CXF uses wrong policy alternative on response message
-----------------------------------------------------
Key: CXF-3365
URL: https://issues.apache.org/jira/browse/CXF-3365
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 2.3.2
Reporter: Karl Rhenius
CXF uses a wrong policy on outgoing messages, if the wsdl has alternative
policies.
Here is my setup:
Server-policy:
<wsp:ExactlyOne>
<wsp:All>
#1 SecureConversation policy
</wsp:All>
<wsp:All>
#2 nothing special, clients just send an UsernameToken
</wsp:All>
</wsp:ExactlyOne>
Client-policy:
<wsp:ExactlyOne>
<wsp:All>
#1 SecureConversation policy
</wsp:All>
</wsp:ExactlyOne>
The client defines only the SecureConversation policy in it's wsdl.
If I test my service, they communicate like this:
Client > Server: RST/SCT message
Server > Client: answers with a token
Client > Server: calls the webservice with an encrypted soap message
Server > Client: answers the service call with an unencrypted message
(the server took policy #2 for the answer) -> client throws an exception
"These policy alternatives can not be satisfied"
I attached a test project, based on the AC_IPingService from the interop
samples.
You can change the wsdl, which will be used by the server, in
WSSCTest.startServers().
Related to this issue is the following bug:
If the UsernameToken policy is defined before the SecureConversation policy,
the webservice fails on the RST/SCT message. Start the server with
UtSecConvIPingService() to test this.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
