Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-10905

Operation-specific WSS config doesn't get applied when SOAP body is encrypted

    XMLWordPrintable

Details

    • Hide
      A bug affecting ws-security enabled endpoint for which operation specific WSS config is provided has been resolved in this release of JBoss EAP 5.

      The issue created a situation wherein an incoming un-signed encrypted message on the server side could be accepted and processed even if the configuration required it to be signed.

      In this release of the product, a fault will be returned in this situation; the invocation can not be safely processed if the stack is unable to determine which operation or method will be called given the encrypted message and the current WSSE configuration has port/operation-specific configurations.

      In these scenarios the user must either enable ws-addressing or ensure any operation has a unique SOAPAction value that the client can use to specify which operation to invoke.
      Show
      A bug affecting ws-security enabled endpoint for which operation specific WSS config is provided has been resolved in this release of JBoss EAP 5. The issue created a situation wherein an incoming un-signed encrypted message on the server side could be accepted and processed even if the configuration required it to be signed. In this release of the product, a fault will be returned in this situation; the invocation can not be safely processed if the stack is unable to determine which operation or method will be called given the encrypted message and the current WSSE configuration has port/operation-specific configurations. In these scenarios the user must either enable ws-addressing or ensure any operation has a unique SOAPAction value that the client can use to specify which operation to invoke.
    • Documented as Resolved Issue
    • NEW

    Description

      Server:

      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
        ...
        <port name="HelloPort">
          <operation name="{http://org.jboss.ws/samples/wssecurity}echoUserType">
            <config>
              <encrypt type="x509v3" alias="wsse"/>
              <requires>
                <encryption/>
                <signature/>
              </requires>
            </config>
          </operation>
        </port>
      </jboss-ws-security>
      

      Client:

      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
        <config>
          <encrypt type="x509v3" algorithm="aes" alias="wsse"/>
          <!-- <sign alias="wsse"/> -->
          <requires>
            <encryption/>
          </requires>
        </config>
      </jboss-ws-security>
      

      Attachments

        Issue Links

          Activity

            People

              rdickens_jira Russell Dickenson (Inactive)
              klape-insights Kyle Lape
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: