May 2018 - jbossws-issues - Jboss List Archives

[JBoss JIRA] (JBWS-4123) SAMLTokenPrincipal is not propagated to EJB

by Alessio Soldano (JIRA)

[ https://issues.jboss.org/browse/JBWS-4123?page=com.atlassian.jira.plugin.... ] Alessio Soldano commented on JBWS-4123: --------------------------------------- So, [~jim.ma] has been trying the application here, manually set up the elytron security domain adding the following to the CLI script: {noformat} /subsystem=undertow/application-security-domain=ApplicationDomain:add(http-authentication-factory=application-http-authentication) /subsystem=ejb3/application-security-domain=ApplicationDomain:add(security-domain=ApplicationDomain) {noformat} but eventually figured out a roadblock which is now filed under https://issues.jboss.org/browse/WFLY-10480 . > SAMLTokenPrincipal is not propagated to EJB > -------------------------------------------- > > Key: JBWS-4123 > URL: https://issues.jboss.org/browse/JBWS-4123 > Project: JBoss Web Services > Issue Type: Feature Request > Components: jbossws-cxf > Affects Versions: jbossws-cxf-5.2.1.Final > Reporter: Viral Gohel > Priority: Critical > Fix For: jbossws-cxf-5.2.2.Final > > Attachments: redhat-saml-interceptor.zip, redhat.zip > > > SAML Token Principal can be propagated to the EJB layer, which right now we are not seeing. > Here are the results we see, > 16:23:43,521 INFO [stdout] (default task-9) class org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl > 16:23:43,522 INFO [stdout] (default task-9) subjectName > 16:23:58,617 INFO [stdout] (default task-9) class org.jboss.security.SimplePrincipal > 16:24:15,751 INFO [stdout] (default task-9) anonymous > CXF code isn't creating the Subject for the security context in a way that the EAP, or JEE containers, can understand. For UsernameToken type authentication this is done through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but I'm unsure if this applies to SAML tokens. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

[JBoss JIRA] (JBWS-4123) SAMLTokenPrincipal is not propagated to EJB

by Alessio Soldano (JIRA)

[ https://issues.jboss.org/browse/JBWS-4123?page=com.atlassian.jira.plugin.... ] Alessio Soldano commented on JBWS-4123: --------------------------------------- Ops, sorry, well the code is pretty much the same as https://github.com/wildfly/wildfly/blob/11.0.0.Final/webservices/server-i... > SAMLTokenPrincipal is not propagated to EJB > -------------------------------------------- > > Key: JBWS-4123 > URL: https://issues.jboss.org/browse/JBWS-4123 > Project: JBoss Web Services > Issue Type: Feature Request > Components: jbossws-cxf > Affects Versions: jbossws-cxf-5.2.1.Final > Reporter: Viral Gohel > Priority: Critical > Fix For: jbossws-cxf-5.2.2.Final > > Attachments: redhat-saml-interceptor.zip, redhat.zip > > > SAML Token Principal can be propagated to the EJB layer, which right now we are not seeing. > Here are the results we see, > 16:23:43,521 INFO [stdout] (default task-9) class org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl > 16:23:43,522 INFO [stdout] (default task-9) subjectName > 16:23:58,617 INFO [stdout] (default task-9) class org.jboss.security.SimplePrincipal > 16:24:15,751 INFO [stdout] (default task-9) anonymous > CXF code isn't creating the Subject for the security context in a way that the EAP, or JEE containers, can understand. For UsernameToken type authentication this is done through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but I'm unsure if this applies to SAML tokens. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

[JBoss JIRA] (JBWS-4123) SAMLTokenPrincipal is not propagated to EJB

by Jan Krause (JIRA)

[ https://issues.jboss.org/browse/JBWS-4123?page=com.atlassian.jira.plugin.... ] Jan Krause commented on JBWS-4123: ---------------------------------- Thank you for looking into this. Unfortunately, I cannot open the link, since I don't have access to the jboss-eap7 repository. > SAMLTokenPrincipal is not propagated to EJB > -------------------------------------------- > > Key: JBWS-4123 > URL: https://issues.jboss.org/browse/JBWS-4123 > Project: JBoss Web Services > Issue Type: Feature Request > Components: jbossws-cxf > Affects Versions: jbossws-cxf-5.2.1.Final > Reporter: Viral Gohel > Priority: Critical > Fix For: jbossws-cxf-5.2.2.Final > > Attachments: redhat-saml-interceptor.zip, redhat.zip > > > SAML Token Principal can be propagated to the EJB layer, which right now we are not seeing. > Here are the results we see, > 16:23:43,521 INFO [stdout] (default task-9) class org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl > 16:23:43,522 INFO [stdout] (default task-9) subjectName > 16:23:58,617 INFO [stdout] (default task-9) class org.jboss.security.SimplePrincipal > 16:24:15,751 INFO [stdout] (default task-9) anonymous > CXF code isn't creating the Subject for the security context in a way that the EAP, or JEE containers, can understand. For UsernameToken type authentication this is done through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but I'm unsure if this applies to SAML tokens. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

[JBoss JIRA] (JBWS-4123) SAMLTokenPrincipal is not propagated to EJB

by Alessio Soldano (JIRA)

[ https://issues.jboss.org/browse/JBWS-4123?page=com.atlassian.jira.plugin.... ] Alessio Soldano commented on JBWS-4123: --------------------------------------- Btw, here is basically where the webservices subsystem check the type of security domain it's been passed: https://github.com/jbossas/jboss-eap7/blob/EAP_7.1.0.CR4-dev/webservices/... > SAMLTokenPrincipal is not propagated to EJB > -------------------------------------------- > > Key: JBWS-4123 > URL: https://issues.jboss.org/browse/JBWS-4123 > Project: JBoss Web Services > Issue Type: Feature Request > Components: jbossws-cxf > Affects Versions: jbossws-cxf-5.2.1.Final > Reporter: Viral Gohel > Priority: Critical > Fix For: jbossws-cxf-5.2.2.Final > > Attachments: redhat-saml-interceptor.zip, redhat.zip > > > SAML Token Principal can be propagated to the EJB layer, which right now we are not seeing. > Here are the results we see, > 16:23:43,521 INFO [stdout] (default task-9) class org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl > 16:23:43,522 INFO [stdout] (default task-9) subjectName > 16:23:58,617 INFO [stdout] (default task-9) class org.jboss.security.SimplePrincipal > 16:24:15,751 INFO [stdout] (default task-9) anonymous > CXF code isn't creating the Subject for the security context in a way that the EAP, or JEE containers, can understand. For UsernameToken type authentication this is done through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but I'm unsure if this applies to SAML tokens. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

[JBoss JIRA] (JBWS-4123) SAMLTokenPrincipal is not propagated to EJB

by Alessio Soldano (JIRA)

[ https://issues.jboss.org/browse/JBWS-4123?page=com.atlassian.jira.plugin.... ] Alessio Soldano commented on JBWS-4123: --------------------------------------- [~jan.krause1], I've just tried your application. The webservices subsystem is using the security domain that the application is specifying in its jboss-web.xml, which is the one named "other". AFAICS in the standalone.xml patched using the provided CLI script, the "other" domain is not an Elytron domain. I believe there's something to be fixed in the standalone.xml configuration, I'll have a colleague of mine (with more experience than me on Elytron) follow up on this. > SAMLTokenPrincipal is not propagated to EJB > -------------------------------------------- > > Key: JBWS-4123 > URL: https://issues.jboss.org/browse/JBWS-4123 > Project: JBoss Web Services > Issue Type: Feature Request > Components: jbossws-cxf > Affects Versions: jbossws-cxf-5.2.1.Final > Reporter: Viral Gohel > Priority: Critical > Fix For: jbossws-cxf-5.2.2.Final > > Attachments: redhat-saml-interceptor.zip, redhat.zip > > > SAML Token Principal can be propagated to the EJB layer, which right now we are not seeing. > Here are the results we see, > 16:23:43,521 INFO [stdout] (default task-9) class org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl > 16:23:43,522 INFO [stdout] (default task-9) subjectName > 16:23:58,617 INFO [stdout] (default task-9) class org.jboss.security.SimplePrincipal > 16:24:15,751 INFO [stdout] (default task-9) anonymous > CXF code isn't creating the Subject for the security context in a way that the EAP, or JEE containers, can understand. For UsernameToken type authentication this is done through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but I'm unsure if this applies to SAML tokens. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

[JBoss JIRA] (JBWS-4120) SOAP logging stopped working with WildFly 12 / JBossWS 5.2.0.Final (Apache CXF 3.2.2)

by Petr Jurak (JIRA)

[ https://issues.jboss.org/browse/JBWS-4120?page=com.atlassian.jira.plugin.... ] Petr Jurak commented on JBWS-4120: ---------------------------------- [~jbliznak] So far not started on this. > SOAP logging stopped working with WildFly 12 / JBossWS 5.2.0.Final (Apache CXF 3.2.2) > ------------------------------------------------------------------------------------- > > Key: JBWS-4120 > URL: https://issues.jboss.org/browse/JBWS-4120 > Project: JBoss Web Services > Issue Type: Bug > Affects Versions: jbossws-cxf-5.2.0.Final > Reporter: Rostislav Svoboda > Assignee: Petr Jurak > Priority: Critical > Fix For: jbossws-cxf-5.2.2.Final > > > SOAP logging stopped working with WildFly 12 / JBossWS 5.2.0.Final (Apache CXF 3.2.2) > This is working with WildFly 11 / JBossWS 5.1.9.Final (Apache CXF 3.1.12) > {code} > wildfly-11.0.0.Final/bin/standalone.sh -Dorg.apache.cxf.logging.enabled=pretty > wildfly-12.0.0.Final/bin/standalone.sh -Dorg.apache.cxf.logging.enabled=pretty > {code} > Seems that logging feature is not activated, I tried also {{org.apache.cxf.logging.enabled=true}}. > It can be related to https://github.com/apache/cxf/commit/54e7c58d5449d5f91879674598fe1b1ee339... changes where logging was refactored and new LoggingBusLifecycleListener was introduced. > I used https://github.com/wildfly/quickstart/tree/master/helloworld-ws app ++ SoapUI for quick check. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

[JBoss JIRA] (JBWS-4120) SOAP logging stopped working with WildFly 12 / JBossWS 5.2.0.Final (Apache CXF 3.2.2)

by Jan Blizňák (JIRA)

[ https://issues.jboss.org/browse/JBWS-4120?page=com.atlassian.jira.plugin.... ] Jan Blizňák commented on JBWS-4120: ----------------------------------- [~pjurak] any progress here? >From the code change posted by Rostislav we need to utilize the new CXF artifact https://mvnrepository.com/artifact/org.apache.cxf/cxf-rt-features-logging to be able to detect the system property. So we need to go with JBWS-4105. I did quick test and added it to the org/apache/cxf/impl/main module along with dependency on <module name="org.slf4j"/> (otherwise CNFE is thrown on org.slf4j.LoggerFactory) and it seems to fix the issue - the pretty logging enabled by system property is working again. So we need to update both: - add dependency to cxf-rt-features-logging and update feature pack in Wildfly wildfly/feature-pack/src/main/resources/modules/system/layers/base/org/apache/cxf/impl/main/module.xml - add dependency with proper excludes to JBossWS and update module resources modules/wildfly1300/org/apache/cxf/impl/main/module.xml > SOAP logging stopped working with WildFly 12 / JBossWS 5.2.0.Final (Apache CXF 3.2.2) > ------------------------------------------------------------------------------------- > > Key: JBWS-4120 > URL: https://issues.jboss.org/browse/JBWS-4120 > Project: JBoss Web Services > Issue Type: Bug > Affects Versions: jbossws-cxf-5.2.0.Final > Reporter: Rostislav Svoboda > Assignee: Petr Jurak > Priority: Critical > Fix For: jbossws-cxf-5.2.2.Final > > > SOAP logging stopped working with WildFly 12 / JBossWS 5.2.0.Final (Apache CXF 3.2.2) > This is working with WildFly 11 / JBossWS 5.1.9.Final (Apache CXF 3.1.12) > {code} > wildfly-11.0.0.Final/bin/standalone.sh -Dorg.apache.cxf.logging.enabled=pretty > wildfly-12.0.0.Final/bin/standalone.sh -Dorg.apache.cxf.logging.enabled=pretty > {code} > Seems that logging feature is not activated, I tried also {{org.apache.cxf.logging.enabled=true}}. > It can be related to https://github.com/apache/cxf/commit/54e7c58d5449d5f91879674598fe1b1ee339... changes where logging was refactored and new LoggingBusLifecycleListener was introduced. > I used https://github.com/wildfly/quickstart/tree/master/helloworld-ws app ++ SoapUI for quick check. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

[JBoss JIRA] (JBWS-4123) SAMLTokenPrincipal is not propagated to EJB

by Jan Krause (JIRA)

[ https://issues.jboss.org/browse/JBWS-4123?page=com.atlassian.jira.plugin.... ] Jan Krause commented on JBWS-4123: ---------------------------------- [~asoldano], thank you for the quick reply. As we observed, there seems to be another problem while propagating the created identity to a remote server. We try to transfer the created principal from the webservices subsystem to the ejb subsystem via a security domain provided by the Elytron subsystem. But instead of using the Elytron security domain, it seems that a legacy security domain is used in the webservices subsystem. In conclusion there is no known possibility for us to place the created principal in the ejb subsystem. Elytron is mandatory, as we need to be able to transfer the identity to a remote EAP without any applicationside changes. We have to find a solution for this second problem to fulfill our own requirements. > SAMLTokenPrincipal is not propagated to EJB > -------------------------------------------- > > Key: JBWS-4123 > URL: https://issues.jboss.org/browse/JBWS-4123 > Project: JBoss Web Services > Issue Type: Feature Request > Components: jbossws-cxf > Affects Versions: jbossws-cxf-5.2.1.Final > Reporter: Viral Gohel > Priority: Critical > Fix For: jbossws-cxf-5.2.2.Final > > Attachments: redhat-saml-interceptor.zip, redhat.zip > > > SAML Token Principal can be propagated to the EJB layer, which right now we are not seeing. > Here are the results we see, > 16:23:43,521 INFO [stdout] (default task-9) class org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl > 16:23:43,522 INFO [stdout] (default task-9) subjectName > 16:23:58,617 INFO [stdout] (default task-9) class org.jboss.security.SimplePrincipal > 16:24:15,751 INFO [stdout] (default task-9) anonymous > CXF code isn't creating the Subject for the security context in a way that the EAP, or JEE containers, can understand. For UsernameToken type authentication this is done through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but I'm unsure if this applies to SAML tokens. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

[JBoss JIRA] (JBWS-4120) SOAP logging stopped working with WildFly 12 / JBossWS 5.2.0.Final (Apache CXF 3.2.2)

by Gert van Lijssel (JIRA)

[ https://issues.jboss.org/browse/JBWS-4120?page=com.atlassian.jira.plugin.... ] Gert van Lijssel commented on JBWS-4120: ---------------------------------------- Is also not working when using configuration in standalone.xml: <system-properties> <property name="org.apache.cxf.logging.enabled" value="true"/> </system-properties> > SOAP logging stopped working with WildFly 12 / JBossWS 5.2.0.Final (Apache CXF 3.2.2) > ------------------------------------------------------------------------------------- > > Key: JBWS-4120 > URL: https://issues.jboss.org/browse/JBWS-4120 > Project: JBoss Web Services > Issue Type: Bug > Affects Versions: jbossws-cxf-5.2.0.Final > Reporter: Rostislav Svoboda > Assignee: Petr Jurak > Priority: Critical > Fix For: jbossws-cxf-5.2.2.Final > > > SOAP logging stopped working with WildFly 12 / JBossWS 5.2.0.Final (Apache CXF 3.2.2) > This is working with WildFly 11 / JBossWS 5.1.9.Final (Apache CXF 3.1.12) > {code} > wildfly-11.0.0.Final/bin/standalone.sh -Dorg.apache.cxf.logging.enabled=pretty > wildfly-12.0.0.Final/bin/standalone.sh -Dorg.apache.cxf.logging.enabled=pretty > {code} > Seems that logging feature is not activated, I tried also {{org.apache.cxf.logging.enabled=true}}. > It can be related to https://github.com/apache/cxf/commit/54e7c58d5449d5f91879674598fe1b1ee339... changes where logging was refactored and new LoggingBusLifecycleListener was introduced. > I used https://github.com/wildfly/quickstart/tree/master/helloworld-ws app ++ SoapUI for quick check. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

[JBoss JIRA] (JBWS-4123) SAMLTokenPrincipal is not propagated to EJB

by Alessio Soldano (JIRA)

[ https://issues.jboss.org/browse/JBWS-4123?page=com.atlassian.jira.plugin.... ] Alessio Soldano commented on JBWS-4123: --------------------------------------- [~jan.krause1], thanks, I was actually going to propose a solution exactly they way you've implemented in the attached archive. Basically, JBossWS exposes the SPI for programmatically pushing the subject context to the container, so you can add a CXF interceptors in your application and perform that. Clearly, no check is performed on credentials, the subject is directly set. > SAMLTokenPrincipal is not propagated to EJB > -------------------------------------------- > > Key: JBWS-4123 > URL: https://issues.jboss.org/browse/JBWS-4123 > Project: JBoss Web Services > Issue Type: Feature Request > Components: jbossws-cxf > Affects Versions: jbossws-cxf-5.2.1.Final > Reporter: Viral Gohel > Priority: Critical > Fix For: jbossws-cxf-5.2.2.Final > > Attachments: redhat-saml-interceptor.zip, redhat.zip > > > SAML Token Principal can be propagated to the EJB layer, which right now we are not seeing. > Here are the results we see, > 16:23:43,521 INFO [stdout] (default task-9) class org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl > 16:23:43,522 INFO [stdout] (default task-9) subjectName > 16:23:58,617 INFO [stdout] (default task-9) class org.jboss.security.SimplePrincipal > 16:24:15,751 INFO [stdout] (default task-9) anonymous > CXF code isn't creating the Subject for the security context in a way that the EAP, or JEE containers, can understand. For UsernameToken type authentication this is done through org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor, but I'm unsure if this applies to SAML tokens. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbossws-issues May 2018