Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8940

ws-security.must-understand works only if security.enable.streaming is true

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.5.8, 3.6.3, 4.0.4
    • None
    • None
    • Unknown

    Description

      I am unfortunately not sure at all how to reproduce this with plain CXF. If a test is required to demonstrate the issue, I'd be thankful for pointing me to an existing test I could adapt.

      I am able to reproduce this with quarkus-cxf - here are the steps to reproduce:

      git clone git@github.com:ppalaga/quarkus-cxf.git
cd quarkus-cxf
git checkout CXF-8940
mvnd clean install -DskipTests -Dquarkus.build.skip
cd integration-tests/ws-security-policy
mvnd clean test -Dtest=UsernameTokenSecurityPolicyTest#helloUsernameTokenNoMustUnderstand
...
[ERROR]   UsernameTokenSecurityPolicyTest>AbstractUsernameTokenSecurityPolicyTest.helloUsernameTokenNoMustUnderstand:180 
Expecting actual:
  "REQ_OUT
    Address: https://localhost:8444/services/helloUsernameToken
    HttpMethod: POST
    Content-Type: text/xml
    ExchangeId: 03fe3642-ab5b-4b85-b712-b8ed107f5a71
    ServiceName: UsernameTokenPolicyHelloService
    PortName: UsernameTokenPolicyHelloServicePort
    PortTypeName: UsernameTokenPolicyHelloService
    Headers: {SOAPAction="", Accept=*/*, Connection=Keep-Alive}
    Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
      <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-4e64841c-ad35-48fd-b7ee-70e5f978e098">
        <wsse:Username>cxf-user</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">secret</wsse:Password>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">5rs0Ra3q0FPLXFguajlTwQ==</wsse:Nonce>
        <wsu:Created>2023-10-05T22:40:54.436Z</wsu:Created>
      </wsse:UsernameToken>
    </wsse:Security>
  </soap:Header>
  <soap:Body>
    <ns2:hello xmlns:ns2="http://policy.security.it.cxf.quarkiverse.io/">
      <arg0>helloUsernameTokenNoMustUnderstand</arg0>
    </ns2:hello>
  </soap:Body>
</soap:Envelope>

"
not to contain:
  "soap:mustUnderstand="1""

      Running the same logic with quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.security.enable.streaming = true works as expected:

      mvnd clean test -Dtest=UsernameTokenSecurityPolicyStaxTest#helloUsernameTokenNoMustUnderstand
...
BUILD SUCCESS

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #1473

          Activity

            People

              ffang Freeman Yue Fang
              ppalaga Peter Palaga
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: