search

spring-projects / spring-ws

Spring Web Services
https://spring.io/projects/spring-ws
Apache License 2.0
317 stars 309 forks source link

Please add a method to o.s.ws.soap.s.wss4j2.Wss4jSecurityInterceptor to use ENCODED PASSWORDS [SWS-1023] #1093

Open gregturn opened 6 years ago

gregturn commented 6 years ago

Ravisankar Challa opened SWS-1023 and commented

At the moment we have to do this to use encoded passwords

@Override
   public boolean handleRequest(MessageContext messageContext) throws WebServiceClientException {
       messageContext.setProperty(WSHandlerConstants.USE_ENCODED_PASSWORDS, "true");
  }

Please add a new method to org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor

public void setUseEncodedPasswords(boolean useEncodedPasswords) {
        handler.setOption(WSHandlerConstants.USE_ENCODED_PASSWORDS, useEncodedPasswords);
 }

No further details from SWS-1023

gregturn commented 3 years ago

@Ravisankar-Challa did you open this ticket? If so, can you provide some insight into what the final XML should look like so I could write an suitable test case?

Ravisankar-Challa commented 3 years ago

Happy to see some progress on this issue after 2 years. Better late then never. Input: username: wernerd password: hGqoUreBgahTJblQ3DbJIkE6uNs= Password is derived from org.apache.xml.security.utils.XMLUtils.encodeToString("verySecret")

Expected output: Ignore the soap body generated output should have ''

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
     <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">
        <wsse:UsernameToken wsu:Id="UsernameToken-f59aa6ce-8248-4a24-80b2-96701dafe86e">
         <wsse:Username>wernerd</wsse:Username>
             <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">HSpESqj+4UkaAtiNqaLn4tJSSpQ=</wsse:Password>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">jqF/sqwfJy7GHqNlfgtJmQ==</wsse:Nonce>
                <wsu:Created>2020-10-06T09:15:37.982Z</wsu:Created>
         </wsse:UsernameToken>
    </wsse:Security>
</SOAP-ENV:Header>
    <SOAP-ENV:Body>
        <add xmlns="http://ws.apache.org/counter/counter_port_type">
            <value xmlns="">15</value>
        </add>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>