cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <ashaki...@talend.com>
Subject RE: policy attachment
Date Mon, 07 Jul 2014 10:22:29 GMT
Cool.

Btw, in 3.0.1 I activated URIDomainExpressionBuilder by default, so it should work out of
the box.

Regards,
Andrei.

> -----Original Message-----
> From: Lambert, Michael [mailto:michael@michaellambert.com]
> Sent: Samstag, 5. Juli 2014 04:31
> To: users@cxf.apache.org
> Subject: Re: policy attachment
> 
> Everything works Andrei including the new URI syntax; I really appreciate the
> help! cxf 2.7.12 isnt available in maven central yet so i had to copy over the two
> classes you mentioned but it works perfectly!
> 
> Thanks!
> 
> -Mike
> 
> 
> On Fri, Jul 4, 2014 at 10:30 AM, Andrei Shakirin <ashakirin@talend.com>
> wrote:
> 
> > Hi,
> >
> > > -----Original Message-----
> > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > Sent: Donnerstag, 3. Juli 2014 17:00
> > > To: users@cxf.apache.org
> > > Subject: Re: policy attachment
> > >
> > > I figured it out but the documentation wasnt a lot of help. It
> > > appears
> > that the
> > > EndpointReferenceDomainExpression is being compared to the address
> > > configured in the jaxrs-endpoint and not what is in the wsdl. This
> > > makes PERFECT sense but as all the example configuration contained
> > > the
> > complete url
> > > (including protocol and port: e.g.
> >
> > Correct, the service will be published under address configured into
> > jaxws:endpoint and this address will be used for domain expression matching.
> > Perhaps it makes sense to explicitly write it into policy documentation.
> > Do you have wsp:URI running as well (using URIDomainExpressionBuilder)?
> >
> > Regards,
> > Andrei.
> >
> > > http://localhost:8080/user-servic/userService) i wrongly presumed
> > > that
> > it was
> > > either reading the address from the actual request and comparing it
> > > to
> > the
> > > expression or reading it from the configured wsdl address.
> > >
> > > So when a configuration looks like this:
> > >
> > > <jaxws:endpoint id="userService"
> > > implementor="com.healthmedia.ws.wsdl.user.v1.UserServiceImpl"
> > > address="/userService">
> > > <jaxws:properties>
> > > <entry key="ws-security.ut.validator" value-ref="validator" />
> > > </jaxws:properties> </jaxws:endpoint>
> > >
> > > The policy expression should reflect the address above like so:
> > >
> > > <?xml version="1.0" encoding="UTF-8" ?> <attachments
> > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > > xmlns:i18np="http://www.w3.org/2008/04/ws-i18np"
> > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > > <wsp:PolicyAttachment>
> > > <wsp:AppliesTo>
> > > <wsa:EndpointReference>
> > > <wsa:Address>/userService</wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > > <wsp:Policy>
> > > <wsp:ExactlyOne>
> > > <wsp:All>
> > > <wsp:Policy>
> > > <i18np:i18n Optional="false" />
> > > </wsp:Policy>
> > > </wsp:All>
> > > </wsp:ExactlyOne>
> > > </wsp:Policy>
> > > </wsp:PolicyAttachment>
> > > </attachments>
> > >
> > > Thanks for the help. This was tremendously frustrating to figure out.
> > Thank god
> > > for debuggers!
> > >
> > > -Mike
> > >
> > >
> > >
> > > On Thu, Jul 3, 2014 at 7:37 AM, Lambert, Michael
> > > <michael@michaellambert.com
> > > > wrote:
> > >
> > > > Sorry Andrei,
> > > >
> > > > I didnt think you were going to respond so i moved forward with a
> > > > solution using another technique. I would like to solve this issue
> > > > however so i created a branch with the problem:
> > > >
> > > >
> > > > https://github.com/MacFlecknoe/service-repository-sample/blob/poli
> > > > cy-a
> > > > ttachement-problem/schema/src/main/resources/policy/authentication
> > > > -pol icy.xml
> > > > https://github.com/MacFlecknoe/service-repository-sample/blob/
> > > > policy-attachement-problem
> > > > /schema/src/main/resources/service/user-soap-v1.wsdl
> > > > <https://github.com/MacFlecknoe/service-repository-sample/blob/mas
> > > > ter/ schema/src/main/resources/service/user-soap-v1.wsdl>
> > > > https://github.com/MacFlecknoe/service-repository-sample/blob/
> > > > <https://github.com/MacFlecknoe/service-repository-sample/blob/mas
> > > > ter/ user/service/src/main/webapp/WEB-INF/beans.xml>
> > > > policy-attachement-problem
> > > > <https://github.com/MacFlecknoe/service-repository-sample/blob/mas
> > > > ter/ schema/src/main/resources/service/user-soap-v1.wsdl>
> > > > /user/service/src/main/webapp/WEB-INF/beans.xml
> > > >
> > > > Could you take another quick peek? Again, the problem is that the
> > > > policy is being completely ignored. The address i have it
> > > > configured for is both reflected in the wsdl and in reality when I
> > > > start my
> > server.
> > > >
> > > > Also, is there a way to configure the address in the policy so
> > > > that is dynamic? I am not sure what the end address of the service
> > > > is going to be once its deployed (e.g. its domain will likely change).
> > > >
> > > > Thanks,
> > > >
> > > > Mike
> > > >
> > > >
> > > > On Thu, Jul 3, 2014 at 4:38 AM, Andrei Shakirin
> > > > <ashakirin@talend.com>
> > > > wrote:
> > > >
> > > >> Hi,
> > > >>
> > > >> I am bit confused:  don't see policy attachments in your
> > > >> configuration, you attach policies direct to endpoint:
> > > >>
> > > >> <jaxws:features>
> > > >>   <bean class="org.apache.cxf.feature.LoggingFeature"/>
> > > >>   <p:policies>
> > > >>        <!-- we attach policies via spring as there are issues
> > > >> leveraging external policy attachments when using
> > > >> PolicyAttachement
> > with
> > > cxf 2.*-->
> > > >>       <wsp:PolicyReference
> > > >> URI="classpath:policy/authentication-policy.xml" />
> > > >>       <wsp:PolicyReference URI="classpath:policy/i18n-policy.xml"
/>
> > > >>    </p:policies>
> > > >> </jaxws:features>
> > > >>
> > > >> To use policy attachments you need something like:
> > > >>
> > > >>     <cxf:bus>
> > > >>         <cxf:features>
> > > >>             <p:policies/>
> > > >>         </cxf:features>
> > > >>     </cxf:bus>
> > > >>
> > > >>     <p:externalAttachment
> > > >> location="${temp.location}/addr-external.xml"/>
> > > >>
> > > >> Where addr-external.xml is policy attachment:
> > > >>
> > > >> <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
> > > >> http://www.w3.org/2005/08/addressing">
> > > >>     <wsp:PolicyAttachment>
> > > >>         <wsp:AppliesTo>
> > > >>             <wsa:EndpointReference>
> > > >>                 <wsa:Address>
> > > >> http://localhost:9020/SoapContext/GreeterPort</wsa:Address>
> > > >>             </wsa:EndpointReference>
> > > >>         </wsp:AppliesTo>
> > > >>         <wsp:Policy>
> > > >>           <wsp:ExactlyOne>
> > > >>             <wsp:All>
> > > >>               <wsam:Addressing xmlns:wsam="
> > > >> http://www.w3.org/2007/02/addressing/metadata">
> > > >>                 <wsp:Policy/>
> > > >>               </wsam:Addressing>
> > > >>             </wsp:All>
> > > >>           </wsp:ExactlyOne>
> > > >>         </wsp:Policy>
> > > >>     </wsp:PolicyAttachment>
> > > >> </attachments>
> > > >>
> > > >> I propose that you look into working policy attachments CXF
> > > >> system tests and find the difference with your code.
> > > >> If that doesn't help, please create a small distilled sample with
> > > >> simple policy (for example WS-Addressing) to illustrate your
> > > >> problem, I will look into it.
> > > >>
> > > >> Regards,
> > > >> Andrei.
> > > >>
> > > >> > -----Original Message-----
> > > >> > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > >> > Sent: Mittwoch, 2. Juli 2014 15:25
> > > >> > To: users@cxf.apache.org
> > > >> > Subject: Re: policy attachment
> > > >> >
> > > >> > Thats part of the problem Andrei. I have followed the examples
> > > >> > and its
> > > >> just not
> > > >> > working for me. Can you take a look at my policy file and wsdl
> > > >> > and see
> > > >> if
> > > >> > anything obvious sticks out as wrong?
> > > >> >
> > > >> > https://github.com/MacFlecknoe/service-repository-
> > > >> > sample/blob/master/schema/src/main/resources/policy/authenticat
> > > >> > ion-
> > > >> > policy.xml
> > > >> > https://github.com/MacFlecknoe/service-repository-
> > > >> > sample/blob/master/schema/src/main/resources/service/user-soap-
> > > >> > v1.w
> > > >> > sdl
> > > >> >
> > > >> > Here is how I have it configured:
> > > >> > https://github.com/MacFlecknoe/service-repository-
> > > >> > sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.x
> > > >> > ml
> > > >> >
> > > >> > It only works when I embed the policy in the wsdl file itself.
> > > >> > The
> > > >> external
> > > >> > attachment file loads but doesnt trigger the ws-security policy
> > > >> > to
> > fire.
> > > >> >
> > > >> > -Mike
> > > >> >
> > > >> >
> > > >> > On Wed, Jul 2, 2014 at 8:27 AM, Andrei Shakirin
> > > >> > <ashakirin@talend.com>
> > > >> > wrote:
> > > >> >
> > > >> > > Hi,
> > > >> > >
> > > >> > > > -----Original Message-----
> > > >> > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > >> > > > Sent: Mittwoch, 2. Juli 2014 14:05
> > > >> > > > To: users@cxf.apache.org
> > > >> > > > Subject: RE: policy attachment
> > > >> > > >
> > > >> > > > Thanks Andrei! That helps a lot... I'll try your suggestion
> > > >> > > > and let you
> > > >> > > know how it
> > > >> > > > goes.
> > > >> > > >
> > > >> > >
> > > >> > > OK.
> > > >> > >
> > > >> > > > Any insight as to why I can't get end point references
to work?
> > > >> > > > Is there
> > > >> > > a trick to
> > > >> > > > configuring it? I followed the example on the samples
but
> > > >> > > > can't seem to
> > > >> > > get it
> > > >> > > > to work with my wsdl. Does the end point need to match
what
> > > >> > > > is in the
> > > >> > > wsdl or
> > > >> > > > what cxf generates the address to be when it starts?
Any
> > > >> > > > documentation surrounding this?
> > > >> > >
> > > >> > > This construction should work by default, if endpoint address
> > > >> > > matches to your service:
> > > >> > >
> > > >> > > <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > xmlns:wsa="
> > > >> > > http://www.w3.org/2005/08/addressing">
> > > >> > >     <wsp:PolicyAttachment>
> > > >> > >         <wsp:AppliesTo>
> > > >> > >             <wsa:EndpointReference>
> > > >> > >
> > > >> > > <wsa:Address>http://localhost:9020/SoapContext/GreeterPort
> > > >> > > </wsa:Address>
> > > >> > >             </wsa:EndpointReference>
> > > >> > >         </wsp:AppliesTo>
> > > >> > >         <wsp:Policy>
> > > >> > >           <wsp:ExactlyOne>
> > > >> > >             <wsp:All>
> > > >> > >               <wsam:Addressing xmlns:wsam="
> > > >> > > http://www.w3.org/2007/02/addressing/metadata">
> > > >> > >                 <wsp:Policy/>
> > > >> > >               </wsam:Addressing>
> > > >> > >             </wsp:All>
> > > >> > >           </wsp:ExactlyOne>
> > > >> > >         </wsp:Policy>
> > > >> > >     </wsp:PolicyAttachment>
> > > >> > > </attachments>
> > > >> > >
> > > >> > > For details, look into addr-external.xml and
> > > >> > > AddressingPolicyTest.java in
> > > >> > > systests/ws-specs:
> > > >> > >
> > > >> > >
> > > >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systes
> > > >> ts/w
> > > >> s
> > > >> > > -specs/src/test/java/org/apache/cxf/systest/ws/policy;h=5e632
> > > >> > > 3442 952eb 619300582a2ced25cf861f6118;hb=HEAD
> > > >> > >
> > > >> > > Regards,
> > > >> > > Andrei.
> > > >> > >
> > > >> > >
> > > >> > > >
> > > >> > > > Thanks much!
> > > >> > > > On Jul 2, 2014 3:19 AM, "Andrei Shakirin"
> > > >> > > > <ashakirin@talend.com>
> > > >> wrote:
> > > >> > > >
> > > >> > > > > Hi,
> > > >> > > > >
> > > >> > > > > If you use CXF >= 3.0.0, 2.7.12, you should
register
> > > >> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExp
> > > >> > > > > ress
> > > >> > > > > ionBu
> > > >> > > > > ilde
> > > >> > > > > r as bus extension.
> > > >> > > > > It supports all policy attachment URL syntaxes
(except
> > extension).
> > > >> > > > >
> > > >> > > > > By default CXF registers the
> > > >> > > > > org.apache.cxf.ws.policy.attachment.external.EndpointRefe
> > > >> > > > > renc eDoma inEx pressionBuilder supporting only
> > > >> > > > > wsa:EndpointReference.
> > > >> > > > >
> > > >> > > > > See https://issues.apache.org/jira/browse/CXF-5685
for
> > details.
> > > >> > > > >
> > > >> > > > > Either add following string into
> > META-INF/cxf/bus-extensions.txt:
> > > >> > > > >
> > > >> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExp
> > > >> > > > > ress ionBu ilde r::true or add bean in Spring/Blueprint
> > > >> > > > > context with URIDomainExpressionBuilder type.
> > > >> > > > >
> > > >> > > > > System test registering URIDomainExpressionBuilder:
> > > >> > > > >
> > > >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systes
> > > >> t
> > > >> > > > > s/ws
> > > >> > > > > -specs/src/test/java/org/apache/cxf/systest/ws/policy/Add
> > > >> > > > > ress
> > > >> > > > > ingPo
> > > >> > > > > licy
> > > >> > > > >
> > > >> > > >
> > > >> >
> > > ExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0
> > > >> > c
> > > >> > > > 00
> > > >> > > > > 42b649;hb=HEAD
> > > >> > > > > .
> > > >> > > > >
> > > >> > > > > If you use CXF version < 3.0.0, 2.7.12, just
copy the
> > > >> > > > > classes URIDomainExpressionBuilder.java,
> > > >> > > > > URIDomainExpression.java and register
> URIDomainExpressionBuilder as bus extension.
> > > >> > > > >
> > > >> > > > > Let me know if it works as expected.
> > > >> > > > >
> > > >> > > > > Regards,
> > > >> > > > > Andrei.
> > > >> > > > >
> > > >> > > > > > -----Original Message-----
> > > >> > > > > > From: Lambert, Michael
> > > >> > > > > > [mailto:michael@michaellambert.com]
> > > >> > > > > > Sent: Mittwoch, 2. Juli 2014 08:13
> > > >> > > > > > To: users@cxf.apache.org
> > > >> > > > > > Subject: policy attachment
> > > >> > > > > >
> > > >> > > > > > I feel awful for asking so many questions
but googling
> > > >> > > > > > hasnt been
> > > >> > > > > helpful.
> > > >> > > > > >
> > > >> > > > > > I am attempting to attach an external security
policy
> > > >> > > > > > to an endpoint
> > > >> > > > > with no
> > > >> > > > > > success. When I attempt to use a wsp:UI in
the
> > > >> > > > > > AppliesTo element cxf
> > > >> > > > > blows up.
> > > >> > > > > > Here is the contents of the file:
> > > >> > > > > >
> > > >> > > > > > ----
> > > >> > > > > > <?xml version="1.0" encoding="UTF-8" ?>
<attachments
> > > >> > > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > > >> > > > > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > > >> > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securit
> > > >> > > > > > ypol
> > > >> > > > > > icy
> > > >> ">
> > > >> > > > > > <wsp:PolicyAttachment>
> > > >> > > > > > <wsp:AppliesTo>
> > > >> > > > > > <wsp:URI>
> > > >> > > > > >
> > > >> > > > >
> > > >> http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.po
> > > >> r
> > > >> > > > > t(Gr
> > > >> > > > > eeterSer
> > > >> > > > > > vice/GreeterPort)
> > > >> > > > > > </wsp:URI>
> > > >> > > > > > </wsp:AppliesTo>
> > > >> > > > > > <wsp:Policy>
> > > >> > > > > > <wsp:ExactlyOne>
> > > >> > > > > > <wsp:All>
> > > >> > > > > > <wsp:Policy>
> > > >> > > > > > <sp:UsernameToken sp:IncludeToken="
> > > >> > > > > >
> > > >> > > > >
> > > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken
> > > >> /
> > > >> > > > > Alwa
> > > >> > > > > ysTo
> > > >> > > > > > Recipient
> > > >> > > > > > ">
> > > >> > > > > > <wsp:Policy>
> > > >> > > > > > <sp:WssUsernameToken10 /> </wsp:Policy>
> > > >> > > > > > </sp:UsernameToken> </wsp:Policy>
</wsp:All>
> > > >> > > > > > </wsp:ExactlyOne> </wsp:Policy>
</wsp:PolicyAttachment>
> > > >> > > > > > </attachments>
> > > >> > > > > >
> > > >> > > > > > ----
> > > >> > > > > > And here is the error:
> > > >> > > > > > ----
> > > >> > > > > > Caused by: javax.xml.ws.WebServiceException:
> > > >> > > > > > org.apache.cxf.ws.policy.PolicyException:
> > > >> > > > > > NO_DOMAINEXPRESSIONBUILDER_EXC
> > > >> > > > > > ----
> > > >> > > > > > It appears that the wsp:URI element passed
into
> > > >> > > > > > DomainExpressionBuilderRegistry.build(Element
element)
> > > >> > > > > > has null contents
> > > >> > > > > for
> > > >> > > > > > a reason that I cannot figure out. I have
tried
> > > >> > > > > > different syntaxes and
> > > >> > > > > URLs to try
> > > >> > > > > > to get it to work and its always null.
> > > >> > > > > >
> > > >> > > > > > Putting an EndpointReference in the AppliesTo
element
> > > >> > > > > > doesnt
> > > >> error:
> > > >> > > > > >
> > > >> > > > > > <wsa:EndpointReference><wsa:Address>http://localhost:80
> > > >> > > > > > 80/u
> > > >> > > > > > ser- service/userService</wsa:Address>
> > > >> > > > > >               </wsa:EndpointReference>
> > > >> > > > > >
> > > >> > > > > > But it doesnt work either. It never seems
to intercept
> > > >> > > > > > calls to the
> > > >> > > > > service hosted
> > > >> > > > > > at the configured URL. The ONLY way I have
able to get
> > > >> > > > > > it to work is by embedding the policy in
the wsdl. I
> > > >> > > > > > dont want to do that however as I
> > > >> > > > > want a
> > > >> > > > > > mediator to handle the policy and would like
the
> > > >> > > > > > contract policies to
> > > >> > > > > configured
> > > >> > > > > > differently in different environments.
> > > >> > > > > >
> > > >> > > > > >
> > > >> > > > > > Any help would be appreciated. I am tearing
my hair out
> > > >> > > > > > over this. I
> > > >> > > > > cant be the
> > > >> > > > > > only one attempting to do this.
> > > >> > > > > >
> > > >> > > > > > The code is on github:
> > > >> > > > > >
> > > >> > > > > > https://github.com/MacFlecknoe/service-repository-
> > > >> > > > > > sample/blob/master/schema/src/main/resources/policy/aut
> > > >> > > > > > hent
> > > >> > > > > > icati
> > > >> > > > > > on-
> > > >> > > > > > policy.xml
> > > >> > > > > >
> > > >> > > > > > Thanks.
> > > >> > > > > >
> > > >> > > > > > Mike
> > > >> > > > >
> > > >> > >
> > > >>
> > > >
> > > >
> >
Mime
View raw message