cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Requirement that "UsernameToken must have an inner wsp:Policy element" not according to specification?
Date Mon, 04 Jan 2016 12:13:37 GMT
Hi Frederik,

It's a bug in WSS4J which I've just fixed:
https://issues.apache.org/jira/browse/WSS-564

WS-SecurityPolicy 1.2 + 1.3 require a policy Element, but 1.1 doesn't.
Until the next WSS4J release, your best bet is just to have an empty policy
Element.

Colm.

On Mon, Jan 4, 2016 at 10:49 AM, Fredrik <fredrik@fredriklindqvist.com>
wrote:

> Short version of the question;
> Should I be able to write a WSDL with a UsernameToken that contains no
> policy tag? The specification says it should be allowed, but I get an
> exception from CXF: "sp:UsernameToken must have an inner wsp:Policy
> element"
>
> Background:
> I'm writing a client to connect to a SOAP webservice using a WSDL first
> approach. For implementation I am using Apache CXF version 3.1.4
>
> When testing I get the following exception:
>
> /12:35:15.492 [main] WARN  o.a.c.w.p.a.w.Wsdl11AttachmentPolicyProvider -
> Failed to build the policy 'UsernameToken':sp:UsernameToken must have an
> inner wsp:Policy element
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> sp:UsernameToken must have an inner wsp:Policy element
>     at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:160)
>     ...
> Caused by: java.lang.IllegalArgumentException: sp:UsernameToken must have
> an
> inner wsp:Policy element
>     at
>
> org.apache.wss4j.policy.builders.UsernameTokenBuilder.build(UsernameTokenBuilder.java:52)
>     at
>
> org.apache.wss4j.policy.builders.UsernameTokenBuilder.build(UsernameTokenBuilder.java:34)
>     at
>
> org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
> /
>
> The relevant part of the WSDL file looks like this:
>
> /<wsp:Policy wsu:Id="UsernameToken">
>     <wsp:ExactlyOne>
>       <wsp:All>
>         <sp:SupportingTokens>
>           <wsp:Policy>
>             <sp:UsernameToken
> sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> "/>
>           </wsp:Policy>
>         </sp:SupportingTokens>
>       </wsp:All>
>     </wsp:ExactlyOne>
> </wsp:Policy>
> /
> The error message indicates that CXF expects a policy tag under
> UsernameToken. And indeed, while researching I came across a comment from
> CXF bug tracker
> <
> https://issues.apache.org/jira/browse/CXF-5132?focusedCommentId=13709887&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13709887
> >
> :
> ------------
> /Yes... Per spec, the <sp:UsernameToken> element MUST contain an internal
> wsp:Policy element. It should look like:
> <sp:UsernameToken
>
> sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
>     <wsp:Policy>
>         <sp:WssUsernameToken11 />
>     </wsp:Policy>
> </sp:UsernameToken>
> /------------
>
> But,  the specification
> <http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf>
> says:
> ------------
> //sp:UsernameToken/wsp:Policy
> This optional element identifies additional requirements for use of the
> sp:UsernameToken assertion.
> /------------
> Note: Optional.
>
> So which one is it? It seems that CXF requires a policy while the
> specification says it is optional. Is there another specification I need to
> look at?
>
> I verified that if I edited the WSDL and removed the reference to the
> policy
> everything worked as expected, so is there another quick workaround?
>
> My guess is that the WSDL file is incorrect and needs a policy element, but
> to have a chance to get this change implemented I need to be able to point
> to a specification where this is mentioned.
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Requirement-that-UsernameToken-must-have-an-inner-wsp-Policy-element-not-according-to-specification-tp5764368.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message