Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-955

Ability to configure SAML callback in Wss4jInterceptor

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: 2.4.0
    • Fix Version/s: 3.0.0.RELEASE
    • Component/s: Security
    • Labels:
      None

      Description

      In order to secure messages with SAML a method for configuring a SAML callback needs to be added. Also I was getting errors when I didn't set the validationActions because the validationActionsVector didn't get initialized.

        Activity

        Hide
        jaminh jaminh added a comment -

        I originally commented about this on https://jira.spring.io/browse/SWS-886 but since that has been included in the recent 2.3.0 release I made a new issue for it. I also have an updated pull request https://github.com/spring-projects/spring-ws/pull/68

        Show
        jaminh jaminh added a comment - I originally commented about this on https://jira.spring.io/browse/SWS-886 but since that has been included in the recent 2.3.0 release I made a new issue for it. I also have an updated pull request https://github.com/spring-projects/spring-ws/pull/68
        Hide
        jaminh jaminh added a comment -

        I made some updates for this Jira. Since there is a separate issue (SWS-961) for the validation actions issue I split that out. I also added JUnit tests for creating and validating a SAML assertion. These changes can be found here https://github.com/jaminh/spring-ws/tree/feature/SWS-955-961. It is probably worth noting that I had to exclude the old version of opensaml that gets included with wss4j 1.6, it seems like everything still builds but if people are using SAML with the old wss4j they would likely have to exclude the new opensaml dependencies and include the old opensaml in their project.

        Show
        jaminh jaminh added a comment - I made some updates for this Jira. Since there is a separate issue ( SWS-961 ) for the validation actions issue I split that out. I also added JUnit tests for creating and validating a SAML assertion. These changes can be found here https://github.com/jaminh/spring-ws/tree/feature/SWS-955-961 . It is probably worth noting that I had to exclude the old version of opensaml that gets included with wss4j 1.6, it seems like everything still builds but if people are using SAML with the old wss4j they would likely have to exclude the new opensaml dependencies and include the old opensaml in their project.
        Hide
        jaminh jaminh added a comment -

        I tried adding JUnit tests for securing messages with SAML in the Wss4jInterceptor and I ran into issues when OpenSAML gets initialized and both opensaml-2 and opensaml-3 are on the classpath. In order to deal with this issue I think it might be best to separate the WSS4J 2 classes into a separate project so that the old version of opensaml can be excluded. I have an example of this here https://github.com/jaminh/spring-ws/tree/feature/SWS-955-new.

        Show
        jaminh jaminh added a comment - I tried adding JUnit tests for securing messages with SAML in the Wss4jInterceptor and I ran into issues when OpenSAML gets initialized and both opensaml-2 and opensaml-3 are on the classpath. In order to deal with this issue I think it might be best to separate the WSS4J 2 classes into a separate project so that the old version of opensaml can be excluded. I have an example of this here https://github.com/jaminh/spring-ws/tree/feature/SWS-955-new .

          People

          • Assignee:
            gregturn Greg Turnquist
            Reporter:
            jaminh jaminh
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: