cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aki Yoshida (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-5405) WS-RM with anonymous endpoint throwing security policy validation exception for SequenceAck
Date Wed, 20 Nov 2013 10:12:35 GMT

     [ https://issues.apache.org/jira/browse/CXF-5405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aki Yoshida updated CXF-5405:
-----------------------------

    Fix Version/s: 2.7.9
                   2.6.12

> WS-RM with anonymous endpoint throwing security policy validation exception for SequenceAck
> -------------------------------------------------------------------------------------------
>
>                 Key: CXF-5405
>                 URL: https://issues.apache.org/jira/browse/CXF-5405
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.7.7
>            Reporter: Aki Yoshida
>            Assignee: Aki Yoshida
>             Fix For: 2.6.12, 2.7.9
>
>
> When WS-RM with an anonoymous endpoint is used in conjuction with a policy based WS-Security
configuration, the sequence acknoledgement response to the client is rejected by the policy
validator.
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token
does not match the token inclusion requirement
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:

> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token
does not match the token inclusion requirement
> 	at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)
> 	at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
> 	at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> 	at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:835)
> 	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1606)
> The cause of this issue is in the RM processing to reset the requestor role, whose value
will subsequently be used by the policy validator to choose the correct configuration value.
The requestor role for the SequenceAck messages should not be reset.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message