From users-return-2385-apmail-ws-users-archive=ws.apache.org@ws.apache.org Tue Oct 7 08:09:26 2014 Return-Path: X-Original-To: apmail-ws-users-archive@www.apache.org Delivered-To: apmail-ws-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3AA82173F6 for ; Tue, 7 Oct 2014 08:09:26 +0000 (UTC) Received: (qmail 25278 invoked by uid 500); 7 Oct 2014 08:09:25 -0000 Delivered-To: apmail-ws-users-archive@ws.apache.org Received: (qmail 25224 invoked by uid 500); 7 Oct 2014 08:09:25 -0000 Mailing-List: contact users-help@ws.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@ws.apache.org Delivered-To: mailing list users@ws.apache.org Received: (qmail 25214 invoked by uid 99); 7 Oct 2014 08:09:25 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Oct 2014 08:09:25 +0000 Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 5F3B51A0031 for ; Tue, 7 Oct 2014 08:09:20 +0000 (UTC) Received: by mail-wi0-f179.google.com with SMTP id d1so7026186wiv.6 for ; Tue, 07 Oct 2014 01:09:20 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.194.237.164 with SMTP id vd4mr2659698wjc.46.1412669360039; Tue, 07 Oct 2014 01:09:20 -0700 (PDT) Reply-To: coheigea@apache.org Received: by 10.194.55.230 with HTTP; Tue, 7 Oct 2014 01:09:19 -0700 (PDT) In-Reply-To: <54333907.9020703@openroadsconsulting.com> References: <54333907.9020703@openroadsconsulting.com> Date: Tue, 7 Oct 2014 09:09:19 +0100 Message-ID: Subject: Re: Proposed patch for nonce missing encoderType From: Colm O hEigeartaigh To: users@ws.apache.org Content-Type: multipart/alternative; boundary=089e01494d0a63ef710504d0b72e --089e01494d0a63ef710504d0b72e Content-Type: text/plain; charset=UTF-8 That particular piece of code is in a block which enforces Basic Security Profile conformance. In the BSP spec, the EncodingType attribute *must* be present, there is no default to fall back to. If a third party client is not sending an EncodingType attribute, then you will have to disable BSP Compliance on the service to get it to work. Colm. On Tue, Oct 7, 2014 at 1:51 AM, David R. Robison < david.robison@openroadsconsulting.com> wrote: > From the WS-Security spec it appears that the encodingType for the > nonce is optional and, if missing, defaults to Base64 encoding. This > patch assumes this default if the encodingType is missing. > David > > Index: > src/main/java/org/apache/ws/security/message/token/UsernameToken.java > =================================================================== > --- > src/main/java/org/apache/ws/security/message/token/UsernameToken.java > (revision 1629762) > +++ > src/main/java/org/apache/ws/security/message/token/UsernameToken.java > (working copy) > @@ -1163,8 +1163,8 @@ > Element nonce = nonceElements.get(0); > String encodingType = nonce.getAttributeNS(null, > "EncodingType"); > // Encoding Type must be equal to Base64Binary > - if (encodingType == null || "".equals(encodingType) > - || !BinarySecurity.BASE64_ENCODING.equals(encodingType)) { > + if (encodingType == null || "".equals(encodingType)) > encodingType = BinarySecurity.BASE64_ENCODING; > + if(!BinarySecurity.BASE64_ENCODING.equals(encodingType)) { > if (LOG.isDebugEnabled()) { > LOG.debug("The Username Token's nonce element has > a bad encoding type"); > } > > > > -- > > David R Robison > Open Roads Consulting, Inc. > 103 Watson Road, Chesapeake, VA 23320 > phone: +1 757-546-3401 > e-mail: david.robison@openroadsconsulting.com > web: http://www.openroadsconsulting.com > blog: http://therobe.blogspot.com > book: > http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526 > > > > This email communication (including any attachments) may contain > confidential and/or privileged material intended solely for the individual > or entity to which it is addressed. > If you are not the intended recipient, please delete this email > immediately. > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com --089e01494d0a63ef710504d0b72e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

That particular piece of code is in a block= which enforces Basic Security Profile conformance. In the BSP spec, the En= codingType attribute *must* be present, there is no default to fall back to= . If a third party client is not sending an EncodingType attribute, then yo= u will have to disable BSP Compliance on the service to get it to work.
=
Colm.

On Tue, Oct 7, 2014 at 1:51 AM, David R. Robison <da= vid.robison@openroadsconsulting.com> wrote:
=C2=A0From the WS-Security spec it appears that the encodi= ngType for the
nonce is optional and, if missing, defaults to Base64 encoding. This
patch assumes this default if the encodingType is missing.
David

Index: src/main/java/org/apache/ws/security/message/token/UsernameToken.jav= a
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
---
src/main/java/org/apache/ws/security/message/token/UsernameToken.java
(revision 1629762)
+++
src/main/java/org/apache/ws/security/message/token/UsernameToken.java
(working copy)
@@ -1163,8 +1163,8 @@
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Element nonce =3D nonceEle= ments.get(0);
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 String encodingType =3D no= nce.getAttributeNS(null,
"EncodingType");
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 // Encoding Type must be e= qual to Base64Binary
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (encodingType =3D=3D null || = "".equals(encodingType)
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 || !BinarySecurity= .BASE64_ENCODING.equals(encodingType)) {
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (encodingType =3D=3D null || = "".equals(encodingType))
encodingType =3D BinarySecurity.BASE64_ENCODING;
+ if(!BinarySecurity.BASE64_ENCODING.equals(encodingType)) {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (LOG.isDe= bugEnabled()) {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 LOG.debug("The Username Token's nonce element has
a bad encoding type");
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }



--

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: +1 757-546-3401
e-mail: david.robi= son@openroadsconsulting.com
web: http:= //www.openroadsconsulting.com
blog: http://ther= obe.blogspot.com
book: http://www.xulonpress.com/bookstore/boo= kdetail.php?PB_ISBN=3D9781597816526



This email communication (including any attachments) may contain confidenti= al and/or privileged material intended solely for the individual or entity = to which it is addressed.
If you are not the intended recipient, please delete this email immediately= .




--
Colm O hEigeartai= gh

Talend Community Coder
http://coders.talend.com
--089e01494d0a63ef710504d0b72e--