cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis Sosnoski (JIRA)" <j...@apache.org>
Subject [jira] Created: (CXF-3037) Policy references embedded in policy are not processed
Date Tue, 05 Oct 2010 10:16:33 GMT
Policy references embedded in policy are not processed
------------------------------------------------------

                 Key: CXF-3037
                 URL: https://issues.apache.org/jira/browse/CXF-3037
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.2.10
            Reporter: Dennis Sosnoski


WS-Policy allows <wsp:PolicyReference> to be embedded within policy documents, but CXF
does not handle these references. Here's an example:

  
  <!-- Policy for symmetric binding, using an ephemeral key generated by the client and
   sent to the server as part of the request, using asymmetric encryption with the server
   public key to secure the symmetric key. -->
  <wsp:Policy wsu:Id="SymmBinding"
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
      xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
      xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:SymmetricBinding>
      <wsp:Policy>
        <sp:ProtectionToken>
          <wsp:Policy>
            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
              <wsp:Policy>
                <sp:RequireDerivedKeys/>
                <sp:RequireThumbprintReference/>
                <sp:WssX509V3Token10/>
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:ProtectionToken>
        <sp:AlgorithmSuite>
          <wsp:Policy>
            <sp:Basic128Rsa15/>
          </wsp:Policy>
        </sp:AlgorithmSuite>
        <sp:OnlySignEntireHeadersAndBody/>
      </wsp:Policy>
    </sp:SymmetricBinding>
  </wsp:Policy>
  
  <!-- Policy for symmetric binding, using an ephemeral key generated by the client and
   sent to the server as part of the request, using asymmetric encryption with the server
   public key to secure the symmetric key. -->
  <wsp:Policy wsu:Id="SymmEncr"
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
      xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
      xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="#SymmBinding"/>
    <sp:Wss11>
      <wsp:Policy>
        <sp:MustSupportRefKeyIdentifier/>
        <sp:MustSupportRefThumbprint/>
        <sp:MustSupportRefEncryptedKey/>
      </wsp:Policy>
    </sp:Wss11>
  </wsp:Policy>

When trying to use this policy on the client it causes an NPE inside Neethi:

     [java] WARNING: Interceptor for {http://ws.sosnoski.com/library/wsdl}CXFLibrary#{http://ws.sosnoski.com/library/wsdl}getBook
has thrown exception, unwinding now
     [java] java.lang.NullPointerException
     [java]     at org.apache.neethi.AbstractPolicyOperator.normalizeOperator(AbstractPolicyOperator.java:116)
     [java]     at org.apache.neethi.AbstractPolicyOperator.normalize(AbstractPolicyOperator.java:73)
     [java]     at org.apache.neethi.Policy.normalize(Policy.java:64)
     [java]     at org.apache.neethi.Policy.normalize(Policy.java:49)
     [java]     at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialisePolicy(EffectivePolicyImpl.java:134)
     [java]     at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(EffectivePolicyImpl.java:86)
     [java]     at org.apache.cxf.ws.policy.PolicyEngineImpl.getEffectiveClientRequestPolicy(PolicyEngineImpl.java:155)
     [java]     at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(PolicyOutInterceptor.java:110)

The problem here is that CXF passes a null for the policy context when calling the Policy.normalize()
method. Just passing the context should be enough to make this work.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message