cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: WS-SecurityPolicy 1.0 handling
Date Mon, 14 Apr 2014 10:45:25 GMT
Hi,

Yes feel free to update the wiki to indicate that we do not support the 1.0
specification. I think using WSS4JOutInterceptor instead is a good
approach. You will then likely have to create an interceptor to mark the
1.0 policies as read.

The best place to start is with a sample client request that works + then
work backwards in terms of figuring out how to configure WSS4J to generate
the same request.

Colm.


On Fri, Apr 11, 2014 at 7:27 PM, Andrew Janke <apjanke.foss@gmail.com>wrote:

> Hi, CXF folks,
>
> I think I need to get a web service client working with a service whose
> WSDL uses WS-SecurityPolicy 1.0 definitions. What's a good way to do this
> with the current CXF release?
>
> I'd also like to update the CXF WS-SecurityPolicy doco page (at
> http://cxf.apache.org/docs/ws-securitypolicy.html) to indicate which WSSP
> versions are supported. Having that info up front would have saved me some
> time and frustration. Any objections?
>
>
> Here's the background.
>
> This is the service's WSDL: https://misapi.ercot.com/2007-
> 08/Nodal/eEDS/EWS/?WSDL
>
> It has policy bits like this.
>
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><sp:SecurityHeader
> MustManifestEncryption="true" MustPrepend="true" xmlns:sp="http://schemas.
> xmlsoap.org/ws/2002/12/secext"/></wsp:Policy>
>     <wsp:Policy wsu:Id="SecurityTokens" xmlns:wsp="http://schemas.
> xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-
> open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "><wsp:ExactlyOne><wsp:All><sp:SecurityToken xmlns:_ns1="http://www.
> actional.com" xmlns:sp="http://schemas.xmlsoap.org/ws/2002/12/secext"
> ><sp:TokenType>_ns1:SSLClientCertificate</sp:
> TokenType></sp:SecurityToken></wsp:All><wsp:All><sp:SecurityToken
> xmlns:sp="http://schemas.xmlsoap.org/ws/2002/12/secext"
> ><sp:TokenType>sp:X509v3</sp:TokenType></sp:SecurityToken><
> /wsp:All><wsp:All><sp:SecurityToken xmlns:_ns1="http://www.actional.com"
> xmlns:sp="http://schemas.xmlsoap.org/ws/2002/12/secext"
> ><sp:TokenType>_ns1:SSLClientCertificate</sp:
> TokenType></sp:SecurityToken><sp:SecurityToken xmlns:sp="http://schemas.
> xmlsoap.org/ws/2002/12/secext"><sp:TokenType>sp:X509v3</sp:
> TokenType></sp:SecurityToken></wsp:All></wsp:ExactlyOne></wsp:Policy>
>     <wsp:Policy wsu:Id="SignedBody" xmlns:wsp="http://schemas.
> xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-
> open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><sp:Integrity
> xmlns:sp="http://schemas.xmlsoap.org/ws/2002/12/secext"><sp:TokenInfo><sp:
> SecurityToken><sp:TokenType>sp:X509v3</sp:TokenType></sp:
> SecurityToken></sp:TokenInfo><sp:MessageParts>wsp:GetBody(.)
> </sp:MessageParts></sp:Integrity></wsp:Policy>
> ...
>     <wsp:Policy wsu:Id="MarketInfo_input_policy" xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-
> 200401-wss-wssecurity-utility-1.0.xsd"><wsp:PolicyReference
> URI="#SecurityTokens"/><wsp:PolicyReference URI="#SignedBody"/></wsp:
> Policy>
>
>
> And when I try to run a simple CXF client built with wsdl2java using JAXB
> bindings, I get this error.
>
>
> Apr 11, 2014 1:23:13 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean
> buildServiceFromWSDL
> INFO: Creating Service {http://www.ercot.com/wsdl/
> 2007-06/nodal/ewsConcrete}NodalService from WSDL:
> file:/C:/Users/janke/Dropbox/freelancing/EON/ERCOT-awards/
> project/ercot-mis-client-cxf/ErcotMisClient/build/classes/
> egcna/ercotmis/wsdisc/resources/WSDL/eEDS_EWS-PROD-20140320-edited.wsdl
> Apr 11, 2014 1:23:14 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
> handleNoRegisteredBuilder
> WARNING: No assertion builder for type {http://schemas.xmlsoap.org/
> ws/2002/12/secext}SecurityToken registered.
> Apr 11, 2014 1:23:14 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
> handleNoRegisteredBuilder
> WARNING: No assertion builder for type {http://schemas.xmlsoap.org/
> ws/2002/12/secext}Integrity registered.
> Apr 11, 2014 1:23:14 PM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for {http://www.ercot.com/wsdl/
> 2007-06/nodal/ewsConcrete}NodalService#{http://www.
> ercot.com/wsdl/2007-06/nodal/ewsConcrete}MarketInfo has thrown exception,
> unwinding now
> org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives
> can be satisfied.
>     at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:192)
>     at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:185)
>     at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(
> EffectivePolicyImpl.java:92)
>     at org.apache.cxf.ws.policy.PolicyEngineImpl.
> getEffectiveClientRequestPolicy(PolicyEngineImpl.java:200)
>     at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(
> PolicyOutInterceptor.java:98)
>     at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> AbstractPolicyInterceptor.java:44)
>     at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:272)
>     at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>     at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>     at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:135)
>     at com.sun.proxy.$Proxy32.marketInfo(Unknown Source)
>     at egcna.ercotmis.wsdisc.MarketInfoTestClient.pingServiceStatus(
> MarketInfoTestClient.java:76)
>     at egcna.ercotmis.wsdisc.MarketInfoTestClient.main(
> MarketInfoTestClient.java:49)
>
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of
> the policy alternatives can be satisfied.
>     at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:157)
>     at com.sun.proxy.$Proxy32.marketInfo(Unknown Source)
>     at egcna.ercotmis.wsdisc.MarketInfoTestClient.pingServiceStatus(
> MarketInfoTestClient.java:76)
>     at egcna.ercotmis.wsdisc.MarketInfoTestClient.main(
> MarketInfoTestClient.java:49)
> Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy
> alternatives can be satisfied.
>     at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:192)
>     at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative(
> EffectivePolicyImpl.java:185)
>     at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(
> EffectivePolicyImpl.java:92)
>     at org.apache.cxf.ws.policy.PolicyEngineImpl.
> getEffectiveClientRequestPolicy(PolicyEngineImpl.java:200)
>     at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(
> PolicyOutInterceptor.java:98)
>     at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> AbstractPolicyInterceptor.java:44)
>     at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:272)
>     at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>     at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>     at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:135)
>     ... 3 more
> Java Result: 1
>
>
> My diagnosis of that is that http://schemas.xmlsoap.org/ws/2002/12/secextis the namespace
for WS-SecurityPolicy 1.0, and those identifiers are
> lacking "registered handlers" because CXF doesn't support WSSP v 1.0, based
> on some earlier mailing list traffic. (Correct me if I'm wrong.)
>
> I read through the Jan '13 thread where Bob Ross was trying to do this
> with a similar web service. (http://cxf.547215.n5.nabble.
> com/Best-CXF-client-approach-for-remote-WSDL-using-wsp-
> Policy-td5721874.html) Is this still good advice? Basically, write a
> custom WSS4JOutInterceptor?
>
> Anybody know enough about WS-SecurityPolicy to know if I could just
> rewrite the WSDL to use WS-SecurityPolicy 1.1 terms and get the behavior
> the server is expecting, rather than writing custom Java code?
>
> Thanks for taking the time to read this.
>
> Cheers,
> Andrew
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message