cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Beardsley <>
Subject Struggling with WS-Policy HTTP Basic Authentication
Date Wed, 15 Jun 2016 17:06:09 GMT
I am trying to get a simple SOAP client working based off a WSDL that has various policies

- I do not own the service and have no way to modify it.
- Spring is not involved in anyway and will not be.
- Using jaxws-maven-plugin to generate the proxy code. Version 2.4.1
- Using version 3.1.6 of CXF
- Including the following dependencies: cxf-rt-rs-client, cxf-rt-security, cxf-rt-ws-policy,
cxf-rt-ws-security, cxf-rt-frontend-jaxws, cxf-rt-features-logging

(The JAX-RS client dependency is included because this app will call a REST service after
getting a response from the SOAP service. The JAX-RS stuff is working fine).

The SOAP message generated by CXF appears to be properly formed. I can successfully send the
exact same message to the service endpoint using cURL and get the expected response. I can
see in the logging that CXF is receiving the same response as cURL, but then blowing up on: handle SEVERE: Inbound policy verification
failed: These policy alternatives can not be satisfied: These policy alternatives can not be satisfied:

The response from the SOAP service does not include the Authorization header. Is that why
this is happening? Why does CXF care about authentication on the inbound message? My client
doesn’t have or require authentication… the service does.

Stepping through in the debugger shows that the AssertionInfoMap has ServiceModelPolicyProvider
and Wsdl11AttachmentPolicyProvider instances available, but nothing referring to HTTP Basic
Auth. Am I missing a dependency?

Here is my client code

public static void main(String[] args) {
	// Get a proxy for the SOAP endpoint. This is generated from their WSDL file as part of the
Maven build.
	Zcustomer1 soap = new Zcustomer1();
	ZUDSCUSTOMER1 port = soap.getZcustomer1();
	LoggingInInterceptor logInbound = new LoggingInInterceptor();
	LoggingOutInterceptor logOutbound = new LoggingOutInterceptor();
	Client cxf = ClientProxy.getClient(port);
	// The SOAP service uses HTTP Basic Authentication
	Map<String, Object> requestContext = ((BindingProvider) port).getRequestContext();
	requestContext.put(BindingProvider.USERNAME_PROPERTY, "username");
	requestContext.put(BindingProvider.PASSWORD_PROPERTY, "password");
	// Invoke the SOAP service
	String iKUNNR = "foo";
	KNA1 response = port.zudsCUSTOMER1(iKUNNR);

Here is the WSDL

<?xml version="1.0" encoding="utf-8"?>
<wsdl:definitions targetNamespace="urn:sap-com:document:sap:rfc:functions" 

	<wsp:UsingPolicy wsdl:required="true"/>
	<wsp:Policy wsu:Id="BN__zcustomer1">
				<wsp:All xmlns:wsp="">
					<sp:TransportBinding xmlns:sp="">
		<xsd:schema attributeFormDefault="qualified" targetNamespace="urn:sap-com:document:sap:rfc:functions">
			<xsd:simpleType name="char10">
				<xsd:restriction base="xsd:string">
					<xsd:maxLength value="10"/>
			<xsd:complexType name="KNA1">
					<xsd:element name="KUNNR" type="tns:char10"/>
			<xsd:element name="ZUDS_CUSTOMER1">
						<xsd:element name="I_KUNNR" type="tns:char10"/>
			<xsd:element name="ZUDS_CUSTOMER1Response">
						<xsd:element name="O_KNA1" type="tns:KNA1"/>
	<wsdl:message name="ZUDS_CUSTOMER1">
		<wsdl:part name="parameters" element="tns:ZUDS_CUSTOMER1"/>
	<wsdl:message name="ZUDS_CUSTOMER1Response">
		<wsdl:part name="parameter" element="tns:ZUDS_CUSTOMER1Response"/>
	<wsdl:portType name="ZUDS_CUSTOMER1">
		<wsdl:operation name="ZUDS_CUSTOMER1">
			<wsdl:input message="tns:ZUDS_CUSTOMER1"/>
			<wsdl:output message="tns:ZUDS_CUSTOMER1Response"/>
	<wsdl:binding name="zcustomer1" type="tns:ZUDS_CUSTOMER1">
			<wsp:PolicyReference URI="#BN__zcustomer1"/>
		<soap:binding transport="" style="document"/>
		<wsdl:operation name="ZUDS_CUSTOMER1">
			<soap:operation soapAction="urn:sap-com:document:sap:rfc:functions:ZUDS_CUSTOMER1:ZUDS_CUSTOMER1Request"
				<soap:body use="literal"/>
				<soap:body use="literal"/>
	<wsdl:service name="zcustomer1">
		<wsdl:port name="zcustomer1" binding="tns:zcustomer1">
			<soap:address location=""/>

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message