WSSConfig Migration 1.6.18 -> 2.1.0

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

WSSConfig Migration 1.6.18 -> 2.1.0

Stephen.CTR.Chappell

In my ongoing quest to upgrade legacy code, I’ve noticed a slimming down of what’s held in WSSConfig objects. That’s fine, but I’m having trouble figuring out where things have moved, or if the things I’m looking for are necessary/relevant anymore. Here’s a couple of specific cases:

 

1. At one point, I’m creating a WSSecurityEngine and setting some values on it, like so:

securityEngine.getWssConfig().setEnableSignatureConfirmation(true);

 

WSSConfig doesn’t have that flag anymore as far as I can tell. Is this default behavior now, or is there some other way to enable that behavior? I see that I can set it on a RequestData, but I don’t have one of those at the point I’m setting up the security engine.

 

2. WSSConfig used to have a method isWsiBSPCompliant(), which would trigger slightly different behaviors for me depending on its setting when I retrieved in from a RequestData object. Is that what the RequestData.isDisableBSPEnforcement() flag is now?

 

Thanx,

 

Stephen W. Chappell

Reply | Threaded
Open this post in threaded view
|

Re: WSSConfig Migration 1.6.18 -> 2.1.0

Colm O hEigeartaigh-2

Answers inline.

On Fri, Jul 10, 2015 at 8:14 PM, <[hidden email]> wrote:

WSSConfig doesn’t have that flag anymore as far as I can tell. Is this default behavior now, or is there some other way to enable that behavior? I see that I can set it on a RequestData, but I don’t have one of those at the point I’m setting up the security engine.


You can change your code to create a RequestData Object instead when calling the WSSecurityEngine methods. The WSSecurityEngine methods that don't take RequestData just end up creating RequestData internally anyway:

https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java

 

2. WSSConfig used to have a method isWsiBSPCompliant(), which would trigger slightly different behaviors for me depending on its setting when I retrieved in from a RequestData object. Is that what the RequestData.isDisableBSPEnforcement() flag is now?

 


Yeah, although it has the opposite semantics, as it is set to false by default, meaning that BSP enforcement is enabled. You can also disable specific BSP rules via the ignoredBSPRules List in RequestData.

Colm.
 

Thanx,

 

Stephen W. Chappell




--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

RE: WSSConfig Migration 1.6.18 -> 2.1.0

Stephen.CTR.Chappell
Thanx, Colm. There's a few more things that have migrated somewhere that I'm having trouble finding ...

1. WSSecurityUtil used to have some DOM methods that mostly look like they were moved to XMLUtils. But there's one I can't find - storeElementInContext. Is that one still around, or will I need to implement locally?

2. ReferenceListProcessor used to have a static getXPath method, but it looks like that was recently refactored out. Was that moved somewhere?

Thanx,

Stephen W. Chappell

-----Original Message-----
From: Colm O hEigeartaigh [mailto:[hidden email]]
Sent: Monday, July 13, 2015 5:59 AM
To: [hidden email]
Cc: [hidden email]
Subject: Re: WSSConfig Migration 1.6.18 -> 2.1.0

Answers inline.

On Fri, Jul 10, 2015 at 8:14 PM, <[hidden email]> wrote:

>  WSSConfig doesn’t have that flag anymore as far as I can tell. Is
> this default behavior now, or is there some other way to enable that
> behavior? I see that I can set it on a RequestData, but I don’t have
> one of those at the point I’m setting up the security engine.
>

You can change your code to create a RequestData Object instead when calling the WSSecurityEngine methods. The WSSecurityEngine methods that don't take RequestData just end up creating RequestData internally anyway:

https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java


>
> 2. WSSConfig used to have a method isWsiBSPCompliant(), which would
> trigger slightly different behaviors for me depending on its setting
> when I retrieved in from a RequestData object. Is that what the
> RequestData.isDisableBSPEnforcement() flag is now?
>
>
>

Yeah, although it has the opposite semantics, as it is set to false by default, meaning that BSP enforcement is enabled. You can also disable specific BSP rules via the ignoredBSPRules List in RequestData.

Colm.


>  Thanx,
>
>
>
> *Stephen W. Chappell*
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: WSSConfig Migration 1.6.18 -> 2.1.0

Colm O hEigeartaigh-2

1. WSSecurityUtil used to have some DOM methods that mostly look like they were moved to XMLUtils. But there's one I can't find - storeElementInContext. Is that one still around, or will I need to implement locally?

The functionality is now implement in WSDocInfo instead. See WSDocInfo.setTokenOnContext


2. ReferenceListProcessor used to have a static getXPath method, but it looks like that was recently refactored out. Was that moved somewhere?

EncryptionUtils.

Colm.


Thanx,

Stephen W. Chappell

-----Original Message-----
From: Colm O hEigeartaigh [mailto:[hidden email]]
Sent: Monday, July 13, 2015 5:59 AM
To: [hidden email]
Cc: [hidden email]
Subject: Re: WSSConfig Migration 1.6.18 -> 2.1.0

Answers inline.

On Fri, Jul 10, 2015 at 8:14 PM, <[hidden email]> wrote:

>  WSSConfig doesn’t have that flag anymore as far as I can tell. Is
> this default behavior now, or is there some other way to enable that
> behavior? I see that I can set it on a RequestData, but I don’t have
> one of those at the point I’m setting up the security engine.
>

You can change your code to create a RequestData Object instead when calling the WSSecurityEngine methods. The WSSecurityEngine methods that don't take RequestData just end up creating RequestData internally anyway:

https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java


>
> 2. WSSConfig used to have a method isWsiBSPCompliant(), which would
> trigger slightly different behaviors for me depending on its setting
> when I retrieved in from a RequestData object. Is that what the
> RequestData.isDisableBSPEnforcement() flag is now?
>
>
>

Yeah, although it has the opposite semantics, as it is set to false by default, meaning that BSP enforcement is enabled. You can also disable specific BSP rules via the ignoredBSPRules List in RequestData.

Colm.


>  Thanx,
>
>
>
> *Stephen W. Chappell*
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com