Hello, I am using CXF 2.2.2 and I am trying to implement a policy that requires transport-level security for securing messages. I followed the intructions for enabling and configuring the policy engine ( http://cwiki.apache.org/CXF20DOC/wspconfiguration.html). The contents of my cxf.xml is included below along with my policy expression, which is contained in a separate file called policies.xml. When I ran my code I got an error shown in the stacktrace below. I did some searching online and found a currently open bug describing the same problem ( https://issues.apache.org/jira/browse/CXF-1318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ).
I tried the workaround given in the bug and it got rid of the NullPointerException, however, the policy now isn't being enforced. Does anyone have any ideas on how I can have CXF enforce transport-level security? Thanks. cxf.xml ====== <?xml version="1.0" encoding="UTF-8" ?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:p="http://cxf.apache.org/policy"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; xsi:schemaLocation=" http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd";> <!-- This causes NPE in PolicyEngineImpl --> <!-- <p:engine enabled="true" ignoreUnknownAssertions="false"/> <p:externalAttachment location="classpath:/policies.xml"/> --> <bean class="org.apache.cxf.ws.policy.attachment.external.ExternalAttachmentProvider"> <constructor-arg ref="cxf"/> <property name="location" value="classpath:/policies.xml"/> </bean> <bean id="org.apache.cxf.ws.policy.PolicyEngine" class="org.apache.cxf.ws.policy.spring.InitializingPolicyEngine"> <property name="bus" ref="cxf"/> <property name="enabled" value="true"/> </bean> </beans> policies.xml ========= <?xml version="1.0" encoding="UTF-8" ?> <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wsa="http://www.w3.org/2005/08/addressing"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <wsp:PolicyAttachment> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>xs:anyURI</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wsp:Policy> <sp:TransportBinding> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken> <wsp:Policy/> </sp:HttpsToken> </wsp:Policy> </sp:TransportToken> </wsp:Policy> </sp:TransportBinding> </wsp:Policy> </wsp:PolicyAttachment> </attachments> Stacktrace ======== java.lang.NullPointerException org.apache.cxf.ws.policy.PolicyEngineImpl.supportsAlternative(PolicyEngineImpl.java:499) org.apache.cxf.ws.policy.EndpointPolicyImpl.getSupportedAlternatives(EndpointPolicyImpl.java:166) org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicyImpl.java:153) org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImpl.java:137) org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:133) org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:482) org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:229) org.apache.cxf.ws.policy.PolicyEngineImpl.getServerEndpointPolicy(PolicyEngineImpl.java:217) org.apache.cxf.transport.http.policy.PolicyUtils.getServer(PolicyUtils.java:180) org.apache.cxf.transport.http.AbstractHTTPDestination.initConfig(AbstractHTTPDestination.java:398) org.apache.cxf.transport.http.AbstractHTTPDestination.<init>(AbstractHTTPDestination.java:119) org.apache.cxf.transport.servlet.ServletDestination.<init>(ServletDestination.java:66) org.apache.cxf.transport.servlet.ServletTransportFactory.getDestination(ServletTransportFactory.java:102) org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:90) org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:69) org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:118) org.apache.cxf.jaxws.JaxWsServerFactoryBean.create(JaxWsServerFactoryBean.java:167) org.apache.cxf.jaxws.EndpointImpl.getServer(EndpointImpl.java:346) org.apache.cxf.jaxws.EndpointImpl.doPublish(EndpointImpl.java:259) org.apache.cxf.jaxws.EndpointImpl.publish(EndpointImpl.java:209) org.apache.cxf.jaxws.EndpointImpl.publish(EndpointImpl.java:404) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1413) org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1374) org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1334) org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473) org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) java.security.AccessController.doPrivileged(Native Method) org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380) org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264) org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:221) org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261) org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185) org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164) org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429) org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:729) org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:381) org.apache.cxf.transport.servlet.CXFServlet.loadAdditionalConfig(CXFServlet.java:166) org.apache.cxf.transport.servlet.CXFServlet.updateContext(CXFServlet.java:134) org.apache.cxf.transport.servlet.CXFServlet.loadSpringBus(CXFServlet.java:101) org.apache.cxf.transport.servlet.CXFServlet.loadBus(CXFServlet.java:70) org.apache.cxf.transport.servlet.AbstractCXFServlet.init(AbstractCXFServlet.java:79) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) java.lang.Thread.run(Thread.java:619)
