Return-Path: <dev-return-17704-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id A0198200CC6
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 18 Jul 2017 11:18:20 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 9E77616693E; Tue, 18 Jul 2017 09:18:20 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id BC90E16693D
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 18 Jul 2017 11:18:19 +0200 (CEST)
Received: (qmail 7269 invoked by uid 500); 18 Jul 2017 09:18:18 -0000
Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cxf.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cxf.apache.org>
List-Post: <mailto:dev@cxf.apache.org>
List-Id: <dev.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list dev@cxf.apache.org
Received: (qmail 7254 invoked by uid 99); 18 Jul 2017 09:18:18 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Jul 2017 09:18:18 +0000
Received: from mail-pf0-f170.google.com (mail-pf0-f170.google.com [209.85.192.170])
	by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 4A3791A0AFA
	for <dev@cxf.apache.org>; Tue, 18 Jul 2017 09:18:18 +0000 (UTC)
Received: by mail-pf0-f170.google.com with SMTP id q85so8645943pfq.1
        for <dev@cxf.apache.org>; Tue, 18 Jul 2017 02:18:18 -0700 (PDT)
X-Gm-Message-State: AIVw110XT2kadu7VGLwnD/AoBhve+vi8qDwFmCouAYnqEe4vf91CyRhV
	JHSe7AesCMMzDsa5juNckOEb9JD1yg==
X-Received: by 10.98.76.145 with SMTP id e17mr714139pfj.78.1500369497994; Tue,
 18 Jul 2017 02:18:17 -0700 (PDT)
MIME-Version: 1.0
Reply-To: coheigea@apache.org
Received: by 10.100.164.69 with HTTP; Tue, 18 Jul 2017 02:18:17 -0700 (PDT)
In-Reply-To: <ME1PR01MB10582B14087012F6E2395BB0ABA10@ME1PR01MB1058.ausprd01.prod.outlook.com>
References: <ME1PR01MB1058AC8305CF6EC33D415921ABA00@ME1PR01MB1058.ausprd01.prod.outlook.com>
 <CAB8XdGCC84Y_9xkg6FGaJMWdru1OVAtUEdzYP3+XpT10ROfc1Q@mail.gmail.com> <ME1PR01MB10582B14087012F6E2395BB0ABA10@ME1PR01MB1058.ausprd01.prod.outlook.com>
From: Colm O hEigeartaigh <coheigea@apache.org>
Date: Tue, 18 Jul 2017 10:18:17 +0100
X-Gmail-Original-Message-ID: <CAB8XdGA2KDnnzZbuh6hZm51fxzuheVASTE1ffTkqLFtUL5o0qQ@mail.gmail.com>
Message-ID: <CAB8XdGA2KDnnzZbuh6hZm51fxzuheVASTE1ffTkqLFtUL5o0qQ@mail.gmail.com>
Subject: Re: CXF - WS Security Issue
To: Siva Kulendrasingam <Siva.Kulendrasingam@vu.edu.au>
Cc: "dev@cxf.apache.org" <dev@cxf.apache.org>
Content-Type: multipart/alternative; boundary="001a11355e0cf5bd37055493fef8"
archived-at: Tue, 18 Jul 2017 09:18:20 -0000

--001a11355e0cf5bd37055493fef8
Content-Type: text/plain; charset="UTF-8"

Yeah, this is not a standard policy, and so CXF doesn't support it out of
the box. You can either remove the policy jar from the classpath, as you've
already noted, or else write a CXF interceptor to "assert" (and so ignore)
the policy.

Colm.

On Tue, Jul 18, 2017 at 2:04 AM, Siva Kulendrasingam <
Siva.Kulendrasingam@vu.edu.au> wrote:

> Thanks Colm.
>
> From the WSDL, I could see the following
>
> <wsp:UsingPolicy WL5G3N1:Required="true" />
>    <wsp:Policy WL5G3N0:Id="Auth.xml">
>       <wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy
> ">
>          <wssp:SupportedTokens>
>             <wssp:SecurityToken TokenType="http://docs.oasis-
> open.org/wss/2004/01/oasis-200401-wss-username-token-
> profile-1.0#UsernameToken">
>                <wssp:UsePassword Type="http://docs.oasis-open.
> org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
> />
>             </wssp:SecurityToken>
>          </wssp:SupportedTokens>
>       </wssp:Identity>
>    </wsp:Policy>
>
> I attached the WSDL for your reference.
>
> Stack Trace:
> Jul 18, 2017 10:53:17 AM org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
> buildServiceFromWSDL
> INFO: Creating Service {http://au/edu/vu/its/as/ws/
> callista/VuCalendarWS.wsdl}VuCalendarWS from WSDL:
> http://devsdvd.vu.edu.au:9990/VuCalendar/VuCalendarWSSoapHttpPort?wsdl
> Invoking getTeachCalendarsPerAcad...
> Jul 18, 2017 10:53:17 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
> handleNoRegisteredBuilder
> WARNING: No assertion builder for type {http://www.bea.com/wls90/
> security/policy}Identity registered.
> Jul 18, 2017 10:53:17 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for {http://au/edu/vu/its/as/ws/
> callista/VuCalendarWS.wsdl}VuCalendarWS#{http://au/edu/
> vu/its/as/ws/callista/VuCalendarWS.wsdl}getTeachCalendarsPerAcad has
> thrown exception, unwinding now
> org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives
> can be satisfied.
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:199)
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:192)
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(
> EffectivePolicyImpl.java:96)
>        at org.apache.cxf.ws.policy.PolicyEngineImpl.
> getEffectiveClientRequestPolicy(PolicyEngineImpl.java:204)
>        at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(
> PolicyOutInterceptor.java:98)
>        at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.
> handleMessage(AbstractPolicyInterceptor.java:44)
>        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:518)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:427)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:328)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:281)
>        at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
>        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:139)
>        at com.sun.proxy.$Proxy35.getTeachCalendarsPerAcad(Unknown Source)
>        at au.edu.vu.its.as.ws.callista.vucalendarws.wsdl.VuCalendarWS_
> VuCalendarWSSoapHttpPort_Client.main(VuCalendarWS_
> VuCalendarWSSoapHttpPort_Client.java:49)
>
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of
> the policy alternatives can be satisfied.
>        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:161)
>        at com.sun.proxy.$Proxy35.getTeachCalendarsPerAcad(Unknown Source)
>        at au.edu.vu.its.as.ws.callista.vucalendarws.wsdl.VuCalendarWS_
> VuCalendarWSSoapHttpPort_Client.main(VuCalendarWS_
> VuCalendarWSSoapHttpPort_Client.java:49)
> Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy
> alternatives can be satisfied.
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:199)
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:192)
>        at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(
> EffectivePolicyImpl.java:96)
>        at org.apache.cxf.ws.policy.PolicyEngineImpl.
> getEffectiveClientRequestPolicy(PolicyEngineImpl.java:204)
>        at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(
> PolicyOutInterceptor.java:98)
>        at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.
> handleMessage(AbstractPolicyInterceptor.java:44)
>        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:308)
>        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:518)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:427)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:328)
>        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:281)
>        at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
>        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:139)
>        ... 2 more
>
>
> Thanks
> Siva
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: Monday, 17 July 2017 6:58 PM
> To: dev@cxf.apache.org
> Subject: Re: CXF - WS Security Issue
>
> What does the security policy of the service look like? What's the exact
> stack trace you get?
>
> Colm.
>
> On Mon, Jul 17, 2017 at 1:22 AM, Siva Kulendrasingam <
> Siva.Kulendrasingam@vu.edu.au> wrote:
>
> > Dear Team,
> >
> > We are trying to consume a web service hosted in Weblogic server using
> > the CXF client connector in Mule, but getting the following error.
> >
> > "None of the policy alternatives can be satisfied.. Failed to route
> > event via endpoint: org.mule.module.cxf.CxfOutboundMessageProcessor".
> >
> > It seems that the following BEA Weblogic policy is not supported by CXF.
> > <wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy">
> >
> > If we remove the cxf-rt-ws-policy-2.7.15.jar, then it works as
> > org.apache.cxf.ws.policy.PolicyOutInterceptor interceptor is not get
> > registered.
> >
> > How this issue would be approached?
> >
> > CXF Version: 2.7.15
> >
> > WSDL:
> > <flow name="get:/academicCalendars:vuc-api-config">
> > <message-properties-transformer
> > doc:name="Message Properties">
> > <add-message-property key="operation"
> > value="getAllAcadCalendars" />
> > </message-properties-transformer>
> > <set-payload value="#[new Object[]{}]" doc:name="Set
> > Payload"></set-payload> <flow-ref name="calendar" doc:name="calendar"
> > /> </flow>
> >
> > <sub-flow name="calendar">
> > <cxf:jaxws-client
> > clientClass="au.edu.vu.its.as.ws.callista.vucalendarws.
> > VuCalendarWS_Service"
> > wsdlLocation="${ws.callista.calendar.url}?WSDL" port="
> > VuCalendarWSSoapHttpPort"
> > doc:name="SOAP">
> > <cxf:inInterceptors>
> > <spring:bean class="org.apache.cxf.interceptor.LoggingInInterceptor"
> > /> </cxf:inInterceptors> <cxf:outInterceptors> <spring:bean
> > class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
> > <spring:bean parent="wss4jOutInterceptor" /> </cxf:outInterceptors>
> > </cxf:jaxws-client> <outbound-endpoint doc:name="HTTP"
> > address="http://devsdvd.vu.edu.au:9990/VuCalendar/
> VuCalendarWSSoapHttpPort"
> > />
> > </sub-flow>
> >
> > <spring:bean id="wss4jOutConfiguration"
> > class="org.springframework.beans.factory.config.MapFactoryBean">
> > <spring:property name="sourceMap">
> > <spring:map>
> > <spring:entry key="action" value="UsernameToken" /> <spring:entry
> > key="user" value="${ws.callista.user}" /> <spring:entry
> > key="passwordType" value="PasswordText" /> <spring:entry
> > key="passwordCallbackClass"
> > value="au.edu.vu.its.as.mule.ClientPasswordCallback" /> </spring:map>
> > </spring:property> </spring:bean>
> >
> > <spring:bean id="wss4jOutInterceptor" abstract="true"
> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> > <spring:property name="properties" ref="wss4jOutConfiguration" />
> > </spring:bean>
> >
> > Thanks
> > Siva
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

--001a11355e0cf5bd37055493fef8--