[jira] [Assigned] (CXF-5335) Incorrect handle of ws-policy 1.1 (Incorrect inclusion value: null)

[Colm O hEigeartaigh (JIRA)]

     [ 
https://issues.apache.org/jira/browse/CXF-5335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh reassigned CXF-5335:
----------------------------------------

    Assignee: Colm O hEigeartaigh

> Incorrect handle of ws-policy 1.1 (Incorrect inclusion value: null)
> -------------------------------------------------------------------
>
>                 Key: CXF-5335
>                 URL: https://issues.apache.org/jira/browse/CXF-5335
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.7.6
>            Reporter: Kirill Sokolov
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.7.8, 2.6.11
>
>
> I created of JAX-WS client for working with "third-party" web service.
> Web service provides the WSDL with ws-policy settings:
> {code:xml}
> <sp:AsymmetricBinding
>       xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>       <wsp:Policy>
>               <sp:InitiatorToken>
>                       <wsp:Policy>
>                               <sp:X509Token
>                                       
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
>                                       <wsp:Policy>
>                                               <sp:WssX509V3Token10 />
>                                       </wsp:Policy>
>                               </sp:X509Token>
>                       </wsp:Policy>
>               </sp:InitiatorToken>
>               <sp:RecipientToken>
>                       <wsp:Policy>
>                               <sp:X509Token
>                                       
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator";>
>                                       <wsp:Policy>
>                                               <sp:WssX509V3Token10 />
>                                       </wsp:Policy>
>                               </sp:X509Token>
>                       </wsp:Policy>
>               </sp:RecipientToken>
>               <sp:AlgorithmSuite>
> {code}
> During of the client execution I got next exception:
> {code:java}
> org.apache.cxf.binding.soap.SoapFault: Incorrect inclusion value: null
> Caused by: java.lang.RuntimeException: Incorrect inclusion value: null
>       at 
> org.apache.cxf.ws.security.policy.model.Token.setInclusion(Token.java:70)
>       at 
> org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:69)
>       at 
> org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:40)
>       at 
> org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
>       at 
> org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
>       at 
> org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
>       at 
> org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
>       at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
> . . .
> {code}
> After examining the documentation for WS-Policy specification v.1.1, I found 
> a difference in the list of X.509 token inclusions. Specification Errata 
> contains token inclusion as in WSDL: <...>/AlwaysToInitiator. "Base" 
> specification is not contains of that inclusion.
> CXF implementation of ws-policy 1.1 is not contains the constant for "Errata" 
> version of the specification (i.e. not contains constant for 
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator)
>  and as result the code throw RuntimeException.
> In runtime after executing the method from class 
> org.apache.cxf.ws.security.policy.SP11Constants:
> {code:java}
> public IncludeTokenType getInclusionFromAttributeValue(String value) {
>    
>         if (INCLUDE_ALWAYS.equals(value)) {
>             return IncludeTokenType.INCLUDE_TOKEN_ALWAYS;
>         } else if (INCLUDE_ALWAYS_TO_RECIPIENT.equals(value)) {
>             return IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT;
>         } else if (INCLUDE_NEVER.equals(value)) {
>             return IncludeTokenType.INCLUDE_TOKEN_NEVER;
>         } else if (INCLUDE_ONCE.equals(value)) {
>             return IncludeTokenType.INCLUDE_TOKEN_ONCE;
>         }
>         return StringUtils.isEmpty(value) ? 
> IncludeTokenType.INCLUDE_TOKEN_ALWAYS : null;
>     }
> {code}
> return result is NULL and next code from class 
> org.apache.cxf.ws.security.policy.model.Token:
> {code:java}
> public void setInclusion(IncludeTokenType inclusion) {
>         if (IncludeTokenType.INCLUDE_TOKEN_ALWAYS == inclusion
>             || IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == inclusion
>             || IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR == inclusion
>             || IncludeTokenType.INCLUDE_TOKEN_NEVER == inclusion 
>             || IncludeTokenType.INCLUDE_TOKEN_ONCE == inclusion) {
>             this.inclusion = inclusion;
>         } else {
>             // TODO replace this with a proper (WSSPolicyException) exception
>             throw new RuntimeException("Incorrect inclusion value: " + 
> inclusion);
>         }
>     }
> {code}
> throws of RuntimeException...
> Please help me solve this problem!



--
This message was sent by Atlassian JIRA
(v6.1#6144)