'[jira] [Resolved] (WSS-430) Support for secured SOAP attachments'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       woden-dev
Subject:    [jira] [Resolved] (WSS-430) Support for secured SOAP attachments
From:       "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date:       2013-11-25 15:35:40
Message-ID: JIRA.12635835.1362676406791.24185.1385393740222 () arcas
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Colm O hEigeartaigh resolved WSS-430.
-------------------------------------

    Resolution: Fixed

> Support for secured SOAP attachments
> ------------------------------------
> 
> Key: WSS-430
> URL: https://issues.apache.org/jira/browse/WSS-430
> Project: WSS4J
> Issue Type: New Feature
> Components: WSS4J Core
> Reporter: Marc Giger
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Fix For: 2.0
> 
> Attachments: AttachmentContentTransform.java, AttachmentDecryptionDataSource.java, \
> AttachmentEncryptionDataSource.java, santuario-swa.diff, santuario-swa.diff, \
> wss4j-swa.diff, wss4j-swa.diff 
> 
> The attached patches should serve as a basis for discussions how 
> the support for SwA in WSS4j and the integration in
> a SOAP-Stack should look like.
> Some notes to the patch:
> - Applies to the current trunk of santuario and wss4j.
> - The client side demonstrates the DOM approach whereas the server side uses the \
>                 StAX implementation.
> - I've implemented the very basic just to have a working proof-of-concept.
> - Attachments are requested via callback from the soap-stack because 
> - of decoupling from soap-stack
> - to support full streaming from network to SIB as far as possible
> - CXF dependencies are just a leftover from V1 and because the \
>                 SecurityInInterceptor is not ported to V2
> - Encryption / Decryption of an attachment is streaming oriented, no buffering is \
>                 done in WSS4J.
> - Signature creation and verification is at the moment buffered in WSS4j but the \
>                 signature-verification can, under some conditions, be streamed as \
>                 well.
> - To prevent patching of CXF for the prototype the WSS4J Interceptors and some \
> dependencies are copied and modified and also included in the patch. The santuatio \
> changes are necessary for the StAX impl. For DOM all necessary santuario changes \
> are done via reflection or other hacks for now. Feedback is very welcome and also \
> necessary! Thanks,
> Marc



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic