Hi there I'd say that the security binding is missing (Transport, Symmetric or Asymmetric). Maybe it's easiest to configure the transport binding. I've used "SignedSupportingTokens" but this doesn't matter as the message is signed (integrity) on the transport level.
Maybe have a look to the blog post from Colm here as it illustrates different use cases for WS-SecurityPolicy: http://coheigea.blogspot.com/2011/12/ws-securitypolicy-examples-in-apache.html I'd like to highlight the oasis document referenced in this blog which describes different use cases. Especially also use cases how to implement SAML HOK be comining message and transport level security: http://coheigea.blogspot.com/2011/12/ws-securitypolicy-examples-in-apache.html HTH <wsp:Policy wsu:Id="TransportUT_policy"> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> </wsp:Policy> </sp:TransportBinding> <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SignedSupportingTokens> <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> <sp:MustSupportRefThumbprint/> <sp:MustSupportRefEncryptedKey/> </wsp:Policy> </sp:Wss11> <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust13> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> ------ Oliver Wulff http://owulff.blogspot.com Solution Architect Talend Application Integration Division http://www.talend.com ________________________________________ Von: sram [[email protected]] Gesendet: Donnerstag, 2. Februar 2012 01:57 Bis: [email protected] Betreff: CXF2.5.1 WS-SecurityPolicy Its the SecurityPolicy issue again, with cxf2.5.1. I ran through all messages posted in this group across different versions and could not figure out this issue. At this point, I'm not sure if I am doing wrong or its a side effect of some neethi updates. Please help On CXF2.5.1, neethi-3.0.1, wss4j1.6.4, >>>>>>>>>>>cxf-servlet.xml <jaxws:endpoint id="pingService" implementor="com.services.ping.PingPortTypeImpl" wsdlLocation="C:\work\draft\cxf\BootSampleWAR\WebContent\WEB-INF\wsdl\ping.wsdl" endpointName="s:pingPort" xmlns:s="http://services.com/ping"; serviceName="s:PingService" address="/PingService"> <jaxws:properties> <entry key="ws-security.ut.validator"> <ref bean="SecurityInterceptor" /> </entry> </jaxws:properties> </jaxws:endpoint> >>>>>>>>>>>>ping.wsdl <definitions> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";> .... <binding name="pingBinding" type="p0:pingPortType"> <wsp:PolicyReference URI="#PlaintextPolicy" /> <soap:binding transport="http://schemas.xmlsoap.org/soap/http"; style="document" /> <operation name="ping"> <soap:operation soapAction="" /> <input> <soap:body use="literal" /> .... </binding> <wsp:Policy wsu:Id="PlaintextPolicy"> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy> </definitions> >>>>>>>>>>SOAP Input: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <SOAP-ENV:Header> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:UsernameToken wsu:Id="UsernameToken-4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wsse:Username>abcd</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>dcba</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>ENRcLeFReWqSBGOrzRh2Mw==</wsse:Nonce> <wsu:Created>2012-02-01T21:03:08.603Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body> <tns:ping xmlns="http://schemas.xmlsoap.org/soap/encoding/"; xmlns:tns="http://services.workbench.mellon.com/ping"; xmlns:tnsB="http://services.workbench.mellon.com/ping/types/";> <tnsB:str>string</tnsB:str> </tns:ping> </SOAP-ENV:Body> </SOAP-ENV:Envelope> >>>>>>>>>>>>Exception Caused by: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:166) at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101) at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45) ... 32 more I then added to cxf-servlet.xml, <p:engine ignoreUnknownAssertions="false"/> but encoutered exception>>>>>>>>>>>>>>>>> org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.cxf.ws.policy.spring.PolicyEngineBeanDefinitionParser$PolicyEngineConfig': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.apache.cxf.ws.policy.spring.PolicyEngineBeanDefinitionParser$PolicyEngineConfig]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.apache.cxf.ws.policy.spring.PolicyEngineBeanDefinitionParser$PolicyEngineConfig.<init>() at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:965) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:911) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485) Am i missing any here? -- View this message in context: http://cxf.547215.n5.nabble.com/CXF2-5-1-WS-SecurityPolicy-tp5449316p5449316.html Sent from the cxf-user mailing list archive at Nabble.com.
