No. What is the problem you are seeing? Colm.
On Thu, Feb 27, 2014 at 2:17 PM, pvivacqua <[email protected]> wrote: > Thanks Colm, I altered the token inclusion value of the InitiatorToken to > "Never" and it worked fine. By the way, do you know of any bug related to > the 'timestamp' policy that generates a fault even when the element is > present? > > thanks, > > > Paulo Vivacqua > > > On Thu, Feb 27, 2014 at 7:11 AM, coheigea [via CXF] < > [email protected]> wrote: > > > You could try adding a "<sp:RequireThumbprintReference />" to the > > InitiatorToken policy. If this doesn't work then you could change the > > token > > inclusion value of the InitiatorToken to "Never" (instead of > > "AlwaysToRecipient"). That would require the service to have the public > > key > > of the client stored locally. > > > > Colm. > > > > > > On Wed, Feb 26, 2014 at 5:51 PM, pvivacqua <[hidden email]< > http://user/SendEmail.jtp?type=node&node=5740562&i=0>> > > wrote: > > > > > Colm, thanks for the response. > > > > > > Is there any way around ? We are stuck with jbossws-cxf-4.1.1.Final, > due > > to > > > Jboss 7.1.1. > > > > > > thanks > > > > > > Paulo Vivacqua > > > > > > > > > On Wed, Feb 26, 2014 at 1:02 PM, coheigea [via CXF] < > > > [hidden email] <http://user/SendEmail.jtp?type=node&node=5740562&i=1>> > > wrote: > > > > > > > It's a bug that has only recently been fixed: > > > > > > > > > > > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commit;h=eb9ea1e1c049299221f080184a346d0ae5f8aef7 > > > > > > > > You will have to upgrade to one of the latest (CXF) releases to pick > > it > > > > up. > > > > > > > > Colm. > > > > > > > > > > > > On Wed, Feb 26, 2014 at 2:53 PM, pvivacqua <[hidden email]< > > > http://user/SendEmail.jtp?type=node&node=5740532&i=0>> > > > > wrote: > > > > > > > > > *Hi, > > > > > > > > > > I am currently trying to implement WS-SecurityPolicy on a web > > service > > > > that > > > > > uses WS-Security (Jboss 7.1.1 + jbossws-cxf-4.1.1.Final). I am > > trying > > > to > > > > > make CXF enforce tree policies: UsernameToken with Mutual X.509v3 > > > > > Authentication, Sign and Encrypt as follows:* > > > > > > > > > > <wsp:Policy > > > > > xmlns:wsu=" > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > > > " > > > > > xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"; > > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"; > > > > > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; > > > > > xmlns:tcp=" > > > > http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service"; > > > > > xmlns:sp=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > > > > > > > xmlns:sc="http://schemas.sun.com/2006/03/wss/server"; > > > > > xmlns:fi=" > > > > > http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service > " > > > > > wsu:Id="GidWsNDSOiVendeBindingPolicy"> > > > > > <wsp:ExactlyOne> > > > > > <wsp:All> > > > > > <sp:AsymmetricBinding> > > > > > <wsp:Policy> > > > > > <sp:InitiatorToken> > > > > > <wsp:Policy> > > > > > > > <sp:X509Token > > > > > sp:IncludeToken=" > > > > > > > > > > > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > > > > > "> > > > > > > > > > > <wsp:Policy> > > > > > > > > > > <sp:WssX509V3Token11/> > > > > > > > > > > </wsp:Policy> > > > > > > > </sp:X509Token> > > > > > </wsp:Policy> > > > > > </sp:InitiatorToken> > > > > > <sp:RecipientToken> > > > > > <wsp:Policy> > > > > > > > <sp:X509Token > > > > > sp:IncludeToken=" > > > > > > > > > > > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > > > > > "> > > > > > > > > > > <wsp:Policy> > > > > > > > > > > <sp:WssX509V3Token10/> > > > > > > > > > > <sp:RequireIssuerSerialReference/> > > > > > > > > > > </wsp:Policy> > > > > > > > </sp:X509Token> > > > > > </wsp:Policy> > > > > > </sp:RecipientToken> > > > > > <sp:Layout> > > > > > <wsp:Policy> > > > > > > <sp:Strict/> > > > > > </wsp:Policy> > > > > > </sp:Layout> > > > > > <sp:EncryptBeforeSigning/> > > > > > <sp:AlgorithmSuite> > > > > > <wsp:Policy> > > > > > > > > > <sp:Basic128Rsa15/> > > > > > </wsp:Policy> > > > > > </sp:AlgorithmSuite> > > > > > </wsp:Policy> > > > > > </sp:AsymmetricBinding> > > > > > <sp:Wss10> > > > > > <wsp:Policy> > > > > > > > > <sp:MustSupportRefIssuerSerial/> > > > > > </wsp:Policy> > > > > > </sp:Wss10> > > > > > </wsp:All> > > > > > </wsp:ExactlyOne> > > > > > </wsp:Policy> > > > > > > > > > > > > > > > *All the policies work fine, except for the X509Token Assertion > that > > > > > generates the following exception.* > > > > > > > > > > 10:59:56,636 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] > > > > > (http-localhost-127.0.0.1-8080-1) Interceptor for > > > > > { > > > > > > > > > http://gid.ws.nds.oiVende/}GidWsNDSOiVende#{http://gid.ws.nds.OiVende/}teste > > > > > > > > > > > has thrown exception, unwinding now: > > org.apache.cxf.interceptor.Fault: > > > > > These > > > > > policy alternatives can not be satisfied: > > > > > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: > > > > > > The > > > > > received token does not match the token inclusion requirement > > > > > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token > > > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47) > > > > > > > > > > > [cxf-rt-ws-policy.jar:2.6.4] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > > > > > > > > > > > [cxf-api.jar:2.6.4] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > > > > > > > > > > > [cxf-api.jar:2.6.4] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:236) > > > > > > > > > > > [cxf-rt-transports-http.jar:2.6.4] > > > > > at > > > > > > > > > > > > > > > > > > > > org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:95) > > > > > > > > > > > [jbossws-cxf-server.jar:4.1.1.Final] > > > > > at > > > > > > > > > > > > > > > > > > > > org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156) > > > > > > > > > > > [jbossws-cxf-server.jar:4.1.1.Final] > > > > > at > > > > > org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) > > > > > [jbossws-cxf-server.jar:4.1.1.Final] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) > > > > > > > > > > > [cxf-rt-transports-http.jar:2.6.4] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) > > > > > > > > > > > [cxf-rt-transports-http.jar:2.6.4] > > > > > at > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > at > > > > > > > org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) > > > > > [jbossws-cxf-server.jar:4.1.1.Final] > > > > > at > > > > > > org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) > > > > > [jbossws-spi.jar:2.1.1.Final] > > > > > at > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at > > > > > > > > > > > > > > > > > > > > org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) > > > > > > > > > > > [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > > > > > > > > > > > > > > > > org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) > > > > > > > > > > > [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at > > > > > > > > > > > > > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at > > > > > > > > > > > > > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at > > > > > > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_21] > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy > > > > > alternatives can not be satisfied: > > > > > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: > > > > > > The > > > > > received token does not match the token inclusion requirement > > > > > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token > > > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167) > > > > > > > > > > > [cxf-rt-ws-policy.jar:2.6.4] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101) > > > > > > > > > > > [cxf-rt-ws-policy.jar:2.6.4] > > > > > at > > > > > > > > > > > > > > > > > > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45) > > > > > > > > > > > [cxf-rt-ws-policy.jar:2.6.4] > > > > > ... 26 more > > > > > > > > > > *The request that generated the exception:* > > > > > > > > > > <soapenv:Envelope xmlns:gid="http://gid.ws.nds.OiVende/"; > > > > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> > > > > > <soapenv:Header> > > > > > <wsse:Security > > > > > xmlns:wsse=" > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > > > " > > > > > xmlns:wsu=" > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > > > "> > > > > > <wsse:UsernameToken > > wsu:Id="UsernameToken-16"> > > > > > > > > > > > > > > > > > > > > > > > > > <wsse:Username>AI1qTwNjGnsE99RHFhQ6QFbao7u/fw179mU5oTwGyP6LOOMcffLGZHnlUWD62o3onuGNGbFltkAA > > > > > > > > > > > > > > > > > > > > > > > > > > LYVQmowJ2tfL2MdorywfON3uYdQksb0tROGj1q+dtfOEdOO0/nRB4KIPaI9iUQuLlTZTXZZLRCyL > > > > > > > > > > > tfuPdNkM8ZQ/IgX8v+k=</wsse:Username> > > > > > <wsse:Password > > > > > Type=" > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > > > > > > > > > > > > > > > ">GileUp2HMHBkZ3PvHk9PZFbbmOXKrDoGL/vEUVhXgBuJ5Z9U236w0J55xU645eH4RsltG3T4XmNQ > > > > > > > > > > > > > > > > > > > > > > > > > > e1ypi0NUbVzk2De4elkAKBF3s9bQE1rmONLoUYXQRuYDjNBbzajR2okXS80oKi7w0QOLibTFfQeO > > > > > > > > > > > R04KmBo75ykchSqNwKM=</wsse:Password> > > > > > <wsse:Nonce > > > > > EncodingType=" > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > > > > > ">ngNCqeakderQcMpmxf4DvA==</wsse:Nonce> > > > > > > > > > > <wsu:Created>2014-02-26T13:59:52.827Z</wsu:Created> > > > > > </wsse:UsernameToken> > > > > > <ds:Signature Id="SIG-15" xmlns:ds=" > > > > > http://www.w3.org/2000/09/xmldsig#";> > > > > > <ds:SignedInfo> > > > > > <ds:CanonicalizationMethod > > > > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > > > > > <ec:InclusiveNamespaces > > > > > PrefixList="gid soapenv" > > > > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> > > > > > > </ds:CanonicalizationMethod> > > > > > <ds:SignatureMethod > > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > > > > > <ds:Reference URI="#id-14"> > > > > > <ds:Transforms> > > > > > > > <ds:Transform > > > > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > > > > > > > > <ec:InclusiveNamespaces PrefixList="gid" > > > > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> > > > > > > > </ds:Transform> > > > > > </ds:Transforms> > > > > > <ds:DigestMethod > > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > > > > > > > > > > <ds:DigestValue>OQqnS4HijCjWqZud07QwEnBv1ho=</ds:DigestValue> > > > > > </ds:Reference> > > > > > </ds:SignedInfo> > > > > > > > > > > > > > > > > > > > > > > > > > <ds:SignatureValue>QW99DAhwIr/xgHnToRtPBVi87LtlUov6k/6kxGpGzqNpK4N5aI2FclAYX9AsU6Rt1mD4rvW7acvW > > > > > > > > > > > > > > > > > > > > > > > > > > VttWeQ73bLRtaBm9i2Kcb4/qKISWCpkbomRZO9t3G107hy57WP7SsO1m+uILMD3HqPnYX9clV4Ch > > > > > > > > > > > > > > > > > > > > > > > > > > kPHxpywKNdtJHd3TMBUgPHPWtHIcArm5buDfq4ptLTexq+YDcDpCbVB328S+oQpi8wZNSP9JX556 > > > > > > > > > > > > > > > > > > > > > > > > > > zHjNpDekI+S2dIDxSi/7a7PjNDO8d4ajg7yInznVx3AZm8AU6WHevdcFvIj8hFcKf+7eWNzS/Uos > > > > > > > > > > > FBr6+xuHX1C6dr/5FVgsCL2Ubr/vwPg8LdneJQ==</ds:SignatureValue> > > > > > <ds:KeyInfo > > > > > Id="KI-6F2BD13BBF5C75E94C139342319278815"> > > > > > > <wsse:SecurityTokenReference > > > > > wsu:Id="STR-6F2BD13BBF5C75E94C139342319278816"> > > > > > <ds:X509Data> > > > > > > > > > > <ds:X509IssuerSerial> > > > > > > > > > > <ds:X509IssuerName>CN=gid.ws,OU=OI,O=TNL PCS S/A,L=Rio de > > > > > Janeiro,ST=Rio de Janeiro,C=BR</ds:X509IssuerName> > > > > > > > > > > <ds:X509SerialNumber>186004993</ds:X509SerialNumber> > > > > > > > > > > </ds:X509IssuerSerial> > > > > > </ds:X509Data> > > > > > > > </wsse:SecurityTokenReference> > > > > > </ds:KeyInfo> > > > > > </ds:Signature> > > > > > <xenc:EncryptedKey > > > > > Id="EK-6F2BD13BBF5C75E94C139342319278513" > > > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > > > > > <xenc:EncryptionMethod > > > > > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > > > > > <ds:KeyInfo xmlns:ds=" > > > > > http://www.w3.org/2000/09/xmldsig#";> > > > > > > > <wsse:SecurityTokenReference> > > > > > <ds:X509Data> > > > > > > > > > > <ds:X509IssuerSerial> > > > > > > > > > > <ds:X509IssuerName>CN=gid.ws,OU=OI,O=TNL PCS S/A,L=Rio de > > > > > Janeiro,ST=Rio de Janeiro,C=BR</ds:X509IssuerName> > > > > > > > > > > <ds:X509SerialNumber>2048318029</ds:X509SerialNumber> > > > > > > > > > > </ds:X509IssuerSerial> > > > > > </ds:X509Data> > > > > > > > </wsse:SecurityTokenReference> > > > > > </ds:KeyInfo> > > > > > <xenc:CipherData> > > > > > > > > > > > > > > > > > > > > > > > > > <xenc:CipherValue>dt7uxlbVMrE2NW7gKB22hl8SaxAY0003BaIJFrs1wCfHhCtg0AhZxGL6Qw0r1lUXPYLMuMjjKddoUbZzsyH8oZYy8umVOokfZyAsukBT4+58MjHrtfhP95f57PB/5P9KDwAYuU/34UhFJfe2PMAAaTn2Wnuk1a0PqvPIHKm7oHWb6qekaKWssGWGvPhFAFg1ea5ao3S9e9OsyXzPxjlHE/bT/aA3dKO4usnkxb+HRweYZQ2E9OK25J5kdBg+fs6195zQI2hCr5X/+cNCm6VvE7RvfPkU0VrwFXSBp0opzg8dpb1ZH17WtV09nyjIsGlMypNvDYIWJYwvKZ2B4ISQkw==</xenc:CipherValue> > > > > > > > > > > > </xenc:CipherData> > > > > > <xenc:ReferenceList> > > > > > <xenc:DataReference > > > > URI="#ED-13"/> > > > > > </xenc:ReferenceList> > > > > > </xenc:EncryptedKey> > > > > > </wsse:Security> > > > > > </soapenv:Header> > > > > > <soapenv:Body wsu:Id="id-14" > > > > > xmlns:wsu=" > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > > > "> > > > > > <xenc:EncryptedData Id="ED-13" > > > > > Type="http://www.w3.org/2001/04/xmlenc#Content"; > > > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > > > > > <xenc:EncryptionMethod > > > > > Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> > > > > > <ds:KeyInfo xmlns:ds=" > > > > > http://www.w3.org/2000/09/xmldsig#";> > > > > > <wsse:SecurityTokenReference > > > > > wsse11:TokenType=" > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > > > > > " > > > > > xmlns:wsse=" > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > > > " > > > > > xmlns:wsse11=" > > > > > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd > "> > > > > > > > <wsse:Reference > > > > > URI="#EK-6F2BD13BBF5C75E94C139342319278513"/> > > > > > </wsse:SecurityTokenReference> > > > > > </ds:KeyInfo> > > > > > <xenc:CipherData> > > > > > > > > > > > > > > > > > > > > > > > > > <xenc:CipherValue>p10d5TaRMy1vspa7TjBYZXrd2ZnTIPa6e5+OWHHKO2FZDt/Gst1skyPw/WdA2qzLXtqYm9EXvlwpkcgOp6NrDKsxVgm3uymRsTtvQZ8xeb3OgaZAuW9Cu5ADCStu5N3ykOb/BLfkSFbtnOZSqNrfYEyrFgLBNOFbiY3pTPRP7jqqWaHZjlKJoPtsizt2VB2rbZxiIubbfEgAz1HITyTWa0umhMD0pFK3HewWfIyMNvPSLTHUHPH433u9pPkAROP1b+V1sYbVJpm2ED3L0lujiUujB1S/vV89hAMAHjAVq8qzLZCwOfI64IaNwxzkbZdNmf+UybPtv0+YCy9nKlUalk8lZltHMEi96xTfTHDJMTHhUFE11fS3pqcX3j3tgPJHPPkYz95ZO7Sdn/wQeJXjFL2BHs0tuHPQwY/We5IgSLWqZpCgMHaFOXj1t6XMxGy/n0Y7Y06svaXGevGejJzBixX+8Ab9lLFMqx3WdToeF3onzNCn+gYD8P7UVtV3medF7GWe0Bb/JJSq7bsO6xzDpDl0lntm3gWO3S/ChxidRtRj+rN6ZQ7rBBUXKaEO0Ce9pDnsSxeVMYxJGNwyCeL3d4NOTqG/YtmecN58sOnpsC2WXCz26YqKiWQLKkH0bBSXVGMzi6Fsk7TgSw9VcobiFTffa+tcvSEWeFE/k+YrlL+EhCgw/ez31kbTglsXn4R5UTB4exBNjX7iW/f7iQzgentAIRTOLor6AezHD1GBGB5KVJuIL/gbrsguOlLQ0nqDM31AUj6t1pz4ygCTczNk16yZ4DMEX6dcXQzexprtRbQbqxnWVtcdx4on8isUUQWJ5dKzuRfx5CJ+nYnHRPKhKv4R3oqIvm3bAIMm6kd2tFY8wniN+tkao7XXkuwxdZbD8ZLMyjFNx97c41DPdXq/B9nwkaCKRBUW05waZ3u8bFAIciC35soYzijbeCEY+31pEUkNE1HbGYyrCWrh1PRRb7YaBAHJojq3hHqjkdEbFYgHdEj3xmyHinbted0LWYeF2+0mLt3Lu3rGK9hxY0nE/SW72zl5+qKq0qdzZChivXWehlxMan+IweY1t91DL7q+dImrAoWS03AWsZasXIWmfRJDYBn8+rMJOEQndjd6nlzuZHFFek3Rc4Jx/UYMFzMD3l0qxPoYfMkBxtg7/VKyDA==</xenc:CipherValue> > > > > > > > > > > > </xenc:CipherData> > > > > > </xenc:EncryptedData> > > > > > </soapenv:Body> > > > > > </soapenv:Envelope> > > > > > > > > > > *The jbossws-cxf.xml jaxws configuration:* > > > > > > > > > > <jaxws:properties> > > > > > <entry key="ws-security.callback-handler" > > > > > value="br.com.gid.ws.interfaces.callback.PasswordCallback"/> > > > > > <entry key="ws-security.encryption.properties" > > > > > value="resources/GidWsNDS_Server_Decrypt.properties"/> > > > > > <entry key="ws-security.signature.properties" > > > > > value="resources/GidWsNDS_Server_Decrypt.properties"/> > > > > > <entry key="ws-security.encryption.username" > > > > > value="useReqSigCert"/> > > > > > <entry key="ws-security.validate.token" > > value="false"/> > > > > > </jaxws:properties> > > > > > > > > > > > > > > > *Thanks in advance.* > > > > > > > > > > > > > > > > > > > > -- > > > > > View this message in context: > > > > > > > > > > > > > > > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526.html > > > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > > > > > > > > > > > > > > > > -- > > > > Colm O hEigeartaigh > > > > > > > > Talend Community Coder > > > > http://coders.talend.com > > > > > > > > > > > > ------------------------------ > > > > If you reply to this email, your message will be added to the > > discussion > > > > below: > > > > > > > > > > > > > > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740532.html > > > > To unsubscribe from Why is my X509Token policy not being satisfied? > > Is > > > > this a bug?, click here< > > > > > > > > > > . > > > > NAML< > > > > > > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > View this message in context: > > > > > > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740541.html > > > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > ------------------------------ > > If you reply to this email, your message will be added to the discussion > > below: > > > > > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740562.html > > To unsubscribe from Why is my X509Token policy not being satisfied? Is > > this a bug?, click here< > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5740526&code=cHZpdmFjcXVhQGdtYWlsLmNvbXw1NzQwNTI2fDExOTgzNDEyMTk= > > > > . > > NAML< > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740581.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
