Hi,
That is because there are two places in the policy where you have used
<sp:Policy>, while it should be <wsp:Policy>. Previous versions of
Axis2 didn't check the namespace and therefore didn't trigger an
exception in this case. All versions of Axis2 based on Neethi 3.0.x
(i.e. Axis2 >= 1.6.1) will reject such an invalid policy.
Andreas
On Sun, Oct 2, 2011 at 15:52, Hasini Gunasinghe <hasi7...@gmail.com> wrote:
> Hi all,
>
> I have applied two different security policies to in and out messages of a
> service operation using policy attachments.
>
> When I deployed the service in Axis2 with the policies included in the
> services.xml as shown in [2], I get the following exception [1], at service
> deployment time and the service is shown as a faulty service. (axis2 and
> rampart built from trunk)
>
> When I deployed the same service in another application server, I didn't
> encounter this error and I was able to access the policy engaged wsdl
> without a problem.
>
> Could I please get some insight whether this may be due to anything wrong
> with the security policy or could it be due to some other reason...
>
> Thanks in advance.
> Hasini.
>
> [1] org.apache.axis2.deployment.DeploymentException:
> {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> <wsp:Policy> element.
> at
> org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:150)
> at
> org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:82)
> .............
> [ERROR] The sample09.aar service, which is not valid, caused
> {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> <wsp:Policy> element.
> org.apache.axis2.deployment.DeploymentException:
> {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> <wsp:Policy> element.
> at
> org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:150)
> .............
> Caused by: java.lang.IllegalArgumentException:
> {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> <wsp:Policy> element.
> at
> org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:177)
> at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:125)
> .............
>
> [2] <service>
> <operation name="echo">
> <messageReceiver
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
> </operation>
> <parameter name="ServiceClass"
> locked="false">org.apache.rampart.samples.policy.sample09.SimpleService</parameter>
>
> <module ref="rampart"/>
> <module ref="addressing"/>
>
> <wsp:PolicyAttachment
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:AppliesTo>
> <policy-subject identifier="binding:soap11/operation:echo/in"/>
> <policy-subject identifier="binding:soap12/operation:echo/in"/>
> </wsp:AppliesTo>
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="EncryptOnly">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> <wsp:Policy>
> <sp:RequireThumbprintReference/>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body/>
> </sp:EncryptedParts>
> <sp:Wss11
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> <sp:MustSupportRefThumbprint/>
> <sp:RequireSignatureConfirmation/>
> </sp:Policy>
> </sp:Wss11>
> <sp:Trust10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> <sp:MustSupportIssuedTokens/>
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy";>
> <ramp:user>service</ramp:user>
> <ramp:encryptionUser>service</ramp:encryptionUser>
>
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
> </ramp:passwordCallbackClass>
>
> <ramp:encryptionCypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">apache
> </ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> </wsp:PolicyAttachment>
> <wsp:PolicyAttachment
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:AppliesTo>
> <policy-subject identifier="binding:soap11/operation:echo/out"/>
> <policy-subject identifier="binding:soap12/operation:echo/out"/>
> </wsp:AppliesTo>
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="SignOnly">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> <wsp:Policy>
> <sp:RequireThumbprintReference/>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body/>
> </sp:SignedParts>
> <sp:Wss11
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> <sp:MustSupportRefThumbprint/>
> <sp:RequireSignatureConfirmation/>
> </sp:Policy>
> </sp:Wss11>
> <sp:Trust10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> <sp:MustSupportIssuedTokens/>
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy";>
> <ramp:user>service</ramp:user>
> <ramp:encryptionUser>service</ramp:encryptionUser>
>
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
> </ramp:passwordCallbackClass>
>
> <ramp:signatureCrypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">apache
> </ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> </wsp:PolicyAttachment>
>
> </service>
>
>
