cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pat7 <pat.pichle...@gmail.com>
Subject These policy alternatives can not be satisfied:
Date Mon, 14 Aug 2017 11:15:52 GMT
Hi,
I implemented a STS with CXF 3.1.7 in a JAVA spring boot configuration for
the BiPRO norm. I tested the STS with SoapUI and issuing a security context
token worked well.
Now I implement a second service, which should work with the implemented
STS, however I receive several errors if I call the second service with
SoapUI.

Here is my *STS config* in spring boot:

@Bean
    public ServletRegistrationBean dispatcherServlet() {
ServletRegistrationBean servletRegistrationBean = new
ServletRegistrationBean(new CXFServlet());
      		servletRegistrationBean.addUrlMappings("/*");
		return servletRegistrationBean;
    }
	
    @Bean(name = Bus.DEFAULT_BUS_ID)
    public SpringBus springBus() {
        return new SpringBus();
    }    
	        
	
	@Bean
	public StaxTransformFeature transformFeature(){
		StaxTransformFeature staxTransformFeature = new StaxTransformFeature();
		Map<String,String> inAppendElements = new HashMap<String,String>();
		Map<String,String> inTransformElements = new HashMap<String,String>();
		
	
inAppendElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestType",
"{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestType=http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue");
			
inTransformElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityToken",
"{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken");
	
inTransformElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestType",
"{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestType");
	
inTransformElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}TokenType",
"{http://docs.oasis-open.org/ws-sx/ws-trust/200512}TokenType");
			
		staxTransformFeature.setInAppendElements(inAppendElements);
		staxTransformFeature.setInTransformElements(inTransformElements);
		return staxTransformFeature;
	}
	
	@Bean
	public SecurityTokenServiceProvider mySTSProviderBean(){
		try {
SecurityTokenServiceProvider securityTokenServiceProvider = new
SecurityTokenServiceProvider();
		
securityTokenServiceProvider.setIssueSingleOperation(transprotIssueDelegate());	
securityTokenServiceProvider.setValidateOperation(transportValidateDelegate());
	securityTokenServiceProvider.setCancelOperation(transportCancelDelegate());
	return securityTokenServiceProvider;
		} catch (Exception e) {
			e.printStackTrace();
		}
		
		return null;
	}
	
	@Bean 
	public TokenIssueOperation transprotIssueDelegate(){
		TokenIssueOperation tokenIssueOperation = new TokenIssueOperation();
		tokenIssueOperation.setTokenProviders(transportTokenProviders());
		tokenIssueOperation.setServices(transportServices());
		tokenIssueOperation.setStsProperties(transportSTSProperties());
		tokenIssueOperation.setTokenStore(defaulttokenStore());
		tokenIssueOperation.setReturnReferences(false);
		return tokenIssueOperation;
	}
	@Bean
	public TokenValidateOperation transportValidateDelegate(){
		TokenValidateOperation tokenValidateOperation = new
TokenValidateOperation();
		tokenValidateOperation.setTokenProviders(transportTokenProviders());  
		tokenValidateOperation.setTokenValidators(transportTokenValidators());
		tokenValidateOperation.setStsProperties(transportSTSProperties());
		tokenValidateOperation.setTokenStore(defaulttokenStore());
		return tokenValidateOperation;
	}
	@Bean
	public TokenCancelOperation transportCancelDelegate(){
		TokenCancelOperation tokenCancelOperation = new TokenCancelOperation();
		tokenCancelOperation.setTokenCancellers(transportTokenCancellers());
		tokenCancelOperation.setStsProperties(transportSTSProperties());
		tokenCancelOperation.setTokenStore(defaulttokenStore());
		return tokenCancelOperation;
	}
	
	@Bean
	public BiPROTokenProvider  transportSCTProvider(){ //SCTProvider
		BiPROTokenProvider biprotokenprovider = new BiPROTokenProvider();
		biprotokenprovider.setReturnEntropy(false);
		return biprotokenprovider;
	}
	@Bean
	public SCTValidator transportSCTValidator(){
		return new SCTValidator();
	}
	@Bean
	public SCTCanceller transportSCTCanceller(){
		return new SCTCanceller();
	}
	@Bean
	public StaticService transportService(){
		StaticService staticservice = new StaticService();
		staticservice.setEndpoints(transportEndpoints());
		return staticservice;
	}
	
	@Bean
	public DefaultInMemoryTokenStore defaulttokenStore(){
		DefaultInMemoryTokenStore tokenstore = new DefaultInMemoryTokenStore();
		tokenstore.setTTL(1800);
		return tokenstore;
	}
	@Bean
	public EncryptionProperties encProperties(){
		EncryptionProperties encryptionproperties = new EncryptionProperties();
encryptionproperties.setEncryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
		return encryptionproperties;
	}
	@Bean
	public StaticSTSProperties transportSTSProperties(){
		StaticSTSProperties staticSTSproperties = new StaticSTSProperties();

staticSTSproperties.setCallbackHandlerClass("com.test.endpoint.STSCallbackHandler");
		return staticSTSproperties;
	}
	
	@Bean
	public SCTInInterceptor sctinterceptor(){
		return new SCTInInterceptor();
	}
	@Bean
	public SCTOutInterceptor sctOutInterceptor(){
		return new SCTOutInterceptor();
	}
	 
	@Bean 
	public List<TokenProvider> transportTokenProviders(){
		List<TokenProvider> tokenProviderList= new ArrayList<TokenProvider>();
		tokenProviderList.add(transportSCTProvider());
		return tokenProviderList;	   
	}
	@Bean 
	public List<TokenValidator> transportTokenValidators(){
		List<TokenValidator> tokenValidator= new ArrayList<TokenValidator>();
		tokenValidator.add(transportSCTValidator());
		return tokenValidator;	   
	}
	@Bean 
	public List<TokenCanceller> transportTokenCancellers(){
		List<TokenCanceller> tokenCanceller= new ArrayList<TokenCanceller>();
		tokenCanceller.add(transportSCTCanceller());
		return tokenCanceller;	   
	}
	@Bean
	public List<String> transportEndpoints(){
		List<String> transportendpoints = new ArrayList<String>();
	
transportendpoints.add("https://localhost:8443/TransferService-2.6.0.1.0");
		return transportendpoints;
	}
	@Bean
	public List<ServiceMBean> transportServices(){
		List<ServiceMBean> serviceMBean = new ArrayList<ServiceMBean>();
		serviceMBean.add(transportService());
		return serviceMBean;
	}
	/*
	 * endpoint STS
	 * */
	@Bean
    public SecurityTokenService26010 securityTokenService26010(){
    	return new SecurityTokenService26010();
    }
	@Bean
	public Endpoint endpoint() throws Exception{
		//Object implementor = new  SecurityTokenServiceProvider();
		EndpointImpl endpoint = new EndpointImpl(springBus(),mySTSProviderBean());
		
		endpoint.setServiceName(securityTokenService26010().getServiceName());
endpoint.setWsdlLocation(securityTokenService26010().getWSDLDocumentLocation().toString());
 
	    endpoint.publish("/SecurityTokenService-2.6.0.1.0");
		
	    endpoint.getInInterceptors().add(sctinterceptor());
	    endpoint.getOutInterceptors().add(sctOutInterceptor());
	    
	    
	    Map<String, Object> inProps = new HashMap<>();
	    inProps.put("ws-security.callback-handler",
STSCallbackHandler.class.getName());
        inProps.put("org.apache.cxf.ws.security.tokenstore.TokenStore",
defaulttokenStore());
	    endpoint.setProperties(inProps);
	    
	    endpoint.getFeatures().add(transformFeature());
		
		return endpoint;
	}
	/*
	 * endpoint Transferservice
	 * */
	@Bean
    public TransferServicePortType transferServicePortType(){
    	return new TransferServiceEndpoint();
    }
    
    @Bean
    public TransferService26010 transferService26010(){
    	return new TransferService26010();
    }
	
	@Bean
	public Endpoint transferendpoint(){
		EndpointImpl transferendpoint = new
EndpointImpl(springBus(),transferServicePortType());

		transferendpoint.setServiceName(transferService26010().getServiceName());
        
transferendpoint.setWsdlLocation(transferService26010().getWSDLDocumentLocation().toString());
 
		transferendpoint.publish("/TransferService-2.6.0.1.0");
		transferendpoint.getInInterceptors().add(sctinterceptor());
		transferendpoint.getOutInterceptors().add(sctOutInterceptor());
		
		
		Map<String, Object> inProps = new HashMap<>();
		inProps.put("mtom-enabled", true);
		
		transferendpoint.setProperties(inProps);
		
		return transferendpoint;
	}
*End STS config*

This is the request in SoapUI, which is sent to the second service:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:tran="http://www.bipro.net/namespace/transfer"
xmlns:bas="http://www.bipro.net/namespace/basis"
xmlns:nac="http://www.bipro.net/namespace/nachrichten"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   <soapenv:Header>
   	<wsse:Security>
		<wsc:SecurityContextToken
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc">
		
<wsc:Identifier>bipro:880fa760-5e59-41aa-b883-fbfa89b1c136</wsc:Identifier>
		</wsc:SecurityContextToken>
	</wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <tran:listShipments>
         <tran:Request>
            <nac:BiPROVersion>2.0.6.1.0</nac:BiPROVersion>
            <nac:ConsumerID>VR-12345</nac:ConsumerID>
            <tran:KategorieDerLieferung>170</tran:KategorieDerLieferung>
            <tran:BestaetigeLieferungen>false</tran:BestaetigeLieferungen>
         </tran:Request>
      </tran:listShipments>
   </soapenv:Body>
</soapenv:Envelope>

And here is the policy definition in the wsdl from the second service:

<wsp:Policy wsu:Id="AuthSecurityPolicy"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:SymmetricBinding>
                    <wsp:Policy>
                        <sp:ProtectionToken>
                            <wsp:Policy>
                                <sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                                    <wsp:Policy>
                                        <sp:RequireDerivedKeys/>
                                        <sp:BootstrapPolicy>
                                            <wsp:Policy>
                                                <sp:AsymmetricBinding>
                                                    <wsp:Policy>
							<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
								<wsp:Policy>
									<sp:WssUsernameToken11/>
								</wsp:Policy>
							</sp:UsernameToken>
                                                        <sp:AlgorithmSuite>
                                                            <wsp:Policy>
                                                            <sp:Basic128/>
                                                            </wsp:Policy>
                                                        </sp:AlgorithmSuite>
                                                        <sp:Layout>
                                                            <wsp:Policy>
                                                            <sp:Strict/>
                                                            </wsp:Policy>
                                                        </sp:Layout>
                                                    </wsp:Policy>
                                                </sp:AsymmetricBinding>
                                                <sp:Wss10>
                                                    <wsp:Policy>
								<sp:MustSupportIssuedTokens/>
                                                    </wsp:Policy>
                                                </sp:Wss10>
                                            </wsp:Policy>
                                        </sp:BootstrapPolicy>
                                    </wsp:Policy>
                                </sp:SecureConversationToken>
                            </wsp:Policy>
                        </sp:ProtectionToken>
                        <sp:AlgorithmSuite>
                            <wsp:Policy>
                                <sp:Basic128/>
                            </wsp:Policy>
                        </sp:AlgorithmSuite>
                        <sp:Layout>
                            <wsp:Policy>
                                <sp:Strict/>
                            </wsp:Policy>
                        </sp:Layout>
                    </wsp:Policy>
                </sp:SymmetricBinding>
                <sp:Trust13>
                    <wsp:Policy>
				<sp:MustSupportIssuedTokens/>
                    </wsp:Policy>
                </sp:Trust13>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>

*End policy*

I read a lot in older forum posts to get working my second service with the
STS, but nothing worked. Here are the errors if I call the second service
with the above SoapUI request:
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not
be satisfied: 
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SecureConversationToken:
No SecureConversation token found in message.
{http://www.w3.org/2007/08/soap12-mtom-policy}MTOM

Does anybody know why I am getting these errors? Maybe I forget something in
my configuration? Thx in advance.
Regards,
Patrick




--
View this message in context: http://cxf.547215.n5.nabble.com/These-policy-alternatives-can-not-be-satisfied-tp5782647.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message