Add support for configuring arbirary WSS4J options [SWS-1023]

[gregturn]

Ravisankar Challa opened SWS-1023 and commented

At the moment we have to do this to use encoded passwords

@Override
   public boolean handleRequest(MessageContext messageContext) throws WebServiceClientException {
       messageContext.setProperty(WSHandlerConstants.USE_ENCODED_PASSWORDS, "true");
  }

Please add a new method to org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor

public void setUseEncodedPasswords(boolean useEncodedPasswords) {
        handler.setOption(WSHandlerConstants.USE_ENCODED_PASSWORDS, useEncodedPasswords);
 }

---

No further details from SWS-1023

[gregturn]

@Ravisankar-Challa did you open this ticket? If so, can you provide some insight into what the final XML should look like so I could write an suitable test case?

[Ravisankar-Challa]

Happy to see some progress on this issue after 2 years. Better late then never.
Input:
username: wernerd
password: hGqoUreBgahTJblQ3DbJIkE6uNs=
Password is derived from org.apache.xml.security.utils.XMLUtils.encodeToString("verySecret")

Expected output: Ignore the soap body generated output should have '<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">'

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
     <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">
        <wsse:UsernameToken wsu:Id="UsernameToken-f59aa6ce-8248-4a24-80b2-96701dafe86e">
	     <wsse:Username>wernerd</wsse:Username>
	         <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">HSpESqj+4UkaAtiNqaLn4tJSSpQ=</wsse:Password>
		<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">jqF/sqwfJy7GHqNlfgtJmQ==</wsse:Nonce>
				<wsu:Created>2020-10-06T09:15:37.982Z</wsu:Created>
	     </wsse:UsernameToken>
    </wsse:Security>
</SOAP-ENV:Header>
	<SOAP-ENV:Body>
		<add xmlns="http://ws.apache.org/counter/counter_port_type">
			<value xmlns="">15</value>
		</add>
	</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

[snicoll]

For cases like this, it's probably a good idea to offer a customizer for the handler, ideally with some sort of context. I'll see what I can do.