cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Why is my X509Token policy not being satisfied? Is this a bug?
Date Fri, 28 Feb 2014 10:53:00 GMT
It looks like a bug on the sending side, as the Timestamp is not being
signed, hence the policy validation error. I can't reproduce this with the
latest CXF 2.6.x code, so it must have been fixed since the version you are
using.

Colm.


On Thu, Feb 27, 2014 at 4:10 PM, pvivacqua <pvivacqua@gmail.com> wrote:

> *Well, when sending my request with a timestamp WSS element, I get the
> following exception, even tough the <sp:IncludeTimestamp /> is declared on
> my binding policy.*
>
> 11:04:56,513 WARNING [org.apache.cxf.phase.PhaseInterceptorChain]
> (http-localhost-127.0.0.1-8080-1) Interceptor for {
>
> http://gid.ws.nds.acesso/}GidWsNDSAcesso#{http://gid.ws.nds.acesso/}adicionarPerfilOiVendehas
> thrown exception, unwinding now: org.apache.cxf.interceptor.Fault:
> These policy alternatives can not be satisfied:
> {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding
> :
> Received Timestamp does not match the requirements
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
> {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
> :
> Received Timestamp does not match the requirements
>  at
>
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47)
> [cxf-rt-ws-policy.jar:2.6.4]
> at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> [cxf-api.jar:2.6.4]
>  at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> [cxf-api.jar:2.6.4]
> at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:236)
> [cxf-rt-transports-http.jar:2.6.4]
>  at
>
> org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:95)
> [jbossws-cxf-server.jar:4.1.1.Final]
> at
>
> org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156)
> [jbossws-cxf-server.jar:4.1.1.Final]
>  at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
> [jbossws-cxf-server.jar:4.1.1.Final]
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225)
> [cxf-rt-transports-http.jar:2.6.4]
>  at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145)
> [cxf-rt-transports-http.jar:2.6.4]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
> [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
>  at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
> [jbossws-cxf-server.jar:4.1.1.Final]
> at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
> [jbossws-spi.jar:2.1.1.Final]
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> [jbossweb-7.0.13.Final.jar:]
>  at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> [jbossweb-7.0.13.Final.jar:]
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> [jbossweb-7.0.13.Final.jar:]
>  at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> [jbossweb-7.0.13.Final.jar:]
> at
>
> org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
> [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
>  at
>
> org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> [jbossweb-7.0.13.Final.jar:]
>  at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [jbossweb-7.0.13.Final.jar:]
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [jbossweb-7.0.13.Final.jar:]
>  at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> [jbossweb-7.0.13.Final.jar:]
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
> [jbossweb-7.0.13.Final.jar:]
>  at
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
> [jbossweb-7.0.13.Final.jar:]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
> [jbossweb-7.0.13.Final.jar:]
>  at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_21]
> Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives can not be satisfied:
> {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding
> :
> Received Timestamp does not match the requirements
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
> {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
> :
> Received Timestamp does not match the requirements
>  at
>
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167)
> [cxf-rt-ws-policy.jar:2.6.4]
> at
>
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
> [cxf-rt-ws-policy.jar:2.6.4]
>  at
>
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45)
> [cxf-rt-ws-policy.jar:2.6.4]
> ... 26 more
>
> *The policy:*
>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding>
>  <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
>  <sp:X509Token
> sp:IncludeToken="
>
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
> ">
>  <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
>  </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
>  <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
>  sp:IncludeToken="
>
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
> ">
>  <wsp:Policy>
> <sp:WssX509V3Token10 />
> <sp:RequireIssuerSerialReference />
>  </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
>  </sp:RecipientToken>
> <sp:Layout>
> <wsp:Policy>
>  <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
>  <sp:IncludeTimestamp />
> <sp:EncryptBeforeSigning />
> <sp:AlgorithmSuite>
>  <wsp:Policy>
> <sp:Basic128Rsa15 />
> </wsp:Policy>
>  </sp:AlgorithmSuite>
> </wsp:Policy>
> </sp:AsymmetricBinding>
>  <sp:Wss10>
> <wsp:Policy>
> <sp:MustSupportRefIssuerSerial />
>  </wsp:Policy>
> </sp:Wss10>
> </wsp:All>
>  </wsp:ExactlyOne>
> </wsp:Policy>
>
> *The Request*
>
> <soapenv:Envelope xmlns:gid="http://gid.ws.nds.acesso/" xmlns:soapenv="
> http://schemas.xmlsoap.org/soap/envelope/">
>  <soapenv:Header>
> <wsse:Security xmlns:wsse="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
>  <wsse:UsernameToken wsu:Id="UsernameToken-48">
>
> <wsse:Username>AI1qTwNjGnsE99RHFhQ6QFbao7u/fw179mU5oTwGyP6LOOMcffLGZHnlUWD62o3onuGNGbFltkAA
>
> LYVQmowJ2tfL2MdorywfON3uYdQksb0tROGj1q+dtfOEdOO0/nRB4KIPaI9iUQuLlTZTXZZLRCyL
> tfuPdNkM8ZQ/IgX8v+k=</wsse:Username>
>  <wsse:Password Type="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> ">GileUp2HMHBkZ3PvHk9PZFbbmOXKrDoGL/vEUVhXgBuJ5Z9U236w0J55xU645eH4RsltG3T4XmNQ
>
> e1ypi0NUbVzk2De4elkAKBF3s9bQE1rmONLoUYXQRuYDjNBbzajR2okXS80oKi7w0QOLibTFfQeO
> R04KmBo75ykchSqNwKM=</wsse:Password>
>  <wsse:Nonce EncodingType="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> ">t7AwSM3jy8syY3j3XWlruQ==</wsse:Nonce>
>  <wsu:Created>2014-02-27T14:00:03.276Z</wsu:Created>
> </wsse:UsernameToken>
> <ds:Signature Id="SIG-47" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>  <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#">
>  <ec:InclusiveNamespaces PrefixList="gid soapenv" xmlns:ec="
> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>  </ds:CanonicalizationMethod>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1
> "/>
>  <ds:Reference URI="#id-46">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
>  <ec:InclusiveNamespaces PrefixList="gid" xmlns:ec="
> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>  </ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>  <ds:DigestValue>lh8qsHYRjkgUaMLeF5ZXMxxtPGk=</ds:DigestValue>
> </ds:Reference>
>  </ds:SignedInfo>
>
> <ds:SignatureValue>nZjZLpwzgsMb6q5LFyl3jCVJOMk+sbbm7lJf/lXo32GWpYAekXJxBPMmVusf6d3tm6940zyJ+6Ek
>
> gW/rpemJ8ihG227sICVA+vU9e0JUOWkYr9Sw/b8auCISz1pJ2ZiL5eYtgvkb8cKhdsdw8CnuSZlp
>
> TMcxgpS5sOQHmML3C9DORxO56TkcQJDNp53L0Jn9NpvoWqdzTaXER7r20XRv58W7mu7VhmO12O+I
>
> Mt8lWpLdpz5HmY7U+2CN1BYBU+1B5T6acFn5KEs5Zf47SzskGJQ9lnLJNUKdd3Oo2y9lhzz9i3v8
> Z+LRWl1MQUU1rur+t1lAEqtg0FC4/E9oySq3CQ==</ds:SignatureValue>
> <ds:KeyInfo Id="KI-21B631412B80F4436D139350960323343">
> <wsse:SecurityTokenReference
> wsu:Id="STR-21B631412B80F4436D139350960323344">
>  <ds:X509Data>
> <ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=gid.ws,OU=OI,O=TNL PCS S/A,L=Rio de Janeiro,ST=Rio
> de
> Janeiro,C=BR</ds:X509IssuerName>
>  <ds:X509SerialNumber>186004993</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
>  </ds:X509Data>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
>  </ds:Signature>
> <xenc:EncryptedKey Id="EK-21B631412B80F4436D139350960322941" xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#">
>  <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#rsa-1_5
> "/>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>  <wsse:SecurityTokenReference>
> <ds:X509Data>
> <ds:X509IssuerSerial>
>  <ds:X509IssuerName>CN=gid.ws,OU=OI,O=TNL PCS S/A,L=Rio de Janeiro,ST=Rio
> de Janeiro,C=BR</ds:X509IssuerName>
> <ds:X509SerialNumber>2048318029</ds:X509SerialNumber>
>  </ds:X509IssuerSerial>
> </ds:X509Data>
> </wsse:SecurityTokenReference>
>  </ds:KeyInfo>
> <xenc:CipherData>
>
> <xenc:CipherValue>f3dXKuGY9gJi6QNj8jRxPOGzkLxmnGKdEwSWL43BjnrkS5GZVJw2HqIwZZHZ27p+fiyneKpqkCL52TMET3G0s0PUCZ2xk2vBLqvS2M7Ppt1h22UCYKZh9UpPStc/7vrclQu0Zgx/h4u3+QMFKhgTOh8KC5S1SSS+2IOmNO2Tlm+rNVBWSN4mKRHEd+kLg4+qUIqsmQ8JF69GOeMtKCfRIZCHRN5EP/k2UGAUKN7pFnD/YAlXh8o83Lr//mpZhseYT39LCakUPnkk+HjuX6c/aHbQD0WRfdLR/qHMuEuVUWwAph/ZiH47TgT4rpmKkvxJuQWuBovnEg3OEXUqg7vtmQ==</xenc:CipherValue>
>  </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference URI="#ED-45"/>
>  </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <wsu:Timestamp wsu:Id="TS-44">
>  <wsu:Created>2014-02-27T14:00:03Z</wsu:Created>
> <wsu:Expires>2014-02-27T15:23:23Z</wsu:Expires>
>  </wsu:Timestamp>
> </wsse:Security>
> </soapenv:Header>
>  <soapenv:Body wsu:Id="id-46" xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
>  <xenc:EncryptedData Id="ED-45" Type="
> http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#">
>  <xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>  <wsse:SecurityTokenReference wsse11:TokenType="
>
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> "
> xmlns:wsse="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
>  <wsse:Reference URI="#EK-21B631412B80F4436D139350960322941"/>
> </wsse:SecurityTokenReference>
>  </ds:KeyInfo>
> <xenc:CipherData>
>
> <xenc:CipherValue>3brCGRdilhQMbeXPIQ5LWgtyuLNVZnq/KjbkXYh/49LAdsB8Gh+FmCywHi/R1M4FkW896M/GYkDaOVK/rp0frV403c9K5c+RmlgzOFNyZCIp1Hyyy98Lr6oNdJPrGTnwGxbbadhBUb6mEuCb/Ywj+XiRLApr4WtKAs3mv0WCIoArKfP9YDY7ONK5xbqYQY6Zse3UkoIvIdY6NXTC7lQDUAC7yiMbfbSM4yjJ/nmaJJW9Qp4guUaXYj1tjEs7yQ1HkbKwr6NEhQhK7GDe+xfFBuW5YT0VfoKv134ThGP2umKB1gfqrd9vaNmbEBqylJTvFzXxGdaXzvVrjjB1tsUSgEJIDdhlqt5iKTu7HPGnNhTHafYR/XfHVK3jV4GJRHWEDKt8Vb+wa7bHZJXDVhvjXSJenR7VCh+F4ZkroMP0j8RFoPSEIZAgv/eQAdeJIqH/Xjf35vEKJ/FbUad5ybf06F7N/I2irOtPorOoOQtNMTMwrM/FPGFkkFjxKWBFpgxxcWSvvE1xs6MD5Q6lW5w7oZChza8vQyMyytMcJUxkxQAbKiu/hRD7wG5x/R9KLaqsKcsX9SQtd4/ZX4KTUhDWcJKuEs0khLV8WJkv7BxSba53HwtPlQHwP9aC2zFu+1OX2sw8Z5OlHDm6jBBVBtRt+THcf+nRktRowZiLzds1YCwW6ZcUK+cXKnIfEAoICtKrc6oELporR4Kz/FcfJHoVPxXh6qvoPNTImrw1WUWmUFhQo5sH7yBB3PG0wNSDRsev2p/3sc7fJ+acyC3GqVMoSyu0ExiMuuwBmZS/CzZE6PY=</xenc:CipherValue>
>  </xenc:CipherData>
> </xenc:EncryptedData>
> </soapenv:Body>
> </soapenv:Envelope>
>
> *Thanks again.*
>
> Paulo Vivacqua
>
>
> On Thu, Feb 27, 2014 at 11:35 AM, coheigea [via CXF] <
> ml-node+s547215n5740584h58@n5.nabble.com> wrote:
>
> > No. What is the problem you are seeing?
> >
> > Colm.
> >
> >
> > On Thu, Feb 27, 2014 at 2:17 PM, pvivacqua <[hidden email]<
> http://user/SendEmail.jtp?type=node&node=5740584&i=0>>
> > wrote:
> >
> > > Thanks Colm, I altered the token inclusion value of the InitiatorToken
> > to
> > > "Never" and it worked fine. By the way, do you know of any bug related
> > to
> > > the 'timestamp' policy that generates a fault even when the element is
> > > present?
> > >
> > > thanks,
> > >
> > >
> > > Paulo Vivacqua
> > >
> > >
> > > On Thu, Feb 27, 2014 at 7:11 AM, coheigea [via CXF] <
> > > [hidden email] <http://user/SendEmail.jtp?type=node&node=5740584&i=1>>
> > wrote:
> > >
> > > > You could try adding a "<sp:RequireThumbprintReference />" to the
> > > > InitiatorToken policy. If this doesn't work then you could change the
> > > > token
> > > > inclusion value of the InitiatorToken to "Never" (instead of
> > > > "AlwaysToRecipient"). That would require the service to have the
> > public
> > > > key
> > > > of the client stored locally.
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Wed, Feb 26, 2014 at 5:51 PM, pvivacqua <[hidden email]<
> > > http://user/SendEmail.jtp?type=node&node=5740562&i=0>>
> > > > wrote:
> > > >
> > > > > Colm, thanks for the response.
> > > > >
> > > > > Is there any way around ? We are stuck with
> jbossws-cxf-4.1.1.Final,
> > > due
> > > > to
> > > > > Jboss 7.1.1.
> > > > >
> > > > > thanks
> > > > >
> > > > > Paulo Vivacqua
> > > > >
> > > > >
> > > > > On Wed, Feb 26, 2014 at 1:02 PM, coheigea [via CXF] <
> > > > > [hidden email] <
> http://user/SendEmail.jtp?type=node&node=5740562&i=1>>
> >
> > > > wrote:
> > > > >
> > > > > > It's a bug that has only recently been fixed:
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commit;h=eb9ea1e1c049299221f080184a346d0ae5f8aef7
> > > > > >
> > > > > > You will have to upgrade to one of the latest (CXF) releases to
> > pick
> > > > it
> > > > > > up.
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > > On Wed, Feb 26, 2014 at 2:53 PM, pvivacqua <[hidden email]<
> > > > > http://user/SendEmail.jtp?type=node&node=5740532&i=0>>
> > > > > > wrote:
> > > > > >
> > > > > > > *Hi,
> > > > > > >
> > > > > > > I am currently trying to implement WS-SecurityPolicy on a web
> > > > service
> > > > > > that
> > > > > > > uses WS-Security (Jboss 7.1.1 + jbossws-cxf-4.1.1.Final). I am
> > > > trying
> > > > > to
> > > > > > > make CXF enforce tree policies: UsernameToken with Mutual
> > X.509v3
> > > > > > > Authentication, Sign and Encrypt as follows:*
> > > > > > >
> > > > > > > <wsp:Policy
> > > > > > > xmlns:wsu="
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > > > > > > "
> > > > > > > xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
> > > > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > > > > > > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
> > > > > > > xmlns:tcp="
> > > > > > http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service"
> > > > > > > xmlns:sp="
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
> > > >
> > > > > > > xmlns:sc="http://schemas.sun.com/2006/03/wss/server"
> > > > > > > xmlns:fi="
> > > > > > >
> > http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service
> > > "
> > > > > > > wsu:Id="GidWsNDSOiVendeBindingPolicy">
> > > > > > >         <wsp:ExactlyOne>
> > > > > > >                 <wsp:All>
> > > > > > >                         <sp:AsymmetricBinding>
> > > > > > >                                 <wsp:Policy>
> > > > > > >                                         <sp:InitiatorToken>
> > > > > > >                                                 <wsp:Policy>
> > > > > > >
> > > > <sp:X509Token
> > > > > > > sp:IncludeToken="
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> > > > > > > ">
> > > > > > >
> > > > > > > <wsp:Policy>
> > > > > > >
> > > > > > > <sp:WssX509V3Token11/>
> > > > > > >
> > > > > > > </wsp:Policy>
> > > > > > >
> > > > </sp:X509Token>
> > > > > > >                                                 </wsp:Policy>
> > > > > > >                                         </sp:InitiatorToken>
> > > > > > >                                         <sp:RecipientToken>
> > > > > > >                                                 <wsp:Policy>
> > > > > > >
> > > > <sp:X509Token
> > > > > > > sp:IncludeToken="
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
> > > > > > > ">
> > > > > > >
> > > > > > > <wsp:Policy>
> > > > > > >
> > > > > > > <sp:WssX509V3Token10/>
> > > > > > >
> > > > > > > <sp:RequireIssuerSerialReference/>
> > > > > > >
> > > > > > > </wsp:Policy>
> > > > > > >
> > > > </sp:X509Token>
> > > > > > >                                                 </wsp:Policy>
> > > > > > >                                         </sp:RecipientToken>
> > > > > > >                                         <sp:Layout>
> > > > > > >                                                 <wsp:Policy>
> > > > > > >
> > > <sp:Strict/>
> > > > > > >                                                 </wsp:Policy>
> > > > > > >                                         </sp:Layout>
> > > > > > >
> > <sp:EncryptBeforeSigning/>
> > > > > > >                                         <sp:AlgorithmSuite>
> > > > > > >                                                 <wsp:Policy>
> > > > > > >
> > > > > > <sp:Basic128Rsa15/>
> > > > > > >                                                 </wsp:Policy>
> > > > > > >                                         </sp:AlgorithmSuite>
> > > > > > >                                 </wsp:Policy>
> > > > > > >                         </sp:AsymmetricBinding>
> > > > > > >                         <sp:Wss10>
> > > > > > >                                 <wsp:Policy>
> > > > > > >
> > > > > <sp:MustSupportRefIssuerSerial/>
> > > > > > >                                 </wsp:Policy>
> > > > > > >                         </sp:Wss10>
> > > > > > >                 </wsp:All>
> > > > > > >         </wsp:ExactlyOne>
> > > > > > > </wsp:Policy>
> > > > > > >
> > > > > > >
> > > > > > > *All the policies work fine, except for the X509Token Assertion
> > > that
> > > > > > > generates the following exception.*
> > > > > > >
> > > > > > > 10:59:56,636 WARNING
> > [org.apache.cxf.phase.PhaseInterceptorChain]
> > > > > > > (http-localhost-127.0.0.1-8080-1) Interceptor for
> > > > > > > {
> > > > > > >
> > > > >
> > >
> http://gid.ws.nds.oiVende/}GidWsNDSOiVende#{http://gid.ws.nds.OiVende/}teste
> >
> > > >
> > > > > >
> > > > > > > has thrown exception, unwinding now:
> > > > org.apache.cxf.interceptor.Fault:
> > > > > > > These
> > > > > > > policy alternatives can not be satisfied:
> > > > > > > {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token:
> > > >
> > > > > > The
> > > > > > > received token does not match the token inclusion requirement
> > > > > > > {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > >
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47)
> >
> > > >
> > > > > >
> > > > > > > [cxf-rt-ws-policy.jar:2.6.4]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> >
> > > >
> > > > > >
> > > > > > > [cxf-api.jar:2.6.4]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> >
> > > >
> > > > > >
> > > > > > > [cxf-api.jar:2.6.4]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:236)
> >
> > > >
> > > > > >
> > > > > > > [cxf-rt-transports-http.jar:2.6.4]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:95)
> >
> > > >
> > > > > >
> > > > > > > [jbossws-cxf-server.jar:4.1.1.Final]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156)
> >
> > > >
> > > > > >
> > > > > > > [jbossws-cxf-server.jar:4.1.1.Final]
> > > > > > >         at
> > > > > > >
> > org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
> > > > > > > [jbossws-cxf-server.jar:4.1.1.Final]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225)
> >
> > > >
> > > > > >
> > > > > > > [cxf-rt-transports-http.jar:2.6.4]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145)
> >
> > > >
> > > > > >
> > > > > > > [cxf-rt-transports-http.jar:2.6.4]
> > > > > > >         at
> > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
> > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> > > > > > >         at
> > > > > > >
> > > > org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
> > > > > > > [jbossws-cxf-server.jar:4.1.1.Final]
> > > > > > >         at
> > > > > > >
> > > org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
> > > > > > > [jbossws-spi.jar:2.1.1.Final]
> > > > > > >         at
> > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
> >
> > > >
> > > > > >
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
> >
> > > >
> > > > > >
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> >
> > > >
> > > > > >
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
> >
> > > >
> > > > > >
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
> >
> > > >
> > > > > >
> > > > > > > [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
> >
> > > >
> > > > > >
> > > > > > > [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> >
> > > >
> > > > > >
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> >
> > > >
> > > > > >
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> >
> > > >
> > > > > >
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
> >
> > > >
> > > > > >
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at
> > > > > > >
> > > >
> > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
> > > > > > > [jbossweb-7.0.13.Final.jar:]
> > > > > > >         at java.lang.Thread.run(Thread.java:722)
> > [rt.jar:1.7.0_21]
> > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These
> > policy
> > > > > > > alternatives can not be satisfied:
> > > > > > > {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token:
> > > >
> > > > > > The
> > > > > > > received token does not match the token inclusion requirement
> > > > > > > {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > >
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167)
> >
> > > >
> > > > > >
> > > > > > > [cxf-rt-ws-policy.jar:2.6.4]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
> >
> > > >
> > > > > >
> > > > > > > [cxf-rt-ws-policy.jar:2.6.4]
> > > > > > >         at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45)
> >
> > > >
> > > > > >
> > > > > > > [cxf-rt-ws-policy.jar:2.6.4]
> > > > > > >         ... 26 more
> > > > > > >
> > > > > > > *The request that generated the exception:*
> > > > > > >
> > > > > > > <soapenv:Envelope xmlns:gid="http://gid.ws.nds.OiVende/"
> > > > > > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> > > > > > >         <soapenv:Header>
> > > > > > >                 <wsse:Security
> > > > > > > xmlns:wsse="
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > > > > > > "
> > > > > > > xmlns:wsu="
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > > > > > > ">
> > > > > > >                         <wsse:UsernameToken
> > > > wsu:Id="UsernameToken-16">
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> <wsse:Username>AI1qTwNjGnsE99RHFhQ6QFbao7u/fw179mU5oTwGyP6LOOMcffLGZHnlUWD62o3onuGNGbFltkAA
> >
> > > >
> > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> LYVQmowJ2tfL2MdorywfON3uYdQksb0tROGj1q+dtfOEdOO0/nRB4KIPaI9iUQuLlTZTXZZLRCyL
> >
> > > >
> > > > > >
> > > > > > > tfuPdNkM8ZQ/IgX8v+k=</wsse:Username>
> > > > > > >                                 <wsse:Password
> > > > > > > Type="
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> ">GileUp2HMHBkZ3PvHk9PZFbbmOXKrDoGL/vEUVhXgBuJ5Z9U236w0J55xU645eH4RsltG3T4XmNQ
> >
> > > >
> > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> e1ypi0NUbVzk2De4elkAKBF3s9bQE1rmONLoUYXQRuYDjNBbzajR2okXS80oKi7w0QOLibTFfQeO
> >
> > > >
> > > > > >
> > > > > > > R04KmBo75ykchSqNwKM=</wsse:Password>
> > > > > > >                                 <wsse:Nonce
> > > > > > > EncodingType="
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> > > > > > > ">ngNCqeakderQcMpmxf4DvA==</wsse:Nonce>
> > > > > > >
> > > > > > > <wsu:Created>2014-02-26T13:59:52.827Z</wsu:Created>
> > > > > > >                         </wsse:UsernameToken>
> > > > > > >                         <ds:Signature Id="SIG-15" xmlns:ds="
> > > > > > > http://www.w3.org/2000/09/xmldsig#">
> > > > > > >                                 <ds:SignedInfo>
> > > > > > >
> > <ds:CanonicalizationMethod
> > > > > > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> > > > > > >
> > > > <ec:InclusiveNamespaces
> > > > > > > PrefixList="gid soapenv"
> > > > > > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> > > > > > >
> > > </ds:CanonicalizationMethod>
> > > > > > >                                         <ds:SignatureMethod
> > > > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> > > > > > >                                         <ds:Reference
> > URI="#id-14">
> > > > > > >                                                 <ds:Transforms>
> > > > > > >
> > > > <ds:Transform
> > > > > > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> > > > > > >
> > > > > > > <ec:InclusiveNamespaces PrefixList="gid"
> > > > > > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> > > > > > >
> > > > </ds:Transform>
> > > > > > >
> </ds:Transforms>
> > > > > > >
> <ds:DigestMethod
> > > > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> > > > > > >
> > > > > > > <ds:DigestValue>OQqnS4HijCjWqZud07QwEnBv1ho=</ds:DigestValue>
> > > > > > >                                         </ds:Reference>
> > > > > > >                                 </ds:SignedInfo>
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> <ds:SignatureValue>QW99DAhwIr/xgHnToRtPBVi87LtlUov6k/6kxGpGzqNpK4N5aI2FclAYX9AsU6Rt1mD4rvW7acvW
> >
> > > >
> > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> VttWeQ73bLRtaBm9i2Kcb4/qKISWCpkbomRZO9t3G107hy57WP7SsO1m+uILMD3HqPnYX9clV4Ch
> >
> > > >
> > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> kPHxpywKNdtJHd3TMBUgPHPWtHIcArm5buDfq4ptLTexq+YDcDpCbVB328S+oQpi8wZNSP9JX556
> >
> > > >
> > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> zHjNpDekI+S2dIDxSi/7a7PjNDO8d4ajg7yInznVx3AZm8AU6WHevdcFvIj8hFcKf+7eWNzS/Uos
> >
> > > >
> > > > > >
> > > > > > > FBr6+xuHX1C6dr/5FVgsCL2Ubr/vwPg8LdneJQ==</ds:SignatureValue>
> > > > > > >                                 <ds:KeyInfo
> > > > > > > Id="KI-6F2BD13BBF5C75E94C139342319278815">
> > > > > > >
> > > <wsse:SecurityTokenReference
> > > > > > > wsu:Id="STR-6F2BD13BBF5C75E94C139342319278816">
> > > > > > >                                                 <ds:X509Data>
> > > > > > >
> > > > > > > <ds:X509IssuerSerial>
> > > > > > >
> > > > > > > <ds:X509IssuerName>CN=gid.ws,OU=OI,O=TNL PCS S/A,L=Rio de
> > > > > > > Janeiro,ST=Rio de Janeiro,C=BR</ds:X509IssuerName>
> > > > > > >
> > > > > > > <ds:X509SerialNumber>186004993</ds:X509SerialNumber>
> > > > > > >
> > > > > > > </ds:X509IssuerSerial>
> > > > > > >                                                 </ds:X509Data>
> > > > > > >
> > > > </wsse:SecurityTokenReference>
> > > > > > >                                 </ds:KeyInfo>
> > > > > > >                         </ds:Signature>
> > > > > > >                         <xenc:EncryptedKey
> > > > > > > Id="EK-6F2BD13BBF5C75E94C139342319278513"
> > > > > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> > > > > > >                                 <xenc:EncryptionMethod
> > > > > > > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> > > > > > >                                 <ds:KeyInfo xmlns:ds="
> > > > > > > http://www.w3.org/2000/09/xmldsig#">
> > > > > > >
> > > > <wsse:SecurityTokenReference>
> > > > > > >                                                 <ds:X509Data>
> > > > > > >
> > > > > > > <ds:X509IssuerSerial>
> > > > > > >
> > > > > > > <ds:X509IssuerName>CN=gid.ws,OU=OI,O=TNL PCS S/A,L=Rio de
> > > > > > > Janeiro,ST=Rio de Janeiro,C=BR</ds:X509IssuerName>
> > > > > > >
> > > > > > > <ds:X509SerialNumber>2048318029</ds:X509SerialNumber>
> > > > > > >
> > > > > > > </ds:X509IssuerSerial>
> > > > > > >                                                 </ds:X509Data>
> > > > > > >
> > > > </wsse:SecurityTokenReference>
> > > > > > >                                 </ds:KeyInfo>
> > > > > > >                                 <xenc:CipherData>
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> <xenc:CipherValue>dt7uxlbVMrE2NW7gKB22hl8SaxAY0003BaIJFrs1wCfHhCtg0AhZxGL6Qw0r1lUXPYLMuMjjKddoUbZzsyH8oZYy8umVOokfZyAsukBT4+58MjHrtfhP95f57PB/5P9KDwAYuU/34UhFJfe2PMAAaTn2Wnuk1a0PqvPIHKm7oHWb6qekaKWssGWGvPhFAFg1ea5ao3S9e9OsyXzPxjlHE/bT/aA3dKO4usnkxb+HRweYZQ2E9OK25J5kdBg+fs6195zQI2hCr5X/+cNCm6VvE7RvfPkU0VrwFXSBp0opzg8dpb1ZH17WtV09nyjIsGlMypNvDYIWJYwvKZ2B4ISQkw==</xenc:CipherValue>
> >
> > > >
> > > > > >
> > > > > > >                                 </xenc:CipherData>
> > > > > > >                                 <xenc:ReferenceList>
> > > > > > >                                         <xenc:DataReference
> > > > > > URI="#ED-13"/>
> > > > > > >                                 </xenc:ReferenceList>
> > > > > > >                         </xenc:EncryptedKey>
> > > > > > >                 </wsse:Security>
> > > > > > >         </soapenv:Header>
> > > > > > >         <soapenv:Body wsu:Id="id-14"
> > > > > > > xmlns:wsu="
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > > > > > > ">
> > > > > > >                 <xenc:EncryptedData Id="ED-13"
> > > > > > > Type="http://www.w3.org/2001/04/xmlenc#Content"
> > > > > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> > > > > > >                         <xenc:EncryptionMethod
> > > > > > > Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
> > > > > > >                         <ds:KeyInfo xmlns:ds="
> > > > > > > http://www.w3.org/2000/09/xmldsig#">
> > > > > > >                                 <wsse:SecurityTokenReference
> > > > > > > wsse11:TokenType="
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
> > > > > > > "
> > > > > > > xmlns:wsse="
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > > > > > > "
> > > > > > > xmlns:wsse11="
> > > > > > >
> > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
> > > ">
> > > >
> > > > > > >                                         <wsse:Reference
> > > > > > > URI="#EK-6F2BD13BBF5C75E94C139342319278513"/>
> > > > > > >                                 </wsse:SecurityTokenReference>
> > > > > > >                         </ds:KeyInfo>
> > > > > > >                         <xenc:CipherData>
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> <xenc:CipherValue>p10d5TaRMy1vspa7TjBYZXrd2ZnTIPa6e5+OWHHKO2FZDt/Gst1skyPw/WdA2qzLXtqYm9EXvlwpkcgOp6NrDKsxVgm3uymRsTtvQZ8xeb3OgaZAuW9Cu5ADCStu5N3ykOb/BLfkSFbtnOZSqNrfYEyrFgLBNOFbiY3pTPRP7jqqWaHZjlKJoPtsizt2VB2rbZxiIubbfEgAz1HITyTWa0umhMD0pFK3HewWfIyMNvPSLTHUHPH433u9pPkAROP1b+V1sYbVJpm2ED3L0lujiUujB1S/vV89hAMAHjAVq8qzLZCwOfI64IaNwxzkbZdNmf+UybPtv0+YCy9nKlUalk8lZltHMEi96xTfTHDJMTHhUFE11fS3pqcX3j3tgPJHPPkYz95ZO7Sdn/wQeJXjFL2BHs0tuHPQwY/We5IgSLWqZpCgMHaFOXj1t6XMxGy/n0Y7Y06svaXGevGejJzBixX+8Ab9lLFMqx3WdToeF3onzNCn+gYD8P7UVtV3medF7GWe0Bb/JJSq7bsO6xzDpDl0lntm3gWO3S/ChxidRtRj+rN6ZQ7rBBUXKaEO0Ce9pDnsSxeVMYxJGNwyCeL3d4NOTqG/YtmecN58sOnpsC2WXCz26YqKiWQLKkH0bBSXVGMzi6Fsk7TgSw9VcobiFTffa+tcvSEWeFE/k+YrlL+EhCgw/ez31kbTglsXn4R5UTB4exBNjX7iW/f7iQzgentAIRTOLor6AezHD1GBGB5KVJuIL/gbrsguOlLQ0nqDM31AUj6t1pz4ygCTczNk16yZ4DMEX6dcXQzexprtRbQbqxnWVtcdx4on8isUUQWJ5dKzuRfx5CJ+nYnHRPKhKv4R3oqIvm3bAIMm6kd2tFY8wniN+tkao7XXkuwxdZbD8ZLMyjFNx97c41DPdXq/B9nwkaCKRBUW05waZ3u8bFAIciC35soYzijbeCEY+31pEUkNE1HbGYyrCWrh1PRRb7YaBAHJojq3hHqjkdEbFYgHdEj3xmyHinbted0LWYeF2+0mLt3Lu3rGK9hxY0nE/SW72zl5+qKq0qdzZChivXWehlxMan+IweY1t91DL7q+dImrAoWS03AWsZasXIWmfRJDYBn8+rMJOEQndjd6nlzuZHFFek3Rc4Jx/UYMFzMD3l0qxPoYfMkBxtg7/VKyDA==</xenc:CipherValue>
> >
> > > >
> > > > > >
> > > > > > >                         </xenc:CipherData>
> > > > > > >                 </xenc:EncryptedData>
> > > > > > >         </soapenv:Body>
> > > > > > > </soapenv:Envelope>
> > > > > > >
> > > > > > > *The jbossws-cxf.xml jaxws configuration:*
> > > > > > >
> > > > > > > <jaxws:properties>
> > > > > > >                 <entry key="ws-security.callback-handler"
> > > > > > > value="br.com.gid.ws.interfaces.callback.PasswordCallback"/>
> > > > > > >                 <entry key="ws-security.encryption.properties"
> > > > > > > value="resources/GidWsNDS_Server_Decrypt.properties"/>
> > > > > > >                 <entry key="ws-security.signature.properties"
> > > > > > > value="resources/GidWsNDS_Server_Decrypt.properties"/>
> > > > > > >                 <entry key="ws-security.encryption.username"
> > > > > > > value="useReqSigCert"/>
> > > > > > >                 <entry key="ws-security.validate.token"
> > > > value="false"/>
> > > > > > >         </jaxws:properties>
> > > > > > >
> > > > > > >
> > > > > > > *Thanks  in advance.*
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > View this message in context:
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526.html
> > > > > > > Sent from the cxf-user mailing list archive at Nabble.com.
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > > ------------------------------
> > > > > >  If you reply to this email, your message will be added to the
> > > > discussion
> > > > > > below:
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740532.html
> > > > > >  To unsubscribe from Why is my X509Token policy not being
> > satisfied?
> > > > Is
> > > > > > this a bug?, click here<
> > > > >
> > > > >
> > > > > > .
> > > > > > NAML<
> > > > >
> > > >
> > >
> >
> http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
> > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > View this message in context:
> > > > >
> > > >
> > >
> >
> http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740541.html
> > > >
> > > > > Sent from the cxf-user mailing list archive at Nabble.com.
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > > ------------------------------
> > > >  If you reply to this email, your message will be added to the
> > discussion
> > > > below:
> > > >
> > > >
> > >
> >
> http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740562.html
> > > >  To unsubscribe from Why is my X509Token policy not being satisfied?
> > Is
> > > > this a bug?, click here<
> > >
> > >
> > > > .
> > > > NAML<
> > >
> >
> http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
> > > >
> > > >
> > >
> > >
> > >
> > >
> > > --
> > > View this message in context:
> > >
> >
> http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740581.html
> >
> > > Sent from the cxf-user mailing list archive at Nabble.com.
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> > ------------------------------
> >  If you reply to this email, your message will be added to the discussion
> > below:
> >
> >
> http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740584.html
> >  To unsubscribe from Why is my X509Token policy not being satisfied? Is
> > this a bug?, click here<
> http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5740526&code=cHZpdmFjcXVhQGdtYWlsLmNvbXw1NzQwNTI2fDExOTgzNDEyMTk=
> >
> > .
> > NAML<
> http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
> >
> >
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740599.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message