ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Giger (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-459) RequiredParts + EncryptedParts policy validation not working
Date Fri, 12 Jul 2013 20:05:48 GMT

    [ https://issues.apache.org/jira/browse/WSS-459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13707312#comment-13707312
] 

Marc Giger commented on WSS-459:
--------------------------------

Because
1) They are not part of the pre-validation
2) EncryptedParts can include the Body-Encryption.

RequiredParts could be included in the pre-validation since it does not support the Body (would
also be useless).
EncryptedParts is not included because it can contain the Body. Then you may ask why it works
with the signature!?
Simply because the SignaturePart is doing negative matching and the SignaturePartSecurityEvent
is 
issued before the OperationEvent that triggers the pre-validation (since the body element
itself is signed).

EncryptedParts works exactly the same way as SignatureParts but there is a important difference:
EncryptionPart
for the Body is always Content-Encryption and therefore it may be (not verified yet) that
the SecurityEvent will be issued after the OperationSecurityEvent.

That said, for RequiredPart it should be possible to include it in the pre-validation. For
the others I think it's not that easy.
But that would be just an small optimization and does not solve the basic problem. We have
to call close() in any case before
the ServiceImpl is called when not using Message mode! Not doing so can result in security
issues.

Just some things on top of my head which are affected when close() is not called:
- signature hash calculation may not be finished and not compared with the given one
- No final check is done if all references where processed (sig and enc)
- Policy is not full verified
- If the SwA patches will be accepted the attachments will not be processed
- and propably more....

As already noted, I would propose that we close the StAX reader before invoking the service
impl. when not using Message-Mode (and others streaming modes if any)
and document on wikis etc. that if the MessageMode is used together with the Streaming-WSS
engine that the user is responsible to leech
the stream to the end and calling close().
                
> RequiredParts + EncryptedParts policy validation not working
> ------------------------------------------------------------
>
>                 Key: WSS-459
>                 URL: https://issues.apache.org/jira/browse/WSS-459
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Colm O hEigeartaigh
>            Assignee: Marc Giger
>             Fix For: 2.0
>
>
> RequiredParts policy validation is not working. A CXF negative test-case (StaxPartsTest)
has a policy which "requires" a header of name "ToTo", however the (streaming) service throws
no error.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message