Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-582

Wss4jSecurityInterceptor loosing action from HTTP ContentType header for SOAP V1.2

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 1.5.8
    • Fix Version/s: 1.5.9
    • Component/s: Security
    • Labels:
      None

      Description

      This is very similar to SWS-416

      While that fixed it for SOAP V1.1, where there is a separate HTTP for SOAPAction, for SOAP V1.2 the action is included in the HTTP Header ContentType

      Here's the ContentType Header without the interceptor:

      Content-Type: application/soap+xml; charset=utf-8; action="MySoapAction"

      Here's the ContentType Header with the interceptor:

      Content-Type: application/soap+xml; charset=utf-8

      I'm using the SaajSoapMessageFactory

        Activity

        oldyella Gary Jacobs created issue -
        Hide
        oldyella Gary Jacobs added a comment -

        I tried using AxiomSoapMessageFactory and the SOAP Action comes through OK, so it looks related to SaajSoapMessageFactory

        It seems to only occur using SOAP V1.2

        Show
        oldyella Gary Jacobs added a comment - I tried using AxiomSoapMessageFactory and the SOAP Action comes through OK, so it looks related to SaajSoapMessageFactory It seems to only occur using SOAP V1.2
        arjen.poutsma Arjen Poutsma made changes -
        Field Original Value New Value
        Fix Version/s 1.5.9 [ 11296 ]
        tareq Tareq Abedrabbo made changes -
        Assignee Arjen Poutsma [ arjen.poutsma ] Tareq Abedrabbo [ tareq ]
        Hide
        tareq Tareq Abedrabbo added a comment -

        I'm not able to reproduce the issue. I'll commit the corresponding unit tests later (some refactoring is needed). Meanwhile, can you tell me which Saaj provider/version are you using?

        Show
        tareq Tareq Abedrabbo added a comment - I'm not able to reproduce the issue. I'll commit the corresponding unit tests later (some refactoring is needed). Meanwhile, can you tell me which Saaj provider/version are you using?
        Hide
        oldyella Gary Jacobs added a comment -

        I'm using it via Maven.

        Here's the dependency:

        <dependency>
        <groupId>com.sun.xml.messaging.saaj</groupId>
        <artifactId>saaj-impl</artifactId>
        <version>1.3.2</version>
        </dependency>

        Show
        oldyella Gary Jacobs added a comment - I'm using it via Maven. Here's the dependency: <dependency> <groupId>com.sun.xml.messaging.saaj</groupId> <artifactId>saaj-impl</artifactId> <version>1.3.2</version> </dependency>
        Hide
        tareq Tareq Abedrabbo added a comment -

        I'm still not able to reproduce the issue but:

        • I've just fixed a SOAP action related issue (SWS-595). Can you try a recent snapshot to see if it got any better?
        • Also, you can take a look at the unit tests that I've added trying to reproduce the issue to compare.

        Thanks,
        Tareq

        Show
        tareq Tareq Abedrabbo added a comment - I'm still not able to reproduce the issue but: I've just fixed a SOAP action related issue ( SWS-595 ). Can you try a recent snapshot to see if it got any better? Also, you can take a look at the unit tests that I've added trying to reproduce the issue to compare. Thanks, Tareq
        Hide
        oldyella Gary Jacobs added a comment -

        I tried it with the latest snapshot and got the same result

        I looked at your unit tests. I'm invoking the set SoapUtils.setActionInContentType indirectly via SaajSoapMessage.setSoapAction.

        Here's what works and doesn't work:

        SOAP 1.1, Saaj, wss4j interceptor - works
        SOAP 1.2, Saaj, wss4j interceptor - doesn't work
        SOAP 1.2, Saaj, xwss interceptor - works
        SOAP 1.2, Axiom, wss4j interceptor - works

        Show
        oldyella Gary Jacobs added a comment - I tried it with the latest snapshot and got the same result I looked at your unit tests. I'm invoking the set SoapUtils.setActionInContentType indirectly via SaajSoapMessage.setSoapAction. Here's what works and doesn't work: SOAP 1.1, Saaj, wss4j interceptor - works SOAP 1.2, Saaj, wss4j interceptor - doesn't work SOAP 1.2, Saaj, xwss interceptor - works SOAP 1.2, Axiom, wss4j interceptor - works
        Hide
        tareq Tareq Abedrabbo added a comment -

        The tests I was referring to are in Wss4jMessageInterceptorSoapActionTestCase.java. Can you take a look to compare to your use case?

        Show
        tareq Tareq Abedrabbo added a comment - The tests I was referring to are in Wss4jMessageInterceptorSoapActionTestCase.java. Can you take a look to compare to your use case?
        Hide
        oldyella Gary Jacobs added a comment -

        The main difference I see is that I am using X.509 token rather than username token

        Here's the config for my interceptor bean:

        <bean id="securityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
        <property name="securementActions" value="Timestamp Signature"/>
        <property name="timeToLive" value="10"/>
        <property name="securementSignatureKeyIdentifier" value="DirectReference" />
        </bean>

        Show
        oldyella Gary Jacobs added a comment - The main difference I see is that I am using X.509 token rather than username token Here's the config for my interceptor bean: <bean id="securityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor"> <property name="securementActions" value="Timestamp Signature"/> <property name="timeToLive" value="10"/> <property name="securementSignatureKeyIdentifier" value="DirectReference" /> </bean>
        Hide
        tareq Tareq Abedrabbo added a comment -

        I'm resolving this as "cannot reproduce" for the moment. Feel free to add comments here or to attach test cases and I'll be glad to reopen the issue if necessary.

        Show
        tareq Tareq Abedrabbo added a comment - I'm resolving this as "cannot reproduce" for the moment. Feel free to add comments here or to attach test cases and I'll be glad to reopen the issue if necessary.
        tareq Tareq Abedrabbo made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Cannot Reproduce [ 5 ]
        Hide
        arjen.poutsma Arjen Poutsma added a comment -

        Closing old issues

        Show
        arjen.poutsma Arjen Poutsma added a comment - Closing old issues
        arjen.poutsma Arjen Poutsma made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        62d 13h 12m 1 Tareq Abedrabbo 13/Jan/10 11:20 PM
        Resolved Resolved Closed Closed
        841d 7h 42m 1 Arjen Poutsma 04/May/12 7:03 AM

          People

          • Assignee:
            tareq Tareq Abedrabbo
            Reporter:
            oldyella Gary Jacobs
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: