Hello everyone,
I've been trying to access a Web Service written on WebLogic server
and using Standard WS-Policy assertions but for some reason CXF
complains the Policy does not have alternatives:
"javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives
can be satisfied."
The WS-policies I'm using are default Weblogic ones and were not
customised, here are them (extracted from the WSDL):
<wsp:UsingPolicy wssutil:Required="true" />
<wsp:Policy wssutil:Id="Wssp1.2-Wss1.0-X509-Basic256.xml">
<ns0:AsymmetricBinding>
<wsp:Policy>
<ns0:InitiatorToken>
<wsp:Policy>
<ns0:X509Token
ns0:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<ns0:WssX509V3Token10 />
</wsp:Policy>
</ns0:X509Token>
</wsp:Policy>
</ns0:InitiatorToken>
<ns0:RecipientToken>
<wsp:Policy>
<ns0:X509Token
ns0:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/Never";>
<wsp:Policy>
<ns0:WssX509V3Token10 />
</wsp:Policy>
</ns0:X509Token>
</wsp:Policy>
</ns0:RecipientToken>
<ns0:AlgorithmSuite>
<wsp:Policy>
<ns0:Basic256 />
</wsp:Policy>
</ns0:AlgorithmSuite>
<ns0:Layout>
<wsp:Policy>
<ns0:Lax />
</wsp:Policy>
</ns0:Layout>
<ns0:IncludeTimestamp />
<ns0:ProtectTokens />
<ns0:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</ns0:AsymmetricBinding>
<ns1:Wss10>
<wsp:Policy>
<ns1:MustSupportRefKeyIdentifier />
<ns1:MustSupportRefIssuerSerial />
</wsp:Policy>
</ns1:Wss10>
</wsp:Policy>
<wsp:Policy wssutil:Id="Wssp1.2-2007-EncryptBody.xml">
<ns2:EncryptedParts>
<ns2:Body />
</ns2:EncryptedParts>
</wsp:Policy>
<wsp:Policy wssutil:Id="Wssp1.2-SignBody.xml">
<ns3:SignedParts>
<ns3:Body />
</ns3:SignedParts>
</wsp:Policy>
<wsp:UsingPolicy wssutil:Required="true" />
<wsp:Policy wssutil:Id="Wssp1.2-Wss1.0-X509-Basic256.xml">
<ns1:AsymmetricBinding>
<wsp:Policy>
<ns1:InitiatorToken>
<wsp:Policy>
<ns1:X509Token
ns1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<ns1:WssX509V3Token10 />
</wsp:Policy>
</ns1:X509Token>
</wsp:Policy>
</ns1:InitiatorToken>
<ns1:RecipientToken>
<wsp:Policy>
<ns1:X509Token
ns1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/Never";>
<wsp:Policy>
<ns1:WssX509V3Token10 />
</wsp:Policy>
</ns1:X509Token>
</wsp:Policy>
</ns1:RecipientToken>
<ns1:AlgorithmSuite>
<wsp:Policy>
<ns1:Basic256 />
</wsp:Policy>
</ns1:AlgorithmSuite>
<ns1:Layout>
<wsp:Policy>
<ns1:Lax />
</wsp:Policy>
</ns1:Layout>
<ns1:IncludeTimestamp />
<ns1:ProtectTokens />
<ns1:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</ns1:AsymmetricBinding>
<ns2:Wss10>
<wsp:Policy>
<ns2:MustSupportRefKeyIdentifier />
<ns2:MustSupportRefIssuerSerial />
</wsp:Policy>
</ns2:Wss10>
</wsp:Policy>
<wsp:Policy wssutil:Id="Wssp1.2-2007-EncryptBody.xml">
<ns3:EncryptedParts>
<ns3:Body />
</ns3:EncryptedParts>
</wsp:Policy>
<wsp:Policy wssutil:Id="Wssp1.2-SignBody.xml">
<ns4:SignedParts>
<ns4:Body />
</ns4:SignedParts>
</wsp:Policy>
By inspecting the Policy in the WSDL I noticed it does not contain a
<wsp:All> and <wsp:ExactlyOne> tags, I don't know if this is required
by the specification. Using the client generated by the Weblogic
server the call works normally.
The assignment is done as following:
<binding name="CatalogoDadosPortBinding" type="tns:CatalogoDadosImpl">
<wsp:PolicyReference URI="#Wssp1.2-Wss1.0-X509-Basic256.xml"/>
<wsp:PolicyReference URI="#Wssp1.2-SignBody.xml"/>
<wsp:PolicyReference URI="#Wssp1.2-2007-EncryptBody.xml"/>
<wsp:PolicyReference URI="#Wssp1.2-Wss1.0-X509-Basic256.xml"/>
<wsp:PolicyReference URI="#Wssp1.2-SignBody.xml"/>
<wsp:PolicyReference URI="#Wssp1.2-2007-EncryptBody.xml"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http";
style="document"/>
<operation name="init"> ...
It's strange that it's generating the policy references twice for each
one but I don't think that's the problem since, like I said, the
client using the weblogic server libraries works normally. Any help
will be appretiated!
Thank you
