232320#comment-15232320 ] Sergey Beryozkin commented on CXF-6862: --- thanks; this is a sensitive issue, I'd qualify it as Critical if it were not possible to have a workaround, by setting Set-Cookie on Response manually :-). yes, please try 3.1.7-SNAPSHOT when you get a chance and let me know if it works as expected > Quoted path field in Cookies appears to be ignored by Chrome and Firefox > > > Key: CXF-6862 > URL: https://issues.apache.org/jira/browse/CXF-6862 > Project: CXF > Issue Type: Bug > Components: JAX-RS >Affects Versions: 3.1.5, 3.1.6 >Reporter: Brendon > > I am attempting to update a project from v3.1.4 to v3.1.6 which includes a > fix for RFC 2109 compliance (https://issues.apache.org/jira/browse/CXF-6729) > but have hit a problem. > The problem is that since 3.1.5, the cookie path field is wrapped in > quotations if it has a special character. This quoted path appears to be > ignored by Firefox and Chrome (it does work in Safari though). > Example: > Our code base is setting path=/ to specify the root path. > This gets wrapped in quotations in NewCookieHeaderProvider's toString and > sent to the browser (Firefox). > Firefox then sees it as ""/"" and ignores it (presumable as "/" is not a > valid path). > The cookie is then set on the current path and not the root path. > This was not an issue in 3.1.4 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CXF-6864) STS Demo - Invalid Key
[
https://issues.apache.org/jira/browse/CXF-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232368#comment-15232368
]
Colm O hEigeartaigh commented on CXF-6864:
--
Are you sure you copied the correct jars? The jar sizes listed above match for
my JDK 8 installation with the default jars:
ls -l /opt/jdk1.8.0_66_restr/jre/lib/security/*.jar
-rw-r--r-- 1 colm colm 3527 Oct 7 2015
/opt/jdk1.8.0_66_restr/jre/lib/security/local_policy.jar
-rw-r--r-- 1 colm colm 3026 Oct 7 2015
/opt/jdk1.8.0_66_restr/jre/lib/security/US_export_policy.jar
Whereas using the unlimited jars:
ls -l /opt/jdk1.8.0_72/jre/lib/security/*.jar
-rw-r--r-- 1 colm colm 3035 Jan 21 14:57
/opt/jdk1.8.0_72/jre/lib/security/local_policy.jar
-rw-r--r-- 1 colm colm 3023 Jan 21 14:57
/opt/jdk1.8.0_72/jre/lib/security/US_export_policy.jar
> STS Demo - Invalid Key
> --
>
> Key: CXF-6864
> URL: https://issues.apache.org/jira/browse/CXF-6864
> Project: CXF
> Issue Type: Bug
>Affects Versions: 3.0.9
>Reporter: Charles Moulliard
>
> The STS Demo packaged within the distribution of CXF 3.0.9 doesn't work
> When the client issues the request to get the token from the STS server, the
> following error is reported
> Server
> {code}
> Apr 08, 2016 11:57:04 AM org.eclipse.jetty.server.AbstractConnector doStart
> INFO: Started SelectChannelConnector@localhost:8080
> Server ready...
> Apr 08, 2016 11:57:42 AM
> org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> INFO: Inbound Message
>
> ID: 1
> Address: http://localhost:8080/SecurityTokenService/UT?wsdl
> Http-Method: GET
> Content-Type:
> Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
> Content-Type=[null], Host=[localhost:8080], Pragma=[no-cache],
> User-Agent=[Apache CXF 3.0.9]}
> --
> {code}
> Client
> {code}
> INFO: Creating Service {http://apache.org/hello_world_soap_http}SOAPService
> from WSDL:
> file:/Users/chmoulli/Downloads/apache-cxf-3.0.9/samples/sts/wsdl/hello_world.wsdl
> Invoking greetMe...
> Apr 08, 2016 11:57:42 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Illegal key size
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:388)
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:210)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:115)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:102)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:849)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:397)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.issueToken(IssuedTokenInterceptorProvider.java:531)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:165)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
[jira] [Resolved] (CXF-6864) STS Demo - Invalid Key
[
https://issues.apache.org/jira/browse/CXF-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Charles Moulliard resolved CXF-6864.
Resolution: Fixed
I did a mistake during the process to copy unlimited files to jre/lib/security.
That works after issuing them again.
> STS Demo - Invalid Key
> --
>
> Key: CXF-6864
> URL: https://issues.apache.org/jira/browse/CXF-6864
> Project: CXF
> Issue Type: Bug
>Affects Versions: 3.0.9
>Reporter: Charles Moulliard
>
> The STS Demo packaged within the distribution of CXF 3.0.9 doesn't work
> When the client issues the request to get the token from the STS server, the
> following error is reported
> Server
> {code}
> Apr 08, 2016 11:57:04 AM org.eclipse.jetty.server.AbstractConnector doStart
> INFO: Started SelectChannelConnector@localhost:8080
> Server ready...
> Apr 08, 2016 11:57:42 AM
> org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> INFO: Inbound Message
>
> ID: 1
> Address: http://localhost:8080/SecurityTokenService/UT?wsdl
> Http-Method: GET
> Content-Type:
> Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
> Content-Type=[null], Host=[localhost:8080], Pragma=[no-cache],
> User-Agent=[Apache CXF 3.0.9]}
> --
> {code}
> Client
> {code}
> INFO: Creating Service {http://apache.org/hello_world_soap_http}SOAPService
> from WSDL:
> file:/Users/chmoulli/Downloads/apache-cxf-3.0.9/samples/sts/wsdl/hello_world.wsdl
> Invoking greetMe...
> Apr 08, 2016 11:57:42 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Illegal key size
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:388)
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:210)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:115)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:102)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:849)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:397)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.issueToken(IssuedTokenInterceptorProvider.java:531)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:165)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138)
> at com.sun.proxy.$Proxy49.greetMe(Unknown Source)
> at demo.wssec.client.Client.main(Client.java:77)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAcc
[jira] [Commented] (CXF-6864) STS Demo - Invalid Key
[
https://issues.apache.org/jira/browse/CXF-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232358#comment-15232358
]
Charles Moulliard commented on CXF-6864:
This has been done. The 2 files (US_export_policy.jar, local_policy.jar) have
been copied here as described within the JCE Readme file
{code}
ll
/Library/Java/JavaVirtualMachines/jdk1.8.0_45.jdk/Contents/Home/jre/lib/security/
total 288
drwxrwxr-x 10 root wheel340 Apr 10 2015 .
drwxrwxr-x 100 root wheel 3400 Apr 10 2015 ..
-rw-rw-r--1 root wheel 3026 Apr 10 2015 US_export_policy.jar
-rw-rw-r--1 root wheel 4054 Apr 10 2015 blacklist
-rw-rw-r--1 root wheel 1188 Apr 10 2015 blacklisted.certs
-rw-rw-r--1 root wheel 98626 Apr 10 2015 cacerts
-rw-rw-r--1 root wheel 2466 Apr 10 2015 java.policy
-rw-rw-r--1 root wheel 21270 Apr 10 2015 java.security
-rw-rw-r--1 root wheel 3527 Apr 10 2015 local_policy.jar
{code}
> STS Demo - Invalid Key
> --
>
> Key: CXF-6864
> URL: https://issues.apache.org/jira/browse/CXF-6864
> Project: CXF
> Issue Type: Bug
>Affects Versions: 3.0.9
>Reporter: Charles Moulliard
>
> The STS Demo packaged within the distribution of CXF 3.0.9 doesn't work
> When the client issues the request to get the token from the STS server, the
> following error is reported
> Server
> {code}
> Apr 08, 2016 11:57:04 AM org.eclipse.jetty.server.AbstractConnector doStart
> INFO: Started SelectChannelConnector@localhost:8080
> Server ready...
> Apr 08, 2016 11:57:42 AM
> org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> INFO: Inbound Message
>
> ID: 1
> Address: http://localhost:8080/SecurityTokenService/UT?wsdl
> Http-Method: GET
> Content-Type:
> Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
> Content-Type=[null], Host=[localhost:8080], Pragma=[no-cache],
> User-Agent=[Apache CXF 3.0.9]}
> --
> {code}
> Client
> {code}
> INFO: Creating Service {http://apache.org/hello_world_soap_http}SOAPService
> from WSDL:
> file:/Users/chmoulli/Downloads/apache-cxf-3.0.9/samples/sts/wsdl/hello_world.wsdl
> Invoking greetMe...
> Apr 08, 2016 11:57:42 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Illegal key size
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:388)
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:210)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:115)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:102)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:849)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:397)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.issueToken(IssuedTokenInterceptorProvider.java:531)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:165)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at
[jira] [Closed] (CXF-6864) STS Demo - Invalid Key
[
https://issues.apache.org/jira/browse/CXF-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Charles Moulliard closed CXF-6864.
--
> STS Demo - Invalid Key
> --
>
> Key: CXF-6864
> URL: https://issues.apache.org/jira/browse/CXF-6864
> Project: CXF
> Issue Type: Bug
>Affects Versions: 3.0.9
>Reporter: Charles Moulliard
>
> The STS Demo packaged within the distribution of CXF 3.0.9 doesn't work
> When the client issues the request to get the token from the STS server, the
> following error is reported
> Server
> {code}
> Apr 08, 2016 11:57:04 AM org.eclipse.jetty.server.AbstractConnector doStart
> INFO: Started SelectChannelConnector@localhost:8080
> Server ready...
> Apr 08, 2016 11:57:42 AM
> org.apache.cxf.services.SecurityTokenService.UT_Port.STS
> INFO: Inbound Message
>
> ID: 1
> Address: http://localhost:8080/SecurityTokenService/UT?wsdl
> Http-Method: GET
> Content-Type:
> Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive],
> Content-Type=[null], Host=[localhost:8080], Pragma=[no-cache],
> User-Agent=[Apache CXF 3.0.9]}
> --
> {code}
> Client
> {code}
> INFO: Creating Service {http://apache.org/hello_world_soap_http}SOAPService
> from WSDL:
> file:/Users/chmoulli/Downloads/apache-cxf-3.0.9/samples/sts/wsdl/hello_world.wsdl
> Invoking greetMe...
> Apr 08, 2016 11:57:42 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
> has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Illegal key size
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:388)
> at
> org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:210)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:115)
> at
> org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:102)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
> at
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:849)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
> at
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.getTokenFromSTS(IssuedTokenInterceptorProvider.java:397)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.issueToken(IssuedTokenInterceptorProvider.java:531)
> at
> org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(IssuedTokenInterceptorProvider.java:165)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138)
> at com.sun.proxy.$Proxy49.greetMe(Unknown Source)
> at demo.wssec.client.Client.main(Client.java:77)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at org.codehaus.mojo.e
[jira] [Resolved] (FEDIZ-162) Make it possible to disable the requirement for a Signature when validating a SAML SSO AuthnRequest in the IdP
[ https://issues.apache.org/jira/browse/FEDIZ-162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved FEDIZ-162. --- Resolution: Fixed > Make it possible to disable the requirement for a Signature when validating a > SAML SSO AuthnRequest in the IdP > -- > > Key: FEDIZ-162 > URL: https://issues.apache.org/jira/browse/FEDIZ-162 > Project: CXF-Fediz > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh > Fix For: 1.3.1 > > > Make it possible to disable the requirement for a Signature when validating a > SAML SSO AuthnRequest in the IdP -- This message was sent by Atlassian JIRA (v6.3.4#6332)
