Kirill Sokolov created CXF-5335:
-----------------------------------
Summary: Incorrect handle of ws-policy 1.1 (Incorrect inclusion
value: null)
Key: CXF-5335
URL: https://issues.apache.org/jira/browse/CXF-5335
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 2.7.6
Reporter: Kirill Sokolov
I created of JAX-WS client for working with "third-party" web service.
Web service provides the WSDL with ws-policy settings:
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
During of the client execution I got next exception:
org.apache.cxf.binding.soap.SoapFault: Incorrect inclusion value: null
Caused by: java.lang.RuntimeException: Incorrect inclusion value: null
at
org.apache.cxf.ws.security.policy.model.Token.setInclusion(Token.java:70)
at
org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:69)
at
org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:40)
at
org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
at
org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
at
org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
. . .
After examining the documentation for WS-Policy specification v.1.1, I found a
difference in the list of X.509 token inclusions. Specification Errata contains
token inclusion as in WSDL: <...>/AlwaysToInitiator. "Base" specification is
not contains of that inclusion.
CXF implementation of ws-policy 1.1 is not contains the constant for "Errata"
version of the specification (i.e. not contains constant for
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator)
and as result the code throw RuntimeException.
In runtime after executing the method from class
org.apache.cxf.ws.security.policy.SP11Constants:
public IncludeTokenType getInclusionFromAttributeValue(String value) {
if (INCLUDE_ALWAYS.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_ALWAYS;
} else if (INCLUDE_ALWAYS_TO_RECIPIENT.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT;
} else if (INCLUDE_NEVER.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_NEVER;
} else if (INCLUDE_ONCE.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_ONCE;
}
return StringUtils.isEmpty(value) ?
IncludeTokenType.INCLUDE_TOKEN_ALWAYS : null;
}
return result is NULL and next code from class
org.apache.cxf.ws.security.policy.model.Token:
public void setInclusion(IncludeTokenType inclusion) {
if (IncludeTokenType.INCLUDE_TOKEN_ALWAYS == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_NEVER == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_ONCE == inclusion) {
this.inclusion = inclusion;
} else {
// TODO replace this with a proper (WSSPolicyException) exception
throw new RuntimeException("Incorrect inclusion value: " +
inclusion);
}
}
throws of RuntimeException...
Please help me solve this problem!
--
This message was sent by Atlassian JIRA
(v6.1#6144)
