cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Siva Kulendrasingam <Siva.Kulendrasin...@vu.edu.au>
Subject Re: CXF - WS Security Issue
Date Tue, 18 Jul 2017 13:27:42 GMT
Thanks Dan.


Will try the suggestions and update you.


Siva

________________________________
From: Daniel Kulp <dkulp@apache.org>
Sent: Tuesday, 18 July 2017 11:21:28 PM
To: dev@cxf.apache.org; coheigea@apache.org
Cc: Siva Kulendrasingam
Subject: Re: CXF - WS Security Issue




Actually, you don’t need to write anything as we already have this in CXF.  If you add:

    <bean class="org.apache.cxf.ws.policy.IgnorablePolicyInterceptorProvider">
        <constructor-arg>
            <!-- the list of assertion types that can be ignored -->
            <list>
                <bean class="javax.xml.namespace.QName">
                    <constructor-arg value="http://www.bea.com/wls90/security/policy"/>
                    <constructor-arg value=“Identity"/>
                </bean>
            </list>
        </constructor-arg>
    </bean>

To your spring config, it should be automatically ignored.



Dan




> On Jul 18, 2017, at 5:18 AM, Colm O hEigeartaigh <coheigea@apache.org> wrote:
>
> Yeah, this is not a standard policy, and so CXF doesn't support it out of
> the box. You can either remove the policy jar from the classpath, as you've
> already noted, or else write a CXF interceptor to "assert" (and so ignore)
> the policy.
>
> Colm.
>
> On Tue, Jul 18, 2017 at 2:04 AM, Siva Kulendrasingam <
> Siva.Kulendrasingam@vu.edu.au> wrote:
>
>> Thanks Colm.
>>
>> From the WSDL, I could see the following
>>
>> <wsp:UsingPolicy WL5G3N1:Required="true" />
>>   <wsp:Policy WL5G3N0:Id="Auth.xml">
>>      <wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy
>> ">
>>         <wssp:SupportedTokens>
>>            <wssp:SecurityToken TokenType="http://docs.oasis-
>> open.org/wss/2004/01/oasis-200401-wss-username-token-
>> profile-1.0#UsernameToken">
>>               <wssp:UsePassword Type="http://docs.oasis-open.
>> org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
>> />
>>            </wssp:SecurityToken>
>>         </wssp:SupportedTokens>
>>      </wssp:Identity>
>>   </wsp:Policy>
>>
>> I attached the WSDL for your reference.
>>
>> Stack Trace:
>> Jul 18, 2017 10:53:17 AM org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
>> buildServiceFromWSDL
>> INFO: Creating Service {http://au/edu/vu/its/as/ws/
>> callista/VuCalendarWS.wsdl}VuCalendarWS from WSDL:
>> http://devsdvd.vu.edu.au:9990/VuCalendar/VuCalendarWSSoapHttpPort?wsdl
>> Invoking getTeachCalendarsPerAcad...
>> Jul 18, 2017 10:53:17 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
>> handleNoRegisteredBuilder
>> WARNING: No assertion builder for type {http://www.bea.com/wls90/
>> security/policy}Identity registered.
>> Jul 18, 2017 10:53:17 AM org.apache.cxf.phase.PhaseInterceptorChain
>> doDefaultLogging
>> WARNING: Interceptor for {http://au/edu/vu/its/as/ws/
>> callista/VuCalendarWS.wsdl}VuCalendarWS#{http://au/edu/
>> vu/its/as/ws/callista/VuCalendarWS.wsdl}getTeachCalendarsPerAcad has
>> thrown exception, unwinding now
>> org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives
>> can be satisfied.
>>       at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
>> EffectivePolicyImpl.java:199)
>>       at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
>> EffectivePolicyImpl.java:192)
>>       at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(
>> EffectivePolicyImpl.java:96)
>>       at org.apache.cxf.ws.policy.PolicyEngineImpl.
>> getEffectiveClientRequestPolicy(PolicyEngineImpl.java:204)
>>       at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(
>> PolicyOutInterceptor.java:98)
>>       at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.
>> handleMessage(AbstractPolicyInterceptor.java:44)
>>       at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
>> PhaseInterceptorChain.java:308)
>>       at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:518)
>>       at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:427)
>>       at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:328)
>>       at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:281)
>>       at org.apache.cxf.frontend.ClientProxy.invokeSync(
>> ClientProxy.java:96)
>>       at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
>> JaxWsClientProxy.java:139)
>>       at com.sun.proxy.$Proxy35.getTeachCalendarsPerAcad(Unknown Source)
>>       at au.edu.vu.its.as.ws.callista.vucalendarws.wsdl.VuCalendarWS_
>> VuCalendarWSSoapHttpPort_Client.main(VuCalendarWS_
>> VuCalendarWSSoapHttpPort_Client.java:49)
>>
>> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of
>> the policy alternatives can be satisfied.
>>       at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
>> JaxWsClientProxy.java:161)
>>       at com.sun.proxy.$Proxy35.getTeachCalendarsPerAcad(Unknown Source)
>>       at au.edu.vu.its.as.ws.callista.vucalendarws.wsdl.VuCalendarWS_
>> VuCalendarWSSoapHttpPort_Client.main(VuCalendarWS_
>> VuCalendarWSSoapHttpPort_Client.java:49)
>> Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy
>> alternatives can be satisfied.
>>       at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
>> EffectivePolicyImpl.java:199)
>>       at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
>> EffectivePolicyImpl.java:192)
>>       at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(
>> EffectivePolicyImpl.java:96)
>>       at org.apache.cxf.ws.policy.PolicyEngineImpl.
>> getEffectiveClientRequestPolicy(PolicyEngineImpl.java:204)
>>       at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(
>> PolicyOutInterceptor.java:98)
>>       at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.
>> handleMessage(AbstractPolicyInterceptor.java:44)
>>       at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
>> PhaseInterceptorChain.java:308)
>>       at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:518)
>>       at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:427)
>>       at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:328)
>>       at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:281)
>>       at org.apache.cxf.frontend.ClientProxy.invokeSync(
>> ClientProxy.java:96)
>>       at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
>> JaxWsClientProxy.java:139)
>>       ... 2 more
>>
>>
>> Thanks
>> Siva
>> -----Original Message-----
>> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
>> Sent: Monday, 17 July 2017 6:58 PM
>> To: dev@cxf.apache.org
>> Subject: Re: CXF - WS Security Issue
>>
>> What does the security policy of the service look like? What's the exact
>> stack trace you get?
>>
>> Colm.
>>
>> On Mon, Jul 17, 2017 at 1:22 AM, Siva Kulendrasingam <
>> Siva.Kulendrasingam@vu.edu.au> wrote:
>>
>>> Dear Team,
>>>
>>> We are trying to consume a web service hosted in Weblogic server using
>>> the CXF client connector in Mule, but getting the following error.
>>>
>>> "None of the policy alternatives can be satisfied.. Failed to route
>>> event via endpoint: org.mule.module.cxf.CxfOutboundMessageProcessor".
>>>
>>> It seems that the following BEA Weblogic policy is not supported by CXF.
>>> <wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy">
>>>
>>> If we remove the cxf-rt-ws-policy-2.7.15.jar, then it works as
>>> org.apache.cxf.ws.policy.PolicyOutInterceptor interceptor is not get
>>> registered.
>>>
>>> How this issue would be approached?
>>>
>>> CXF Version: 2.7.15
>>>
>>> WSDL:
>>> <flow name="get:/academicCalendars:vuc-api-config">
>>> <message-properties-transformer
>>> doc:name="Message Properties">
>>> <add-message-property key="operation"
>>> value="getAllAcadCalendars" />
>>> </message-properties-transformer>
>>> <set-payload value="#[new Object[]{}]" doc:name="Set
>>> Payload"></set-payload> <flow-ref name="calendar" doc:name="calendar"
>>> /> </flow>
>>>
>>> <sub-flow name="calendar">
>>> <cxf:jaxws-client
>>> clientClass="au.edu.vu.its.as.ws.callista.vucalendarws.
>>> VuCalendarWS_Service"
>>> wsdlLocation="${ws.callista.calendar.url}?WSDL" port="
>>> VuCalendarWSSoapHttpPort"
>>> doc:name="SOAP">
>>> <cxf:inInterceptors>
>>> <spring:bean class="org.apache.cxf.interceptor.LoggingInInterceptor"
>>> /> </cxf:inInterceptors> <cxf:outInterceptors> <spring:bean
>>> class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
>>> <spring:bean parent="wss4jOutInterceptor" /> </cxf:outInterceptors>
>>> </cxf:jaxws-client> <outbound-endpoint doc:name="HTTP"
>>> address="http://devsdvd.vu.edu.au:9990/VuCalendar/
>> VuCalendarWSSoapHttpPort"
>>> />
>>> </sub-flow>
>>>
>>> <spring:bean id="wss4jOutConfiguration"
>>> class="org.springframework.beans.factory.config.MapFactoryBean">
>>> <spring:property name="sourceMap">
>>> <spring:map>
>>> <spring:entry key="action" value="UsernameToken" /> <spring:entry
>>> key="user" value="${ws.callista.user}" /> <spring:entry
>>> key="passwordType" value="PasswordText" /> <spring:entry
>>> key="passwordCallbackClass"
>>> value="au.edu.vu.its.as.mule.ClientPasswordCallback" /> </spring:map>
>>> </spring:property> </spring:bean>
>>>
>>> <spring:bean id="wss4jOutInterceptor" abstract="true"
>>> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>>> <spring:property name="properties" ref="wss4jOutConfiguration" />
>>> </spring:bean>
>>>
>>> Thanks
>>> Siva
>>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com

--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message