Ok - thanks, I am still familiarizing myself with the ws-security policy spec, I did not realize the Include value controlled when it was applied as far as incoming or outgoing. I will have to read that section of the spec again, it makes sense though.
Thanks muchly for the reply, Sent from my iPhone On Feb 29, 2012, at 20:22, Colm O hEigeartaigh <[email protected]> wrote: >> Do I have to concern myself with this exception? The policies >> correctly validate on the incoming request, SupportingTokens would be >> pointless for outgoing, but certainly TransportToken should be >> validated as the response is SSL??? > > If the SupportingTokens policy is pointless for outgoing, then why > does it have an include value of "Always"? Maybe you need to use > "AlwaysToRecipient" instead? The TransportToken error might be caused > by the SupportingToken error. > > Colm. > > On Wed, Feb 29, 2012 at 12:51 AM, Jason Pell <[email protected]> wrote: >> Hi, >> >> Do I have to concern myself with this exception? The policies >> correctly validate on the incoming request, SupportingTokens would be >> pointless for outgoing, but certainly TransportToken should be >> validated as the response is SSL??? >> >> Here is the full detail: >> >> 28841 [qtp11816628-15] DEBUG >> org.apache.cxf.ws.policy.PolicyVerificationOutInterceptor - An >> exception was thrown when verifying that the effective policy for this >> request was satisfied. However, this exception will not result in a >> fault. The exception raised is: >> org.apache.cxf.ws.policy.PolicyException: These policy alternatives >> can not be satisfied: >> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken >> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens >> >> Here is my policy info - I have removed the standard containment xml >> (<wsp:Policy>, <wsp:ExactlyOne>, <wsp:All>) for brevity >> >> My transport binding is (assigned to Policy.Placement.SERVICE): >> >> <sp:TransportBinding> >> <wsp:Policy> >> <sp:TransportToken> >> <wsp:Policy> >> <sp:HttpsToken> >> <wsp:Policy /> >> </sp:HttpsToken> >> </wsp:Policy> >> </sp:TransportToken> >> <sp:Layout> >> <wsp:Policy> >> <sp:Lax /> >> </wsp:Policy> >> </sp:Layout> >> <!-- <sp:IncludeTimestamp /> --> >> <sp:AlgorithmSuite> >> <wsp:Policy> >> <sp:Basic128 /> >> </wsp:Policy> >> </sp:AlgorithmSuite> >> </wsp:Policy> >> </sp:TransportBinding> >> >> >> Here is my supporting tokens policy (assigned at Policy.Placement.SERVICE): >> >> <sp:SupportingTokens> >> <wsp:Policy> >> <sp:KerberosToken >> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always";> >> <wsp:Policy> >> >> <sp:WssGssKerberosV5ApReqToken11 /> >> </wsp:Policy> >> </sp:KerberosToken> >> </wsp:Policy> >> </sp:SupportingTokens> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
