how to determine/debug effective ws policy used?

Tue, 04 Jun 2013 16:22:20 -0700 

Hi,
I'm trying to learn how to correctly use WS-Policy with CXF (using version 
2.7.2) and would like to know if there's a way to log the effective policy 
calculated for both consumer and provider?

The problem is that I have a wsdl with 3 policies attached to different points. 
 The first policy contains an asymmetric binding to provide the X509 keys for 
signing/encryption.  The second two policies just have the places I want 
signed/encrypted, like this:
    <wsp:Policy wsu:Id="Output_Policy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:EncryptedParts>
                    <sp:Body/>
                </sp:EncryptedParts>
                <sp:SignedParts>
                    <sp:Body/>
...

In the WSDL, I have the following binding which references the first policy:
  <wsdl:binding name="Binding_MyService" type="tns:MyService">
    <wsp:PolicyReference URI="#main_policy"/>

The operations reference the second two policies to say what to sign/encrypt in 
each direction:
    <wsdl:operation name="PatientRequests">
      <soap12:operation 
soapAction="http://example.com/schemas/'myService/PatientRequests" 
style="document"/>
      <wsdl:input>
        <wsp:PolicyReference URI="#Input_policy"/>
        <soap12:body use="literal"/>
      </wsdl:input>
      <wsdl:output>
        <wsp:PolicyReference URI="#Output_Policy"/>
        <soap12:body use="literal"/>
      </wsdl:output>
    </wsdl:operation>

I've setup a client (using CXF Dispatch) and a server (using CXF Provider).  If 
I make a bad URI in the policy reference for the operation, the client does not 
complain but the server does throw an exception saying it can't find policy 
"xyz" (or whatever I rename the PolicyReference to).  Whether the URI is right 
or not, the client doesn't do the signing/encryption but the server errors out 
complaining that the Body is not signed or encrypted (correctly, since the 
client failed to sign/encrypt).

So it appears to me that the client is not properly calculating the effective 
policy as the merge of the main policy and either the input/output policy 
(depending on direction), but the server does correctly calculate the effective 
policy.  In the main policy, I also have WS-Addressing engaged and when I trace 
the messages I see that the client is sending the right Action header so it's 
correctly determining the operation from the message I'm sending, so it should 
be able to determine the right policy (just as the server does when it receives 
the message and calculates the policy based on the Action header).

Thanks,
Jesse

Reply via email to