cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: CXF - WS Security Issue
Date Tue, 18 Jul 2017 09:18:17 GMT
Yeah, this is not a standard policy, and so CXF doesn't support it out of
the box. You can either remove the policy jar from the classpath, as you've
already noted, or else write a CXF interceptor to "assert" (and so ignore)
the policy.

Colm.

On Tue, Jul 18, 2017 at 2:04 AM, Siva Kulendrasingam <
Siva.Kulendrasingam@vu.edu.au> wrote:

> Thanks Colm.
>
> From the WSDL, I could see the following
>
> <wsp:UsingPolicy WL5G3N1:Required="true" />
>    <wsp:Policy WL5G3N0:Id="Auth.xml">
>       <wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy
> ">
>          <wssp:SupportedTokens>
>             <wssp:SecurityToken TokenType="http://docs.oasis-
> open.org/wss/2004/01/oasis-200401-wss-username-token-
> profile-1.0#UsernameToken">
>                <wssp:UsePassword Type="http://docs.oasis-open.
> org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
> />
>             </wssp:SecurityToken>
>          </wssp:SupportedTokens>
>       </wssp:Identity>
>    </wsp:Policy>
>
> I attached the WSDL for your reference.
>
> Stack Trace:
> Jul 18, 2017 10:53:17 AM org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
> buildServiceFromWSDL
> INFO: Creating Service {http://au/edu/vu/its/as/ws/
> callista/VuCalendarWS.wsdl}VuCalendarWS from WSDL:
> http://devsdvd.vu.edu.au:9990/VuCalendar/VuCalendarWSSoapHttpPort?wsdl
> Invoking getTeachCalendarsPerAcad...
> Jul 18, 2017 10:53:17 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
> handleNoRegisteredBuilder
> WARNING: No assertion builder for type {http://www.bea.com/wls90/
> security/policy}Identity registered.
> Jul 18, 2017 10:53:17 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for {http://au/edu/vu/its/as/ws/
> callista/VuCalendarWS.wsdl}VuCalendarWS#{http://au/edu/
> vu/its/as/ws/callista/VuCalendarWS.wsdl}getTeachCalendarsPerAcad has
> thrown exception, unwinding now
> org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives
> can be satisfied.
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:199)
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:192)
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(
> EffectivePolicyImpl.java:96)
>        at org.apache.cxf.ws.policy.PolicyEngineImpl.
> getEffectiveClientRequestPolicy(PolicyEngineImpl.java:204)
>        at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(
> PolicyOutInterceptor.java:98)
>        at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.
> handleMessage(AbstractPolicyInterceptor.java:44)
>        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:518)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:427)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:328)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:281)
>        at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
>        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:139)
>        at com.sun.proxy.$Proxy35.getTeachCalendarsPerAcad(Unknown Source)
>        at au.edu.vu.its.as.ws.callista.vucalendarws.wsdl.VuCalendarWS_
> VuCalendarWSSoapHttpPort_Client.main(VuCalendarWS_
> VuCalendarWSSoapHttpPort_Client.java:49)
>
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of
> the policy alternatives can be satisfied.
>        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:161)
>        at com.sun.proxy.$Proxy35.getTeachCalendarsPerAcad(Unknown Source)
>        at au.edu.vu.its.as.ws.callista.vucalendarws.wsdl.VuCalendarWS_
> VuCalendarWSSoapHttpPort_Client.main(VuCalendarWS_
> VuCalendarWSSoapHttpPort_Client.java:49)
> Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy
> alternatives can be satisfied.
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:199)
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:192)
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(
> EffectivePolicyImpl.java:96)
>        at org.apache.cxf.ws.policy.PolicyEngineImpl.
> getEffectiveClientRequestPolicy(PolicyEngineImpl.java:204)
>        at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(
> PolicyOutInterceptor.java:98)
>        at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.
> handleMessage(AbstractPolicyInterceptor.java:44)
>        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:518)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:427)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:328)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:281)
>        at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
>        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:139)
>        ... 2 more
>
>
> Thanks
> Siva
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: Monday, 17 July 2017 6:58 PM
> To: dev@cxf.apache.org
> Subject: Re: CXF - WS Security Issue
>
> What does the security policy of the service look like? What's the exact
> stack trace you get?
>
> Colm.
>
> On Mon, Jul 17, 2017 at 1:22 AM, Siva Kulendrasingam <
> Siva.Kulendrasingam@vu.edu.au> wrote:
>
> > Dear Team,
> >
> > We are trying to consume a web service hosted in Weblogic server using
> > the CXF client connector in Mule, but getting the following error.
> >
> > "None of the policy alternatives can be satisfied.. Failed to route
> > event via endpoint: org.mule.module.cxf.CxfOutboundMessageProcessor".
> >
> > It seems that the following BEA Weblogic policy is not supported by CXF.
> > <wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy">
> >
> > If we remove the cxf-rt-ws-policy-2.7.15.jar, then it works as
> > org.apache.cxf.ws.policy.PolicyOutInterceptor interceptor is not get
> > registered.
> >
> > How this issue would be approached?
> >
> > CXF Version: 2.7.15
> >
> > WSDL:
> > <flow name="get:/academicCalendars:vuc-api-config">
> > <message-properties-transformer
> > doc:name="Message Properties">
> > <add-message-property key="operation"
> > value="getAllAcadCalendars" />
> > </message-properties-transformer>
> > <set-payload value="#[new Object[]{}]" doc:name="Set
> > Payload"></set-payload> <flow-ref name="calendar" doc:name="calendar"
> > /> </flow>
> >
> > <sub-flow name="calendar">
> > <cxf:jaxws-client
> > clientClass="au.edu.vu.its.as.ws.callista.vucalendarws.
> > VuCalendarWS_Service"
> > wsdlLocation="${ws.callista.calendar.url}?WSDL" port="
> > VuCalendarWSSoapHttpPort"
> > doc:name="SOAP">
> > <cxf:inInterceptors>
> > <spring:bean class="org.apache.cxf.interceptor.LoggingInInterceptor"
> > /> </cxf:inInterceptors> <cxf:outInterceptors> <spring:bean
> > class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
> > <spring:bean parent="wss4jOutInterceptor" /> </cxf:outInterceptors>
> > </cxf:jaxws-client> <outbound-endpoint doc:name="HTTP"
> > address="http://devsdvd.vu.edu.au:9990/VuCalendar/
> VuCalendarWSSoapHttpPort"
> > />
> > </sub-flow>
> >
> > <spring:bean id="wss4jOutConfiguration"
> > class="org.springframework.beans.factory.config.MapFactoryBean">
> > <spring:property name="sourceMap">
> > <spring:map>
> > <spring:entry key="action" value="UsernameToken" /> <spring:entry
> > key="user" value="${ws.callista.user}" /> <spring:entry
> > key="passwordType" value="PasswordText" /> <spring:entry
> > key="passwordCallbackClass"
> > value="au.edu.vu.its.as.mule.ClientPasswordCallback" /> </spring:map>
> > </spring:property> </spring:bean>
> >
> > <spring:bean id="wss4jOutInterceptor" abstract="true"
> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> > <spring:property name="properties" ref="wss4jOutConfiguration" />
> > </spring:bean>
> >
> > Thanks
> > Siva
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message