Hi all, I have applied two different security policies to in and out messages of a service operation using policy attachments.
When I deployed the service in Axis2 with the policies included in the services.xml as shown in [2], I get the following exception [1], at service deployment time and the service is shown as a faulty service. (axis2 and rampart built from trunk) When I deployed the same service in another application server, I didn't encounter this error and I was able to access the policy engaged wsdl without a problem. Could I please get some insight whether this may be due to anything wrong with the security policy or could it be due to some other reason... Thanks in advance. Hasini. [1] org.apache.axis2.deployment.DeploymentException: { http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a <wsp:Policy> element. at org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:150) at org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:82) ............. [ERROR] The sample09.aar service, which is not valid, caused { http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a <wsp:Policy> element. org.apache.axis2.deployment.DeploymentException: { http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a <wsp:Policy> element. at org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:150) ............. Caused by: java.lang.IllegalArgumentException: { http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a <wsp:Policy> element. at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:177) at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:125) ............. [2] <service> <operation name="echo"> <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> </operation> <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample09.SimpleService</parameter> <module ref="rampart"/> <module ref="addressing"/> <wsp:PolicyAttachment xmlns:wsp=" http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:AppliesTo> <policy-subject identifier="binding:soap11/operation:echo/in"/> <policy-subject identifier="binding:soap12/operation:echo/in"/> </wsp:AppliesTo> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="EncryptOnly"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> </wsp:Policy> </sp:SymmetricBinding> <sp:EncryptedParts xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:EncryptedParts> <sp:Wss11 xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> <sp:MustSupportRefThumbprint/> <sp:RequireSignatureConfirmation/> </sp:Policy> </sp:Wss11> <sp:Trust10 xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> <sp:MustSupportIssuedTokens/> </wsp:Policy> </sp:Trust10> <ramp:RampartConfig xmlns:ramp=" http://ws.apache.org/rampart/policy"> <ramp:user>service</ramp:user> <ramp:encryptionUser>service</ramp:encryptionUser> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler </ramp:passwordCallbackClass> <ramp:encryptionCypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache </ramp:property> </ramp:crypto> </ramp:encryptionCypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </wsp:PolicyAttachment> <wsp:PolicyAttachment xmlns:wsp=" http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:AppliesTo> <policy-subject identifier="binding:soap11/operation:echo/out"/> <policy-subject identifier="binding:soap12/operation:echo/out"/> </wsp:AppliesTo> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="SignOnly"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SignedParts xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <sp:Wss11 xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> <sp:MustSupportRefThumbprint/> <sp:RequireSignatureConfirmation/> </sp:Policy> </sp:Wss11> <sp:Trust10 xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> <sp:MustSupportIssuedTokens/> </wsp:Policy> </sp:Trust10> <ramp:RampartConfig xmlns:ramp=" http://ws.apache.org/rampart/policy"> <ramp:user>service</ramp:user> <ramp:encryptionUser>service</ramp:encryptionUser> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler </ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache </ramp:property> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </wsp:PolicyAttachment> </service>