cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From timmgrant <timmgr...@gmail.com>
Subject SecureConversationInInterceptor removing all assertions
Date Tue, 18 Oct 2011 16:52:59 GMT
Hi,

I am using CXF 2.4.3 with the following policy:

	<wsp:Policy wsu:Id="WSHttpBinding_Blah_policy">
		<wsp:ExactlyOne>
			<wsp:All>
				<sp:TransportBinding
					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:TransportToken>
							<wsp:Policy>
								<sp:HttpsToken RequireClientCertificate="false" />
							</wsp:Policy>
						</sp:TransportToken>
						<sp:AlgorithmSuite>
							<wsp:Policy>
								<sp:Basic256 />
							</wsp:Policy>
						</sp:AlgorithmSuite>
						<sp:Layout>
							<wsp:Policy>
								<sp:Strict />
							</wsp:Policy>
						</sp:Layout>
						<sp:IncludeTimestamp />
					</wsp:Policy>
				</sp:TransportBinding>
				<sp:EndorsingSupportingTokens
					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:SecureConversationToken
						
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
							<wsp:Policy>
								<sp:BootstrapPolicy>
									<wsp:Policy>
										<sp:SignedParts>
											<sp:Body />
											<sp:Header Name="To"
												Namespace="http://www.w3.org/2005/08/addressing" />
											<sp:Header Name="From"
												Namespace="http://www.w3.org/2005/08/addressing" />
											<sp:Header Name="FaultTo"
												Namespace="http://www.w3.org/2005/08/addressing" />
											<sp:Header Name="ReplyTo"
												Namespace="http://www.w3.org/2005/08/addressing" />
											<sp:Header Name="MessageID"
												Namespace="http://www.w3.org/2005/08/addressing" />
											<sp:Header Name="RelatesTo"
												Namespace="http://www.w3.org/2005/08/addressing" />
											<sp:Header Name="Action"
												Namespace="http://www.w3.org/2005/08/addressing" />
										</sp:SignedParts>
										<sp:EncryptedParts>
											<sp:Body />
										</sp:EncryptedParts>
										<sp:TransportBinding>
											<wsp:Policy>
												<sp:TransportToken>
													<wsp:Policy>
														<sp:HttpsToken RequireClientCertificate="false" />
													</wsp:Policy>
												</sp:TransportToken>
												<sp:AlgorithmSuite>
													<wsp:Policy>
														<sp:Basic256 />
													</wsp:Policy>
												</sp:AlgorithmSuite>
												<sp:Layout>
													<wsp:Policy>
														<sp:Strict />
													</wsp:Policy>
												</sp:Layout>
												<sp:IncludeTimestamp />
											</wsp:Policy>
										</sp:TransportBinding>
										<sp:EndorsingSupportingTokens>
											<wsp:Policy>
												<sp:X509Token
												
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
													<wsp:Policy>
														<sp:RequireThumbprintReference />
														<sp:WssX509V3Token10 />
													</wsp:Policy>
												</sp:X509Token>
												<sp:SignedParts>
													<sp:Header Name="To"
														Namespace="http://www.w3.org/2005/08/addressing" />
												</sp:SignedParts>
											</wsp:Policy>
										</sp:EndorsingSupportingTokens>
										<sp:Wss11>
											<wsp:Policy>
												<sp:MustSupportRefKeyIdentifier />
												<sp:MustSupportRefIssuerSerial />
												<sp:MustSupportRefThumbprint />
												<sp:MustSupportRefEncryptedKey />
											</wsp:Policy>
										</sp:Wss11>
										<sp:Trust10>
											<wsp:Policy>
												<sp:MustSupportIssuedTokens />
												<sp:RequireClientEntropy />
												<sp:RequireServerEntropy />
											</wsp:Policy>
										</sp:Trust10>
									</wsp:Policy>
								</sp:BootstrapPolicy>
							</wsp:Policy>
						</sp:SecureConversationToken>
						<sp:SignedParts>
							<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"
/>
						</sp:SignedParts>
					</wsp:Policy>
				</sp:EndorsingSupportingTokens>
				<sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:MustSupportRefKeyIdentifier />
						<sp:MustSupportRefIssuerSerial />
						<sp:MustSupportRefThumbprint />
						<sp:MustSupportRefEncryptedKey />
					</wsp:Policy>
				</sp:Wss11>
				<sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:MustSupportIssuedTokens />
						<sp:RequireClientEntropy />
						<sp:RequireServerEntropy />
					</wsp:Policy>
				</sp:Trust10>
				<wsaw:UsingAddressing />
			</wsp:All>
		</wsp:ExactlyOne>
	</wsp:Policy>

However I am getting the following error:

These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Trust10

I am 99% certain the request message is fine and when I debug I can see that
all the policies are being satisfied however the
SecureConversationInInterceptor is then replacing the AssertionInfoMap (line
252). Then when the PolicyVerificationInInterceptor checks that the
assertions have been satisfied they all fail because it has been replaced
with the new assertioninfomap.  I'm at a bit of a loss as to whether this is
a bug or if I've missed something?

Any ideas?

Cheers,
Tim

--
View this message in context: http://cxf.547215.n5.nabble.com/SecureConversationInInterceptor-removing-all-assertions-tp4914500p4914500.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message