WS-Mex issue on CXF 2.6.7

Wed, 03 Apr 2013 08:14:23 -0700 

Hi,
I'm seeing exceptions as at http://fpaste.org/Nidh/ when ws-mex Get
calls are done against WS-Security Policy enabled endpoints. I have a
common ws-trust scenario, with the endpoint wsdl containing

<sp:InitiatorToken>
  <wsp:Policy>
    <sp:IssuedToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
      <sp:RequestSecurityTokenTemplate>

<t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>

<t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
      </sp:RequestSecurityTokenTemplate>
      <wsp:Policy>
        <sp:RequireInternalReference/>
      </wsp:Policy>
      <sp:Issuer>

<wsaws:Address>http://localhost:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService</wsaws:Address>
        <wsaws:Metadata
xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance";
wsdli:wsdlLocation="http://localhost:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl";>
          <wsaw:ServiceName
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";
xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
        </wsaws:Metadata>
      </sp:Issuer>
    </sp:IssuedToken>
  </wsp:Policy>
</sp:InitiatorToken>

The STS service is also using ws-security policy

@WebServiceProvider(serviceName = "SecurityTokenService",
      portName = "UT_Port",
      targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";,
      wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl")
@EndpointProperties(value = {
      @EndpointProperty(key = "ws-security.signature.username", value =
"mystskey"),
      @EndpointProperty(key = "ws-security.signature.properties", value
= "stsKeystore.properties"),
      @EndpointProperty(key = "ws-security.callback-handler", value =
"org.jboss.test.ws.jaxws.samples.wsse.policy.trust.STSCallbackHandler"),
      @EndpointProperty(key = "ws-security.validate.token", value =
"false") //to let the JAAS integration deal with validation through the
interceptor below
})
@InInterceptors(interceptors =
{"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"})
public class SampleSTS extends SecurityTokenServiceProvider
{
...
}

with the mentioned ws-trust-1.4-service.wsdl being a reduced version of
the sts-war one having the UT port and policies only.

A quick debugging seems to reveal that the
PolicyBasedWSS4JInInterceptor::computeAction method is failing to
retrieve the action as no AssertionInfoMap attachment is found in the
message. Any idea of what might have changed between 2.6.6 and 2.6.7 here?
Thanks
Alessio


-- 
Alessio Soldano
Web Service Lead, JBoss

Reply via email to