Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-856

Add ability to set SAMLIssuer on Wss4jSecurityInterceptor for securing messages with SAML tokens

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 2.2.RC1
    • Component/s: Security
    • Labels:
      None

      Activity

      jaminh jaminh created issue -
      Hide
      jaminh jaminh added a comment -

      This enhancement will allow users to configure SAML token properties without requiring a properties file on the classpath (see WSS-418). This will require using wss4j 1.6.12 or higher.

      For an example of this being used I made simple rest service secured with SAML and a JUnit test that sends messages to the service, which can be found at https://github.com/jaminh/spring-saml-example-war.

      Show
      jaminh jaminh added a comment - This enhancement will allow users to configure SAML token properties without requiring a properties file on the classpath (see WSS-418). This will require using wss4j 1.6.12 or higher. For an example of this being used I made simple rest service secured with SAML and a JUnit test that sends messages to the service, which can be found at https://github.com/jaminh/spring-saml-example-war .
      arjen.poutsma Arjen Poutsma made changes -
      Field Original Value New Value
      Assignee Arjen Poutsma [ arjen.poutsma ]
      arjen.poutsma Arjen Poutsma made changes -
      Fix Version/s 2.1.5 [ 14349 ]
      arjen.poutsma Arjen Poutsma made changes -
      Fix Version/s 2.1.5 [ 14349 ]
      arjen.poutsma Arjen Poutsma made changes -
      Assignee Arjen Poutsma [ arjen.poutsma ]
      Hide
      arjen.poutsma Arjen Poutsma added a comment -

      Unfortunately I can't upgrade to wss4j 1.6.12 as it breaks most of our unit tests. This feature will have to wait until I have the time to resolve that.

      Show
      arjen.poutsma Arjen Poutsma added a comment - Unfortunately I can't upgrade to wss4j 1.6.12 as it breaks most of our unit tests. This feature will have to wait until I have the time to resolve that.
      Hide
      jaminh jaminh added a comment -

      I thought I had that working before but I can take a look at it. When are you planning on releasing 2.1.5?

      Show
      jaminh jaminh added a comment - I thought I had that working before but I can take a look at it. When are you planning on releasing 2.1.5?
      Hide
      jaminh jaminh added a comment -

      I figured out what is causing the tests to fail when updating the WSS4J version. The timestamp and username processing changed slightly because of this issue https://issues.apache.org/jira/browse/WSS-427. It looks like you can fix the timestamp validation by adding messageContext.setProperty(WSHandlerConstants.TTL_TIMESTAMP, Integer.toString(securementTimeToLive)); to the initializeRequestData(MessageContext messageContext) method. The username token tests are failing because as of 1.6.10 wss4j is checking the created date on the username token and since those dates are all static and set to some time way in the past they are being rejected.

      Show
      jaminh jaminh added a comment - I figured out what is causing the tests to fail when updating the WSS4J version. The timestamp and username processing changed slightly because of this issue https://issues.apache.org/jira/browse/WSS-427 . It looks like you can fix the timestamp validation by adding messageContext.setProperty(WSHandlerConstants.TTL_TIMESTAMP, Integer.toString(securementTimeToLive)); to the initializeRequestData(MessageContext messageContext) method. The username token tests are failing because as of 1.6.10 wss4j is checking the created date on the username token and since those dates are all static and set to some time way in the past they are being rejected.
      Hide
      arjen.poutsma Arjen Poutsma added a comment - - edited

      Thank you for your investigations. I will take a further look later today.

      Show
      arjen.poutsma Arjen Poutsma added a comment - - edited Thank you for your investigations. I will take a further look later today.
      Hide
      jaminh jaminh added a comment -

      I was able to get all the tests passing with wss4j upgraded. I think those changes got added to the pull request I submitted for this issue but I will admit to not being an expert with git/Github so if that doesn't work I will include a patch for the changes I made.

      Show
      jaminh jaminh added a comment - I was able to get all the tests passing with wss4j upgraded. I think those changes got added to the pull request I submitted for this issue but I will admit to not being an expert with git/Github so if that doesn't work I will include a patch for the changes I made.
      jaminh jaminh made changes -
      Hide
      arjen.poutsma Arjen Poutsma added a comment -

      Thanks for the pull request and patch! I've update SWS accordingly, and the Wss4jSecurityInterceptor now has a SAMLIssuer property.

      Could you try a snapshot (as of tomorrow) and let me know if it works for you?

      Snapshots are available via our http://repo.spring.io/libs-snapshot repo, the version you'd want to use is 2.2.0.BUILD-SNAPSHOT.

      Show
      arjen.poutsma Arjen Poutsma added a comment - Thanks for the pull request and patch! I've update SWS accordingly, and the Wss4jSecurityInterceptor now has a SAMLIssuer property. Could you try a snapshot (as of tomorrow) and let me know if it works for you? Snapshots are available via our http://repo.spring.io/libs-snapshot repo, the version you'd want to use is 2.2.0.BUILD-SNAPSHOT.
      arjen.poutsma Arjen Poutsma made changes -
      Status Open [ 1 ] Resolved [ 5 ]
      Assignee Arjen Poutsma [ arjen.poutsma ]
      Fix Version/s 2.2 [ 12850 ]
      Resolution Complete [ 8 ]
      Hide
      jaminh jaminh added a comment -

      My sample project worked with the snapshot version. Thanks!

      Show
      jaminh jaminh added a comment - My sample project worked with the snapshot version. Thanks!
      Hide
      arjen.poutsma Arjen Poutsma added a comment -

      Great! Soon, we will release 2.2.0-RC1, which will contain this fix (and others).

      Show
      arjen.poutsma Arjen Poutsma added a comment - Great! Soon, we will release 2.2.0-RC1, which will contain this fix (and others).
      Transition Time In Source Status Execution Times Last Executer Last Execution Date
      Open Open Resolved Resolved
      116d 11h 44m 1 Arjen Poutsma 25/Apr/14 5:41 AM

        People

        • Assignee:
          arjen.poutsma Arjen Poutsma
          Reporter:
          jaminh jaminh
        • Votes:
          0 Vote for this issue
          Watchers:
          2 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved: