cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "mw4forums@gmail.com" <mw4for...@gmail.com>
Subject ws security "server"
Date Tue, 05 Jun 2012 18:46:36 GMT
Hi. I have successfully created a client with web service security but I am
now having trouble on the receiving side. I would have thought that the
stack would automatically put together my policy based interceptors together
based on my wsdl, and actually it seems like that is the case but then I run
into an issue where those interceptors don't have my keystore/truststore
information. When I add the keystore/truststore info (as in my attached
files), I get an error that a bunch of my "policy alternatives" cannot be
satisfied. The error looks like this:

Interceptor for
{urn:ihe:iti:xdr:2007}DocumentRepositoryXDR_Service#{urn:ihe:iti:xdr:2007}DocumentRepository_ProvideAndRegisterDocumentSet-b
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: These policy alternatives can not be
satisfied: 
{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization}OptimizedMimeSerialization
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11
	at
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47)
	at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
	at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
	at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
	at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
	at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
	at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
	at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
	at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
	at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
	at
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:427)
	at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:315)
	at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:287)
	at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
	at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
	at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
	at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
	at
com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
	at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
	at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
	at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
	at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
	at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
	at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
	at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
	at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
	at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
	at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
	at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:291)
	at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:666)
	at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:597)
	at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:872)
	at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
	at
com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.process(SSLReadTask.java:444)
	at
com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:230)
	at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:264)
	at
com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied: 
{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization}OptimizedMimeSerialization
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SamlToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11
	at
org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167)
	at
org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
	at
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45)
	... 37 more

We are doing a dsig on the timestamp and the subject of the SAML assertion
(but I don't think we are at the point of verifying that signature yet) as
well as 2way TLS.


http://cxf.547215.n5.nabble.com/file/n5709138/cxf-servlet.xml
cxf-servlet.xml 
http://cxf.547215.n5.nabble.com/file/n5709138/interceptor-beans.xml
interceptor-beans.xml 
http://cxf.547215.n5.nabble.com/file/n5709138/NhinXDR20.wsdl NhinXDR20.wsdl 

--
View this message in context: http://cxf.547215.n5.nabble.com/ws-security-server-tp5709138.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Mime
View raw message