Details

    • Type: Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: 2.2.0.RELEASE
    • Fix Version/s: 2.3.0
    • Component/s: None
    • Labels:
      None

      Description

      Both support libraries have been recently upgraded, and seem to be mostly compatible with the current Spring WS implementation of Wss4jSecurityInterceptor, however SAML handling has changed.

      See the migration guide at:
      https://ws.apache.org/wss4j/migration.html

        Issue Links

          Activity

          mads1980 Manuel Dominguez Sarmiento created issue -
          arjen.poutsma Arjen Poutsma made changes -
          Field Original Value New Value
          Fix Version/s 2.3 [ 14957 ]
          Hide
          jaminh jaminh added a comment -

          I was able to get the project building with WSS4J upgraded to version 2.0.5. There was a fair amount that changed so I will probably have to write up something about what I did but I thought I would put this out there in case anyone wants to look it over or try using it. https://github.com/jaminh/spring-ws/tree/feature/SWS-886

          Show
          jaminh jaminh added a comment - I was able to get the project building with WSS4J upgraded to version 2.0.5. There was a fair amount that changed so I will probably have to write up something about what I did but I thought I would put this out there in case anyone wants to look it over or try using it. https://github.com/jaminh/spring-ws/tree/feature/SWS-886
          Hide
          gregturn Greg Turnquist added a comment -

          Thanks for working on this Manuel. The trick is, Spring WS is heavily invested in backwards compatibility. I'm not sure we're ready to either cut off Wss4j 1.x users, or invest the effort to support both seamlessly. Have to think about how to best approach this.

          Show
          gregturn Greg Turnquist added a comment - Thanks for working on this Manuel. The trick is, Spring WS is heavily invested in backwards compatibility. I'm not sure we're ready to either cut off Wss4j 1.x users, or invest the effort to support both seamlessly. Have to think about how to best approach this.
          Hide
          eduardo.ito Eduardo Issao Ito added a comment -

          Is there any plan to upgrade to wss4j 2.0?

          Show
          eduardo.ito Eduardo Issao Ito added a comment - Is there any plan to upgrade to wss4j 2.0?
          Hide
          gregturn Greg Turnquist added a comment -

          The only way to entertain doing this is by providing a new package, like spring-ws-security - org.springframework.ws.soap.security.wss4j2. We cannot simply rip out the old version and plugin a new one.

          If you want to take your tentative solution and rework it that so that both version of wss4j are optional, with wss4j package left as is, and your new version in wss4j2, I could look at that as a possibility.

          Show
          gregturn Greg Turnquist added a comment - The only way to entertain doing this is by providing a new package, like spring-ws-security - org.springframework.ws.soap.security.wss4j2. We cannot simply rip out the old version and plugin a new one. If you want to take your tentative solution and rework it that so that both version of wss4j are optional, with wss4j package left as is, and your new version in wss4j2, I could look at that as a possibility.
          Hide
          jaminh jaminh added a comment -

          I made a version including both 1.6.x and 2.0.x versions of WSS4J that can be viewed here https://github.com/jaminh/spring-ws/tree/feature/SWS-886-rebase

          That being said when Spring-WS updated from Wss4j 1.5.x to 1.6.x there were breaking changes but it was allowed to be done in a minor version release (2.1.0 https://jira.spring.io/browse/SWS-711). Wss4j is already on a 2.1.x version and the last planned 1.x version was released in October 2015, so despite your desire not to cut off Wss4j 1.x users Wss4j already has.

          Show
          jaminh jaminh added a comment - I made a version including both 1.6.x and 2.0.x versions of WSS4J that can be viewed here https://github.com/jaminh/spring-ws/tree/feature/SWS-886-rebase That being said when Spring-WS updated from Wss4j 1.5.x to 1.6.x there were breaking changes but it was allowed to be done in a minor version release (2.1.0 https://jira.spring.io/browse/SWS-711 ). Wss4j is already on a 2.1.x version and the last planned 1.x version was released in October 2015, so despite your desire not to cut off Wss4j 1.x users Wss4j already has.
          Hide
          gregturn Greg Turnquist added a comment -

          Thanks @jaminh! Arjen and I have carved out some time to work on a Spring WS 2.3 release that will include moving things up to wss4j 2.0. I appreciate the work you've done on coding this. Stay tuned.

          Show
          gregturn Greg Turnquist added a comment - Thanks @jaminh! Arjen and I have carved out some time to work on a Spring WS 2.3 release that will include moving things up to wss4j 2.0. I appreciate the work you've done on coding this. Stay tuned.
          gregturn Greg Turnquist made changes -
          Link This issue is related to SWS-849 [ SWS-849 ]
          Hide
          arjen.poutsma Arjen Poutsma added a comment -

          I looked at your branch, jaminh, and it looks good! Thank you for putting this much work into it. I do have some comments, however. Most of them are minor, and they can definitely be dealt with in terms of a PR.

          So there are two ways we can go forward: you can make your branch a PR and I can comment on the things that I think needs work: essentially we would be working together on this. Or I can simply take over from here, by creating my own branch based on your work and make the changes myself (while still giving you credit, of course). So it really depends on how much time you would like to spend on this.

          Show
          arjen.poutsma Arjen Poutsma added a comment - I looked at your branch, jaminh , and it looks good! Thank you for putting this much work into it. I do have some comments, however. Most of them are minor, and they can definitely be dealt with in terms of a PR. So there are two ways we can go forward: you can make your branch a PR and I can comment on the things that I think needs work: essentially we would be working together on this. Or I can simply take over from here, by creating my own branch based on your work and make the changes myself (while still giving you credit, of course). So it really depends on how much time you would like to spend on this.
          Hide
          jaminh jaminh added a comment -

          I created a pull request https://github.com/spring-projects/spring-ws/pull/52. I may have time to work on it this weekend but if I don't get to it then feel free to make any changes you need if it is holding up the release.

          Show
          jaminh jaminh added a comment - I created a pull request https://github.com/spring-projects/spring-ws/pull/52 . I may have time to work on it this weekend but if I don't get to it then feel free to make any changes you need if it is holding up the release.
          gregturn Greg Turnquist made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Assignee Greg Turnquist [ gregturn ]
          Resolution Complete [ 8 ]
          gregturn Greg Turnquist made changes -
          gregturn Greg Turnquist made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Hide
          jaminh jaminh added a comment -

          I did some more testing on with these changes and there are a couple things I think should be changed. First of all in order to secure messages with SAML a method for configuring a SAML callback needs to be added. Also I was getting errors when I didn't set the validationActions because the validationActionsVector didn't get initialized. To fix that I moved the initialization of the validationActionsVector to the afterPropertiesSet method. I submitted a pull request with these changes. https://github.com/spring-projects/spring-ws/pull/66

          Show
          jaminh jaminh added a comment - I did some more testing on with these changes and there are a couple things I think should be changed. First of all in order to secure messages with SAML a method for configuring a SAML callback needs to be added. Also I was getting errors when I didn't set the validationActions because the validationActionsVector didn't get initialized. To fix that I moved the initialization of the validationActionsVector to the afterPropertiesSet method. I submitted a pull request with these changes. https://github.com/spring-projects/spring-ws/pull/66
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Resolved Resolved
          401d 3h 29m 1 Greg Turnquist 02/Feb/16 7:28 PM
          Resolved Resolved Closed Closed
          1m 40s 1 Greg Turnquist 02/Feb/16 7:30 PM

            People

            • Assignee:
              gregturn Greg Turnquist
              Reporter:
              mads1980 Manuel Dominguez Sarmiento
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: