Thanks a lot Andreas for the clarification and for the quick response...
It did work.
Thanks,
Hasini.
On Sun, Oct 2, 2011 at 8:20 PM, Andreas Veithen
<andreas.veit...@gmail.com>wrote:
> Hi,
>
> That is because there are two places in the policy where you have used
> <sp:Policy>, while it should be <wsp:Policy>. Previous versions of
> Axis2 didn't check the namespace and therefore didn't trigger an
> exception in this case. All versions of Axis2 based on Neethi 3.0.x
> (i.e. Axis2 >= 1.6.1) will reject such an invalid policy.
>
> Andreas
>
> On Sun, Oct 2, 2011 at 15:52, Hasini Gunasinghe <hasi7...@gmail.com>
> wrote:
> > Hi all,
> >
> > I have applied two different security policies to in and out messages of
> a
> > service operation using policy attachments.
> >
> > When I deployed the service in Axis2 with the policies included in the
> > services.xml as shown in [2], I get the following exception [1], at
> service
> > deployment time and the service is shown as a faulty service. (axis2 and
> > rampart built from trunk)
> >
> > When I deployed the same service in another application server, I didn't
> > encounter this error and I was able to access the policy engaged wsdl
> > without a problem.
> >
> > Could I please get some insight whether this may be due to anything wrong
> > with the security policy or could it be due to some other reason...
> >
> > Thanks in advance.
> > Hasini.
> >
> > [1] org.apache.axis2.deployment.DeploymentException:
> > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> > <wsp:Policy> element.
> > at
> >
> org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:150)
> > at
> >
> org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:82)
> > .............
> > [ERROR] The sample09.aar service, which is not valid, caused
> > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> > <wsp:Policy> element.
> > org.apache.axis2.deployment.DeploymentException:
> > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> > <wsp:Policy> element.
> > at
> >
> org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:150)
> > .............
> > Caused by: java.lang.IllegalArgumentException:
> > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> > <wsp:Policy> element.
> > at
> > org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:177)
> > at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:125)
> > .............
> >
> > [2] <service>
> > <operation name="echo">
> > <messageReceiver
> > class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
> > </operation>
> > <parameter name="ServiceClass"
> >
> locked="false">org.apache.rampart.samples.policy.sample09.SimpleService</parameter>
> >
> > <module ref="rampart"/>
> > <module ref="addressing"/>
> >
> > <wsp:PolicyAttachment
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> > <wsp:AppliesTo>
> > <policy-subject
> identifier="binding:soap11/operation:echo/in"/>
> > <policy-subject
> identifier="binding:soap12/operation:echo/in"/>
> > </wsp:AppliesTo>
> > <wsp:Policy xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy";
> >
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="EncryptOnly">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SymmetricBinding
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <wsp:Policy>
> > <sp:ProtectionToken>
> > <wsp:Policy>
> > <sp:X509Token
> >
> > sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> > <wsp:Policy>
> >
> <sp:RequireThumbprintReference/>
> > <sp:WssX509V3Token10/>
> > </wsp:Policy>
> > </sp:X509Token>
> > </wsp:Policy>
> > </sp:ProtectionToken>
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic256/>
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> > <sp:Layout>
> > <wsp:Policy>
> > <sp:Lax/>
> > </wsp:Policy>
> > </sp:Layout>
> > <sp:IncludeTimestamp/>
> > </wsp:Policy>
> > </sp:SymmetricBinding>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <sp:Body/>
> > </sp:EncryptedParts>
> > <sp:Wss11
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <sp:Policy>
> > <sp:MustSupportRefKeyIdentifier/>
> > <sp:MustSupportRefIssuerSerial/>
> > <sp:MustSupportRefThumbprint/>
> > <sp:RequireSignatureConfirmation/>
> > </sp:Policy>
> > </sp:Wss11>
> > <sp:Trust10
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <wsp:Policy>
> > <sp:RequireClientEntropy/>
> > <sp:RequireServerEntropy/>
> > <sp:MustSupportIssuedTokens/>
> > </wsp:Policy>
> > </sp:Trust10>
> > <ramp:RampartConfig
> > xmlns:ramp="http://ws.apache.org/rampart/policy";>
> > <ramp:user>service</ramp:user>
> >
> <ramp:encryptionUser>service</ramp:encryptionUser>
> >
> >
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
> > </ramp:passwordCallbackClass>
> >
> > <ramp:encryptionCypto>
> > <ramp:crypto
> > provider="org.apache.ws.security.components.crypto.Merlin">
> > <ramp:property
> >
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> > <ramp:property
> >
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> > <ramp:property
> > name="org.apache.ws.security.crypto.merlin.keystore.password">apache
> > </ramp:property>
> > </ramp:crypto>
> > </ramp:encryptionCypto>
> > </ramp:RampartConfig>
> >
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > </wsp:PolicyAttachment>
> > <wsp:PolicyAttachment
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> > <wsp:AppliesTo>
> > <policy-subject
> identifier="binding:soap11/operation:echo/out"/>
> > <policy-subject
> identifier="binding:soap12/operation:echo/out"/>
> > </wsp:AppliesTo>
> > <wsp:Policy xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy";
> >
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="SignOnly">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SymmetricBinding
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <wsp:Policy>
> > <sp:ProtectionToken>
> > <wsp:Policy>
> > <sp:X509Token
> >
> > sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> > <wsp:Policy>
> >
> <sp:RequireThumbprintReference/>
> > <sp:WssX509V3Token10/>
> > </wsp:Policy>
> > </sp:X509Token>
> > </wsp:Policy>
> > </sp:ProtectionToken>
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic256/>
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> > <sp:Layout>
> > <wsp:Policy>
> > <sp:Lax/>
> > </wsp:Policy>
> > </sp:Layout>
> > <sp:IncludeTimestamp/>
> > <sp:OnlySignEntireHeadersAndBody/>
> > </wsp:Policy>
> > </sp:SymmetricBinding>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <sp:Body/>
> > </sp:SignedParts>
> > <sp:Wss11
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <sp:Policy>
> > <sp:MustSupportRefKeyIdentifier/>
> > <sp:MustSupportRefIssuerSerial/>
> > <sp:MustSupportRefThumbprint/>
> > <sp:RequireSignatureConfirmation/>
> > </sp:Policy>
> > </sp:Wss11>
> > <sp:Trust10
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <wsp:Policy>
> > <sp:RequireClientEntropy/>
> > <sp:RequireServerEntropy/>
> > <sp:MustSupportIssuedTokens/>
> > </wsp:Policy>
> > </sp:Trust10>
> > <ramp:RampartConfig
> > xmlns:ramp="http://ws.apache.org/rampart/policy";>
> > <ramp:user>service</ramp:user>
> > <ramp:encryptionUser>service</ramp:encryptionUser>
> >
> >
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
> > </ramp:passwordCallbackClass>
> >
> > <ramp:signatureCrypto>
> > <ramp:crypto
> > provider="org.apache.ws.security.components.crypto.Merlin">
> > <ramp:property
> >
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> > <ramp:property
> >
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> > <ramp:property
> > name="org.apache.ws.security.crypto.merlin.keystore.password">apache
> > </ramp:property>
> > </ramp:crypto>
> > </ramp:signatureCrypto>
> >
> > </ramp:RampartConfig>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> >
> > </wsp:PolicyAttachment>
> >
> > </service>
> >
> >
>
