[jira] Commented: (CXF-3037) Policy references embedded in policy are not processed

[Dennis Sosnoski (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CXF-3037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12919471#action_12919471
 ] 

Dennis Sosnoski commented on CXF-3037:
--------------------------------------

Did you also include these changes in the 2.3.0 code? I've tried this, using 
the 2.3.0 distribution build (not yet released), and still have the same NPE 
(though in a different place, which may be because I'm using a different policy 
sample:

     [java]     at 
org.apache.neethi.AbstractPolicyOperator.normalizeOperator(AbstractPolicyOperator.java:116)
     [java]     at 
org.apache.neethi.AbstractPolicyOperator.normalize(AbstractPolicyOperator.java:73)
     [java]     at org.apache.neethi.Policy.normalize(Policy.java:64)
     [java]     at org.apache.neethi.Policy.normalize(Policy.java:49)
     [java]     at 
org.apache.cxf.ws.security.policy.builders.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:66)
...

Here are the relevant portions of this policy:
  
  <!-- Initiator token policy. -->
  <wsp:Policy wsu:Id="InitiatorToken" xmlns:wsu=
      
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
      xmlns:wsp="http://www.w3.org/ns/ws-policy";
      xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
    <sp:InitiatorToken>
      <wsp:Policy>
        <sp:X509Token 
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
          <wsp:Policy>
            <sp:RequireThumbprintReference/>
          </wsp:Policy>
        </sp:X509Token>
      </wsp:Policy>
    </sp:InitiatorToken>
  </wsp:Policy>
  
  <!-- Recipient token policy. -->
  <wsp:Policy wsu:Id="RecipientToken" xmlns:wsu=
      
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
      xmlns:wsp="http://www.w3.org/ns/ws-policy";
      xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
    <sp:RecipientToken>
      <wsp:Policy>
        <sp:X509Token 
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
          <wsp:Policy>
            <sp:RequireThumbprintReference/>
          </wsp:Policy>
        </sp:X509Token>
      </wsp:Policy>
    </sp:RecipientToken>
  </wsp:Policy>
  
  <!-- Policy for asymmetric binding with the certificate included in the 
message from
   client to server but only a thumbprint on messages from the server to the 
client. -->
  <wsp:Policy wsu:Id="AsymmBinding" xmlns:wsu=
      
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
      xmlns:wsp="http://www.w3.org/ns/ws-policy";
      xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
    <sp:AsymmetricBinding>
      <wsp:Policy>
        <wsp:PolicyReference URI="#InitiatorToken"/>
        <wsp:PolicyReference URI="#RecipientToken"/>
        <sp:AlgorithmSuite>
          <wsp:Policy>
            <sp:Basic128Rsa15/>
          </wsp:Policy>
        </sp:AlgorithmSuite>
      </wsp:Policy>
    </sp:AsymmetricBinding>
  </wsp:Policy>


> Policy references embedded in policy are not processed
> ------------------------------------------------------
>
>                 Key: CXF-3037
>                 URL: https://issues.apache.org/jira/browse/CXF-3037
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.10
>            Reporter: Dennis Sosnoski
>            Assignee: Daniel Kulp
>             Fix For: 2.2.11
>
>
> WS-Policy allows <wsp:PolicyReference> to be embedded within policy 
> documents, but CXF does not handle these references. Here's an example:
>   
>   <!-- Policy for symmetric binding, using an ephemeral key generated by the 
> client and
>    sent to the server as part of the request, using asymmetric encryption 
> with the server
>    public key to secure the symmetric key. -->
>   <wsp:Policy wsu:Id="SymmBinding"
>       
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
>       xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";
>       xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
>     <sp:SymmetricBinding>
>       <wsp:Policy>
>         <sp:ProtectionToken>
>           <wsp:Policy>
>             <sp:X509Token 
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
>               <wsp:Policy>
>                 <sp:RequireDerivedKeys/>
>                 <sp:RequireThumbprintReference/>
>                 <sp:WssX509V3Token10/>
>               </wsp:Policy>
>             </sp:X509Token>
>           </wsp:Policy>
>         </sp:ProtectionToken>
>         <sp:AlgorithmSuite>
>           <wsp:Policy>
>             <sp:Basic128Rsa15/>
>           </wsp:Policy>
>         </sp:AlgorithmSuite>
>         <sp:OnlySignEntireHeadersAndBody/>
>       </wsp:Policy>
>     </sp:SymmetricBinding>
>   </wsp:Policy>
>   
>   <!-- Policy for symmetric binding, using an ephemeral key generated by the 
> client and
>    sent to the server as part of the request, using asymmetric encryption 
> with the server
>    public key to secure the symmetric key. -->
>   <wsp:Policy wsu:Id="SymmEncr"
>       
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
>       xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";
>       xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
>     <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"; 
> URI="#SymmBinding"/>
>     <sp:Wss11>
>       <wsp:Policy>
>         <sp:MustSupportRefKeyIdentifier/>
>         <sp:MustSupportRefThumbprint/>
>         <sp:MustSupportRefEncryptedKey/>
>       </wsp:Policy>
>     </sp:Wss11>
>   </wsp:Policy>
> When trying to use this policy on the client it causes an NPE inside Neethi:
>      [java] WARNING: Interceptor for 
> {http://ws.sosnoski.com/library/wsdl}CXFLibrary#{http://ws.sosnoski.com/library/wsdl}getBook
>  has thrown exception, unwinding now
>      [java] java.lang.NullPointerException
>      [java]     at 
> org.apache.neethi.AbstractPolicyOperator.normalizeOperator(AbstractPolicyOperator.java:116)
>      [java]     at 
> org.apache.neethi.AbstractPolicyOperator.normalize(AbstractPolicyOperator.java:73)
>      [java]     at org.apache.neethi.Policy.normalize(Policy.java:64)
>      [java]     at org.apache.neethi.Policy.normalize(Policy.java:49)
>      [java]     at 
> org.apache.cxf.ws.policy.EffectivePolicyImpl.initialisePolicy(EffectivePolicyImpl.java:134)
>      [java]     at 
> org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(EffectivePolicyImpl.java:86)
>      [java]     at 
> org.apache.cxf.ws.policy.PolicyEngineImpl.getEffectiveClientRequestPolicy(PolicyEngineImpl.java:155)
>      [java]     at 
> org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(PolicyOutInterceptor.java:110)
> The problem here is that CXF passes a null for the policy context when 
> calling the Policy.normalize() method. Just passing the context should be 
> enough to make this work.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.