January 2008 - jbossws-issues - Jboss List Archives

[JBoss JIRA] Created: (JBWS-1395) Add a Standard All Client Configuration to standard-jbossws-client-config.xml

by John Gilbert (JIRA)

Add a Standard All Client Configuration to standard-jbossws-client-config.xml ----------------------------------------------------------------------------- Key: JBWS-1395 URL: http://jira.jboss.com/jira/browse/JBWS-1395 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Components: jaxws Reporter: John Gilbert Priority: Trivial It would be nice to have this in addition to Standard Client, Standard Secure Client, and Standard Addressing Client, so that all clients don't have to create their config file. <client-config> <config-name>Standard All Client</config-name> <post-handler-chain> <handler-chain-name>PostHandlerChain</handler-chain-name> <handler> <j2ee:handler-name>WSSecurityHandlerOutbound</j2ee:handler-name> <j2ee:handler-class>org.jboss.ws.wsse.WSSecurityHandlerOutbound</j2ee:handler-class> </handler> <handler> <j2ee:handler-name>SOAPClientHandler</j2ee:handler-name> <j2ee:handler-class>org.jboss.ws.addressing.soap.SOAPClientHandler</j2ee:handler-class> </handler> </post-handler-chain> </client-config> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 10 months

2
1
0 / 0

[JBoss JIRA] Updated: (JBWS-1549) Multi-factor authentication support

by Thomas Diesler (JIRA)

[ http://jira.jboss.com/jira/browse/JBWS-1549?page=all ] Thomas Diesler updated JBWS-1549: --------------------------------- Fix Version/s: jbossws-3.x (was: jbossws-3.0.1) > Multi-factor authentication support > ----------------------------------- > > Key: JBWS-1549 > URL: http://jira.jboss.com/jira/browse/JBWS-1549 > Project: JBoss Web Services > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: jbossws-native > Reporter: William DeCoste > Fix For: jbossws-3.x > > > Intuit request. Notes: > Implementation of WSS should support 2-factor or multi-factor authentication for confidentiality, i.e. support via username token profile, binary profile, certificate profile. > Currently UsernameToken is not fully supported (see WS-SEC-01). > The BinarySecurityToken block provides a holder for any binary based security token. However, there needs to be an additional specification to define the token. Currently there are specs for REL tokens, Kerberos tickets, x509 certificates and SAML tokens. For example, to allow support for fingerprint scanning, there would need to be a specification for biometric tokens. XCBF is an Oasis approved specification for describing biometric tokens in XML. however, the corresponding token profile (Web Services Security XCBF Token Profile) was in 2nd draft in November 2002; I can't find any later work on this specification. Another option would be to just invent your own specification. However, there would need to be some understanding between each party as to how to handle this token. Interceptors could be used to generate and verify these tokens. Clearly this is not a particularly desirable option. > JBossWS 1.2 will support WS-Security x509 Token Profile. However, there is currently no interoperability with the JEE declarative security. See the JBossWS Jiras issue, JBWS-652, for more information. > WS-Security allows multiple authentication types of authentication tokens to be specified. For example, a request may contain a UsernameToken element and an x509 certificate with a corresponding signature. JBoss supports multi-factor authentication in that it will verify the signature and then pass the username and password on for JAAS authentication. There is currently no support for multifactor JAAS authentication. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 10 months

1
0
0 / 0

[JBoss JIRA] Created: (JBWS-1865) Unify SOAP message trace

by Heiko Braun (JIRA)

Unify SOAP message trace ------------------------ Key: JBWS-1865 URL: http://jira.jboss.com/jira/browse/JBWS-1865 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Components: productivity Reporter: Heiko Braun Fix For: jbossws-2.1.0 Message trace should work the same way across stacks -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 10 months

2
3
0 / 0

[JBoss JIRA] Created: (JBWS-1633) Provide configuration of ws-security ad policy assertion

by Stefano Maestri (JIRA)

Provide configuration of ws-security ad policy assertion -------------------------------------------------------- Key: JBWS-1633 URL: http://jira.jboss.com/jira/browse/JBWS-1633 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Components: jaxws Reporter: Stefano Maestri Assigned To: Stefano Maestri Fix For: jbossws-2.1.0 The goal is to provide a policy assertion implementation using jboss-ws-security_1_0.xsd schema. The policy will be equivalent to actual external file. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 10 months

2
2
0 / 0

[JBoss JIRA] Updated: (JBWS-1569) Provide/Verify WS-Transaction implementation

by Thomas Diesler (JIRA)

[ http://jira.jboss.com/jira/browse/JBWS-1569?page=all ] Thomas Diesler updated JBWS-1569: --------------------------------- Fix Version/s: jbossws-3.x (was: jbossws-3.0.1) > Provide/Verify WS-Transaction implementation > -------------------------------------------- > > Key: JBWS-1569 > URL: http://jira.jboss.com/jira/browse/JBWS-1569 > Project: JBoss Web Services > Issue Type: Task > Security Level: Public(Everyone can see) > Components: jbossws-native > Reporter: Thomas Diesler > Fix For: jbossws-3.x > > -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 10 months

1
0
0 / 0

[JBoss JIRA] Created: (JBWS-1664) Add support for external policy attachment

by Alessio Soldano (JIRA)

Add support for external policy attachment ------------------------------------------ Key: JBWS-1664 URL: http://jira.jboss.com/jira/browse/JBWS-1664 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Components: ws-policy Reporter: Alessio Soldano Assigned To: Alessio Soldano Priority: Minor Fix For: jbossws-2.1.0 WS-Policy Attachment specs, chapter 3.4 on external policy attachment: "This mechanism allows Policies to be associated with a Policy Subject independent of that subject's definition and/or representation through the use of a <wsp:PolicyAttachment> element. This element has three components: the Policy Scope of the attachment, the Policy Expressions being bound, and optional security information. The Policy Scope of the attachment is defined using one or more extensible domain expressions that identify Policy Subjects, typically using URIs. [...]" This is supposed to use WS-Addressing to deal with policy scopes. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 10 months

2
2
0 / 0

[JBoss JIRA] Updated: (JBWS-1541) WS-Security 1.1 support

by Thomas Diesler (JIRA)

[ http://jira.jboss.com/jira/browse/JBWS-1541?page=all ] Thomas Diesler updated JBWS-1541: --------------------------------- Fix Version/s: jbossws-3.x (was: jbossws-3.0.1) > WS-Security 1.1 support > ----------------------- > > Key: JBWS-1541 > URL: http://jira.jboss.com/jira/browse/JBWS-1541 > Project: JBoss Web Services > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: jbossws-native > Reporter: William DeCoste > Assigned To: Darran Lofthouse > Fix For: jbossws-3.x > > > Intuit requirement. Notes: > In JBossWS 1.2, WS-Security 1.0 is implemented and Username Token Profile 1.0 is partly implemented. WS-Security 1.1 is not implemented at all. > Username Token Profile 1.0 describes how to use WS-Security 1.x to send a username and password over an unprotected link whilst maintaining confidentiality and preventing tampering and replay. Currently JBossWS 1.2 does not fully support Username Token Profile 1.0. This is due to lack of support for nonces. The "<wsse:UsernameToken>" can be signed and verified by using the current digital signature features of the JBossWS 1.2 implementation of WS-Security. > However, transmitting digested passwords is not a suitable solution for Intuit as it requires that passwords be stored in plain text. This violates Intuit's company wide security policy. > As far as I can tell, the main differences between WS-Security 1.0 and WS- Security 1.1 are to do with the signing of headers and with the addition of a new feature for preventing some man-in-the-middle attacks. The WS-Security 1.0 specification stated that you cannot encrypt the soap header, where as the WS-Security 1.1 specification states that you can. Despite this, JBossWS 1.2 allows you to encrypt the header. The WS-Security 1.1 specification prevents some man-in-the-middle attacks by mandating extra acknowledgements. > Backward compatibility, e.g. security handler should recognize and consume WSS 1.0 and 1.1 respectively. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 10 months

1
0
0 / 0

[JBoss JIRA] Created: (JBWS-1638) Provide samples for business activity

by Thomas Diesler (JIRA)

Provide samples for business activity ------------------------------------- Key: JBWS-1638 URL: http://jira.jboss.com/jira/browse/JBWS-1638 Project: JBoss Web Services Issue Type: Sub-task Security Level: Public (Everyone can see) Reporter: Thomas Diesler -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 10 months

1
4
0 / 0

[JBoss JIRA] Created: (JBWS-1471) Remove unwated tomcat excludes

by Thomas Diesler (JIRA)

Remove unwated tomcat excludes ------------------------------ Key: JBWS-1471 URL: http://jira.jboss.com/jira/browse/JBWS-1471 Project: JBoss Web Services Issue Type: Task Security Level: Public (Everyone can see) Reporter: Thomas Diesler Fix For: jbossws-2.0.0 # TODO: Why are these excluded org/jboss/test/ws/jaxws/samples/wseventing/** org/jboss/test/ws/jaxrpc/samples/wssecurity/StorePassEncryptTestCase.* -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 10 months

2
2
0 / 0

[JBoss JIRA] Updated: (JBWS-1249) 10.20URL rewriting support

by Thomas Diesler (JIRA)

[ http://jira.jboss.com/jira/browse/JBWS-1249?page=all ] Thomas Diesler updated JBWS-1249: --------------------------------- Fix Version/s: jbossws-3.x (was: jbossws-3.0.1) > 10.20URL rewriting support > -------------------------- > > Key: JBWS-1249 > URL: http://jira.jboss.com/jira/browse/JBWS-1249 > Project: JBoss Web Services > Issue Type: Sub-task > Security Level: Public(Everyone can see) > Components: jbossws-native > Reporter: Thomas Diesler > Assigned To: Thomas Diesler > Fix For: jbossws-3.x > > -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbossws-issues January 2008