Re: ws-securitypolicy not working?

Daniel Kulp Thu, 18 Mar 2010 20:06:34 -0700

On Thursday 18 March 2010 10:37:57 am Guy Pardon wrote:
> Hi,
> 
> My case is the following: I would like to get ws-securitypolicy to work for
> signing messages with NTLM credentials on Java6.


Well, the work we did for Java6 just allows support of NTLM for http 
authentication, not really for any sort of SecurityPolicy based sign/encrypt 
type stuff.   We certainly don't support the SpnegoContextToken stuff yet.   
If someone wanted to try tackling it, I'd be more than willing to help mentor 
someone through it.

Dan


> Both of these would be supported by default (according to the cxf docs).
> 
> However, when I try our WSDL with the wsdl-first sample setup of cxf, then
> I get the following errors (see below).
> 
> Does anybody know what is missing? Do I need to set extra properties
> somewhere?
> 
> Thanks
> Guy
> 
> Buildfile: build.xml
> 
> maybe.generate.code:
> 
> compile:
>   [javac] Compiling 1 source file to D:\DEVELO~1\APACHE~1.
> 6\samples\wsdl_first\build\classes
> 
> copy.maven.resources:
> 
> build:
> 
> client:
>    [java] Mar 17, 2010 1:58:57 PM org.apache.cxf.ws.policy.
> AssertionBuilderRegistryImpl build
>    [java] WARNING: No assertion builder for type {http://docs.oasis-open.
> org/ws-sx/ws-securitypolicy/200702}SpnegoContextToken registered.
> 
>    [java] Mar 17, 2010 1:58:57 PM org.apache.cxf.ws.policy.
> AssertionBuilderRegistryImpl build
>    [java] WARNING: No assertion builder for type {http://docs.oasis-open.
> org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp registered.
>    [java] Mar 17, 2010 1:58:57 PM org.apache.cxf.ws.policy.
> AssertionBuilderRegistryImpl build
>    [java] Invoking addItemToApplicationFeed...
>    [java] WARNING: No assertion builder for type {http://docs.oasis-open.
> org/ws-sx/ws-securitypolicy/200702}EncryptSignature registered.
>    [java] Mar 17, 2010 1:58:57 PM org.apache.cxf.ws.policy.
> AssertionBuilderRegistryImpl build
>    [java] WARNING: No assertion builder for type {http://docs.oasis-open.
> org/ws-sx/ws-securitypolicy/200702}OnlySignEntireHeadersAndBody r
> egistered.
>    [java] Mar 17, 2010 1:58:57 PM
> org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
>    [java] WARNING: Interceptor for {http://docs.oasis-open.
> org/ws-sx/ws-trust/200512/wsdl}SecurityTokenService#{http://docs.oasis-open
> .org /ws-sx/ws-trust/200512/wsdl}RequestSecurityToken has thrown exception,
> unwinding now
>    [java] org.apache.cxf.interceptor.Fault: No signature token
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:
> 384)
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:113)
>    [java]     at org.apache.cxf.ws.security.wss4j.
> PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.
> handleMessage(Poli
> cyBasedWSS4JOutInterceptor.java:130)
>    [java]     at org.apache.cxf.ws.security.wss4j.
> PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.
> handleMessage(Poli
> cyBasedWSS4JOutInterceptor.java:73)
>    [java]     at org.apache.cxf.phase.PhaseInterceptorChain.
> doIntercept(PhaseInterceptorChain.java:243)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:484)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:310)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:262)
>    [java]     at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:445)
>    [java]     at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:345)
>    [java]     at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutIntercept
> or.java:156)
>    [java]     at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterc
> eptor.java:68)
>    [java]     at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterc
> eptor.java:43)
>    [java]     at org.apache.cxf.phase.PhaseInterceptorChain.
> doIntercept(PhaseInterceptorChain.java:243)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:484)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:310)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:262)
>    [java]     at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy. java:73)
>    [java]     at org.apache.cxf.jaxws.JaxWsClientProxy.
> invoke(JaxWsClientProxy.java:124)
>    [java]     at $Proxy45.addItemToApplicationFeed(Unknown Source)
>    [java]     at org.tempuri.
> IFeedService_WS2007HttpBindingIFeedService_Client.
> main(IFeedService_WS2007HttpBindingIFeedService_Client.java
> 
> :64)
> 
>    [java] Caused by: org.apache.cxf.ws.policy.PolicyException: No signature
> token
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:278)
> 
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:
> 282)
>    [java]     ... 20 more
>    [java] Mar 17, 2010 1:58:57 PM
> org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
>    [java] WARNING: Interceptor for {http://tempuri.
> org/}FeedService2#{http://tempuri.org/}AddItemToApplicationFeed has thrown
> exception, u
> nwinding now
>    [java] org.apache.cxf.interceptor.Fault: No signature token
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:
> 384)
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:113)
>    [java]     at org.apache.cxf.ws.security.wss4j.
> PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.
> handleMessage(Poli
> cyBasedWSS4JOutInterceptor.java:130)
>    [java]     at org.apache.cxf.ws.security.wss4j.
> PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.
> handleMessage(Poli
> cyBasedWSS4JOutInterceptor.java:73)
>    [java]     at org.apache.cxf.phase.PhaseInterceptorChain.
> doIntercept(PhaseInterceptorChain.java:243)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:484)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:310)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:262)
>    [java]     at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:445)
>    [java]     at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:345)
>    [java]     at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutIntercept
> or.java:156)
>    [java]     at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterc
> eptor.java:68)
>    [java]     at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterc
> eptor.java:43)
>    [java]     at org.apache.cxf.phase.PhaseInterceptorChain.
> doIntercept(PhaseInterceptorChain.java:243)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:484)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:310)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:262)
>    [java]     at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy. java:73)
>    [java]     at org.apache.cxf.jaxws.JaxWsClientProxy.
> invoke(JaxWsClientProxy.java:124)
>    [java]     at $Proxy45.addItemToApplicationFeed(Unknown Source)
>    [java]     at org.tempuri.
> IFeedService_WS2007HttpBindingIFeedService_Client.
> main(IFeedService_WS2007HttpBindingIFeedService_Client.java
> 
> :64)
> 
>    [java] Caused by: org.apache.cxf.ws.policy.PolicyException: No signature
> token
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:278)
> 
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:
> 282)
>    [java]     ... 20 more
>    [java] Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> No signature token
>    [java]     at org.apache.cxf.jaxws.JaxWsClientProxy.
> invoke(JaxWsClientProxy.java:146)
>    [java]     at $Proxy45.addItemToApplicationFeed(Unknown Source)
>    [java]     at org.tempuri.
> IFeedService_WS2007HttpBindingIFeedService_Client.
> main(IFeedService_WS2007HttpBindingIFeedService_Client.java
> 
> :64)
> 
>    [java] Caused by: org.apache.cxf.ws.policy.PolicyException: No signature
> token
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:278)
> 
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:
> 282)
>    [java]     at org.apache.cxf.ws.security.wss4j.policyhandlers.
> SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:113)
>    [java]     at org.apache.cxf.ws.security.wss4j.
> PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.
> handleMessage(Poli
> cyBasedWSS4JOutInterceptor.java:130)
>    [java]     at org.apache.cxf.ws.security.wss4j.
> PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.
> handleMessage(Poli
> cyBasedWSS4JOutInterceptor.java:73)
>    [java]     at org.apache.cxf.phase.PhaseInterceptorChain.
> doIntercept(PhaseInterceptorChain.java:243)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:484)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:310)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:262)
>    [java]     at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:445)
>    [java]     at org.apache.cxf.ws.security.trust.STSClient.
> requestSecurityToken(STSClient.java:345)
>    [java]     at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.issueToken(SecureConversationOutIntercept
> or.java:156)
>    [java]     at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterc
> eptor.java:68)
>    [java]     at org.apache.cxf.ws.security.policy.interceptors.
> SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterc
> eptor.java:43)
>    [java]     at org.apache.cxf.phase.PhaseInterceptorChain.
> doIntercept(PhaseInterceptorChain.java:243)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:484)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:310)
>    [java]     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.
> java:262)
>    [java]     at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy. java:73)
>    [java]     at org.apache.cxf.jaxws.JaxWsClientProxy.
> invoke(JaxWsClientProxy.java:124)
>    [java]     ... 2 more
>    [java] Java Result: 1
> 
> BUILD SUCCESSFUL
> Total time: 4 seconds
> D:\DEVELO~1\APACHE~1.6\samples\wsdl_first>

-- 
Daniel Kulp
[email protected]
http://dankulp.com/blog

Re: ws-securitypolicy not working?

Reply via email to