Add method in Wss4jSecurityInterceptor to allow setting ADD_INCLUSIVE_PREFIXES #75
Conversation
rmagrin
changed the title
|
This PR has little in testing to verify existing behavior is not broken or that new behavior acts as expected. |
|
+1 |
|
@rmagrin I'll repeat my comment. This PR would be valid if some test cases were added to prove its merit, and avoid regressions. |
|
@gregturn we needed this change for a project that I was working on back when I opened the PR, so it's not my focus at the moment. I'll try to get back to this PR and add some tests when I have some time. When I wrote these changes I didn't find any existing tests for this class. Do you have any tests for the existing behavior? |
|
Good news, I verified the patch against our SAP System. We use SAP Webservices with WS-Security and SAML Sender Vouches, my previous client version used Spring Boot 1.5.x where no prefix namespaces were included while building the WS security header, but after the upgrade to Spring Boot 2.1.0 the behaviour changed as it was described in wss4j 2.0.x and no solution was around to reach the setAddInclusivePrefixes() ... So i was very lucky about your fix and i am wondering, why nobody can approve the pull request. It would be very helpful to get a working release version !!!! |
…_PREFIXES. This configuration was added in WSS4J 2.0.0 and sets whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
There was a problem hiding this comment.
This change would have broken backwards compability because the
private boolean addInclusivePrefixes value defaults to false.
So would have changed wss4j settings w/o user input.
However,
private boolean addInclusivePrefixes = true;
would set the default to match that of wss4j.
|
Closed this PR since #1212 fixes the default value issue and has tests. |
5 participants
Add method in Wss4jSecurityInterceptor to allow setting ADD_INCLUSIVE_PREFIXES. This configuration was added in WSS4J 2.0.0 and sets whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
I was not sure if this was the best way to set this configuration, but I didn't find any other way to do it.