spring-ws icon indicating copy to clipboard operation
spring-ws copied to clipboard

Published 20 hours ago verified publisher icon spring-projects

Please add a method to o.s.ws.soap.s.wss4j2.Wss4jSecurityInterceptor to use ENCODED PASSWORDS [SWS-1023]

Open gregturn opened this issue 6 years ago • 2 comments

Ravisankar Challa opened SWS-1023 and commented

At the moment we have to do this to use encoded passwords

@Override
   public boolean handleRequest(MessageContext messageContext) throws WebServiceClientException {
       messageContext.setProperty(WSHandlerConstants.USE_ENCODED_PASSWORDS, "true");
  }

Please add a new method to org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor

public void setUseEncodedPasswords(boolean useEncodedPasswords) {
        handler.setOption(WSHandlerConstants.USE_ENCODED_PASSWORDS, useEncodedPasswords);
 }

No further details from SWS-1023

gregturn avatar May 24 '18 13:05 gregturn

@Ravisankar-Challa did you open this ticket? If so, can you provide some insight into what the final XML should look like so I could write an suitable test case?

gregturn avatar Sep 29 '20 17:09 gregturn

Happy to see some progress on this issue after 2 years. Better late then never. Input: username: wernerd password: hGqoUreBgahTJblQ3DbJIkE6uNs= Password is derived from org.apache.xml.security.utils.XMLUtils.encodeToString("verySecret")

Expected output: Ignore the soap body generated output should have '<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">'

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
     <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">
        <wsse:UsernameToken wsu:Id="UsernameToken-f59aa6ce-8248-4a24-80b2-96701dafe86e">
	     <wsse:Username>wernerd</wsse:Username>
	         <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">HSpESqj+4UkaAtiNqaLn4tJSSpQ=</wsse:Password>
		<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">jqF/sqwfJy7GHqNlfgtJmQ==</wsse:Nonce>
				<wsu:Created>2020-10-06T09:15:37.982Z</wsu:Created>
	     </wsse:UsernameToken>
    </wsse:Security>
</SOAP-ENV:Header>
	<SOAP-ENV:Body>
		<add xmlns="http://ws.apache.org/counter/counter_port_type">
			<value xmlns="">15</value>
		</add>
	</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Ravisankar-Challa avatar Oct 06 '20 09:10 Ravisankar-Challa