Alessio and I chatted a bit on IRC about this: http://irclogs.dankulp.com/logs/irclogger_log/cxf?date=2013-04-03,Wed&sel=91#l87
Looks like a bug in how the mex and WSS4JPolicyIn things are interacting. He's investigating. Dan On Apr 3, 2013, at 11:13 AM, Alessio Soldano <[email protected]> wrote: > Hi, > I'm seeing exceptions as at http://fpaste.org/Nidh/ when ws-mex Get > calls are done against WS-Security Policy enabled endpoints. I have a > common ws-trust scenario, with the endpoint wsdl containing > > <sp:InitiatorToken> > <wsp:Policy> > <sp:IssuedToken > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> > <sp:RequestSecurityTokenTemplate> > > <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> > > <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> > </sp:RequestSecurityTokenTemplate> > <wsp:Policy> > <sp:RequireInternalReference/> > </wsp:Policy> > <sp:Issuer> > > <wsaws:Address>http://localhost:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService</wsaws:Address> > <wsaws:Metadata > xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"; > wsdli:wsdlLocation="http://localhost:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl";> > <wsaw:ServiceName > xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; > xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; > EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName> > </wsaws:Metadata> > </sp:Issuer> > </sp:IssuedToken> > </wsp:Policy> > </sp:InitiatorToken> > > The STS service is also using ws-security policy > > @WebServiceProvider(serviceName = "SecurityTokenService", > portName = "UT_Port", > targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";, > wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl") > @EndpointProperties(value = { > @EndpointProperty(key = "ws-security.signature.username", value = > "mystskey"), > @EndpointProperty(key = "ws-security.signature.properties", value > = "stsKeystore.properties"), > @EndpointProperty(key = "ws-security.callback-handler", value = > "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.STSCallbackHandler"), > @EndpointProperty(key = "ws-security.validate.token", value = > "false") //to let the JAAS integration deal with validation through the > interceptor below > }) > @InInterceptors(interceptors = > {"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"}) > public class SampleSTS extends SecurityTokenServiceProvider > { > ... > } > > with the mentioned ws-trust-1.4-service.wsdl being a reduced version of > the sts-war one having the UT port and policies only. > > A quick debugging seems to reveal that the > PolicyBasedWSS4JInInterceptor::computeAction method is failing to > retrieve the action as no AssertionInfoMap attachment is found in the > message. Any idea of what might have changed between 2.6.6 and 2.6.7 here? > Thanks > Alessio > > > -- > Alessio Soldano > Web Service Lead, JBoss -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
