Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-10905

Operation-specific WSS config doesn't get applied when SOAP body is encrypted

    Details

    • Release Notes Text:
      Hide
      A bug affecting ws-security enabled endpoint for which operation specific WSS config is provided has been resolved in this release of JBoss EAP 5.

      The issue created a situation wherein an incoming un-signed encrypted message on the server side could be accepted and processed even if the configuration required it to be signed.

      In this release of the product, a fault will be returned in this situation; the invocation can not be safely processed if the stack is unable to determine which operation or method will be called given the encrypted message and the current WSSE configuration has port/operation-specific configurations.

      In these scenarios the user must either enable ws-addressing or ensure any operation has a unique SOAPAction value that the client can use to specify which operation to invoke.
      Show
      A bug affecting ws-security enabled endpoint for which operation specific WSS config is provided has been resolved in this release of JBoss EAP 5. The issue created a situation wherein an incoming un-signed encrypted message on the server side could be accepted and processed even if the configuration required it to be signed. In this release of the product, a fault will be returned in this situation; the invocation can not be safely processed if the stack is unable to determine which operation or method will be called given the encrypted message and the current WSSE configuration has port/operation-specific configurations. In these scenarios the user must either enable ws-addressing or ensure any operation has a unique SOAPAction value that the client can use to specify which operation to invoke.
    • Release Notes Docs Status:
      Documented as Resolved Issue
    • Docs QE Status:
      NEW
    • Target Release:

      Description

      Server:

      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
        ...
        <port name="HelloPort">
          <operation name="{http://org.jboss.ws/samples/wssecurity}echoUserType">
            <config>
              <encrypt type="x509v3" alias="wsse"/>
              <requires>
                <encryption/>
                <signature/>
              </requires>
            </config>
          </operation>
        </port>
      </jboss-ws-security>
      

      Client:

      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
        <config>
          <encrypt type="x509v3" algorithm="aes" alias="wsse"/>
          <!-- <sign alias="wsse"/> -->
          <requires>
            <encryption/>
          </requires>
        </config>
      </jboss-ws-security>
      

        Gliffy Diagrams

          Attachments

          1. jbpapp-10905.diff
            2 kB
            Kyle Lape

            Issue Links

              Activity

                People

                • Assignee:
                  rdickens Russell Dickenson
                  Reporter:
                  klape Kyle Lape
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: