cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aki Yoshida (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5405) WS-RM with anonymous endpoint throwing security policy validation exception for SequenceAck
Date Wed, 20 Nov 2013 08:37:23 GMT
Aki Yoshida created CXF-5405:
--------------------------------

             Summary: WS-RM with anonymous endpoint throwing security policy validation exception
for SequenceAck
                 Key: CXF-5405
                 URL: https://issues.apache.org/jira/browse/CXF-5405
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.7.7
            Reporter: Aki Yoshida
            Assignee: Aki Yoshida


When WS-RM with an anonoymous endpoint is used in conjuction with a policy based WS-Security
configuration, the sequence acknoledgement response to the client is rejected by the policy
validator.

{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does
not match the token inclusion requirement
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:

{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does
not match the token inclusion requirement
	at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)
	at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
	at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
	at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:835)
	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1606)

The cause of this issue is in the RM processing to reset the requestor role, whose value will
subsequently be used by the policy validator to choose the correct configuration value. The
requestor role for the SequenceAck messages should not be reset.




--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message