It looks like a bug on the sending side, as the Timestamp is not being signed, hence the policy validation error. I can't reproduce this with the latest CXF 2.6.x code, so it must have been fixed since the version you are using.
Colm. On Thu, Feb 27, 2014 at 4:10 PM, pvivacqua <[email protected]> wrote: > *Well, when sending my request with a timestamp WSS element, I get the > following exception, even tough the <sp:IncludeTimestamp /> is declared on > my binding policy.* > > 11:04:56,513 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] > (http-localhost-127.0.0.1-8080-1) Interceptor for { > > http://gid.ws.nds.acesso/}GidWsNDSAcesso#{http://gid.ws.nds.acesso/}adicionarPerfilOiVendehas > thrown exception, unwinding now: org.apache.cxf.interceptor.Fault: > These policy alternatives can not be satisfied: > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding > : > Received Timestamp does not match the requirements > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp > : > Received Timestamp does not match the requirements > at > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47) > [cxf-rt-ws-policy.jar:2.6.4] > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > [cxf-api.jar:2.6.4] > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > [cxf-api.jar:2.6.4] > at > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:236) > [cxf-rt-transports-http.jar:2.6.4] > at > > org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:95) > [jbossws-cxf-server.jar:4.1.1.Final] > at > > org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156) > [jbossws-cxf-server.jar:4.1.1.Final] > at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) > [jbossws-cxf-server.jar:4.1.1.Final] > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) > [cxf-rt-transports-http.jar:2.6.4] > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) > [cxf-rt-transports-http.jar:2.6.4] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) > [jbossws-cxf-server.jar:4.1.1.Final] > at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) > [jbossws-spi.jar:2.1.1.Final] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) > [jbossweb-7.0.13.Final.jar:] > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) > [jbossweb-7.0.13.Final.jar:] > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) > [jbossweb-7.0.13.Final.jar:] > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) > [jbossweb-7.0.13.Final.jar:] > at > > org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) > [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final] > at > > org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) > [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) > [jbossweb-7.0.13.Final.jar:] > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > [jbossweb-7.0.13.Final.jar:] > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > [jbossweb-7.0.13.Final.jar:] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) > [jbossweb-7.0.13.Final.jar:] > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) > [jbossweb-7.0.13.Final.jar:] > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) > [jbossweb-7.0.13.Final.jar:] > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > [jbossweb-7.0.13.Final.jar:] > at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_21] > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy > alternatives can not be satisfied: > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding > : > Received Timestamp does not match the requirements > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken > { > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp > : > Received Timestamp does not match the requirements > at > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167) > [cxf-rt-ws-policy.jar:2.6.4] > at > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101) > [cxf-rt-ws-policy.jar:2.6.4] > at > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45) > [cxf-rt-ws-policy.jar:2.6.4] > ... 26 more > > *The policy:* > > <wsp:ExactlyOne> > <wsp:All> > <sp:AsymmetricBinding> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > "> > <wsp:Policy> > <sp:WssX509V3Token10 /> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > "> > <wsp:Policy> > <sp:WssX509V3Token10 /> > <sp:RequireIssuerSerialReference /> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:Layout> > <wsp:Policy> > <sp:Strict /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > <sp:EncryptBeforeSigning /> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic128Rsa15 /> > </wsp:Policy> > </sp:AlgorithmSuite> > </wsp:Policy> > </sp:AsymmetricBinding> > <sp:Wss10> > <wsp:Policy> > <sp:MustSupportRefIssuerSerial /> > </wsp:Policy> > </sp:Wss10> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > *The Request* > > <soapenv:Envelope xmlns:gid="http://gid.ws.nds.acesso/"; xmlns:soapenv=" > http://schemas.xmlsoap.org/soap/envelope/";> > <soapenv:Header> > <wsse:Security xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > <wsse:UsernameToken wsu:Id="UsernameToken-48"> > > <wsse:Username>AI1qTwNjGnsE99RHFhQ6QFbao7u/fw179mU5oTwGyP6LOOMcffLGZHnlUWD62o3onuGNGbFltkAA > > LYVQmowJ2tfL2MdorywfON3uYdQksb0tROGj1q+dtfOEdOO0/nRB4KIPaI9iUQuLlTZTXZZLRCyL > tfuPdNkM8ZQ/IgX8v+k=</wsse:Username> > <wsse:Password Type=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">GileUp2HMHBkZ3PvHk9PZFbbmOXKrDoGL/vEUVhXgBuJ5Z9U236w0J55xU645eH4RsltG3T4XmNQ > > e1ypi0NUbVzk2De4elkAKBF3s9bQE1rmONLoUYXQRuYDjNBbzajR2okXS80oKi7w0QOLibTFfQeO > R04KmBo75ykchSqNwKM=</wsse:Password> > <wsse:Nonce EncodingType=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > ">t7AwSM3jy8syY3j3XWlruQ==</wsse:Nonce> > <wsu:Created>2014-02-27T14:00:03.276Z</wsu:Created> > </wsse:UsernameToken> > <ds:Signature Id="SIG-47" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces PrefixList="gid soapenv" xmlns:ec=" > http://www.w3.org/2001/10/xml-exc-c14n#"/> > </ds:CanonicalizationMethod> > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1 > "/> > <ds:Reference URI="#id-46"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces PrefixList="gid" xmlns:ec=" > http://www.w3.org/2001/10/xml-exc-c14n#"/> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <ds:DigestValue>lh8qsHYRjkgUaMLeF5ZXMxxtPGk=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>nZjZLpwzgsMb6q5LFyl3jCVJOMk+sbbm7lJf/lXo32GWpYAekXJxBPMmVusf6d3tm6940zyJ+6Ek > > gW/rpemJ8ihG227sICVA+vU9e0JUOWkYr9Sw/b8auCISz1pJ2ZiL5eYtgvkb8cKhdsdw8CnuSZlp > > TMcxgpS5sOQHmML3C9DORxO56TkcQJDNp53L0Jn9NpvoWqdzTaXER7r20XRv58W7mu7VhmO12O+I > > Mt8lWpLdpz5HmY7U+2CN1BYBU+1B5T6acFn5KEs5Zf47SzskGJQ9lnLJNUKdd3Oo2y9lhzz9i3v8 > Z+LRWl1MQUU1rur+t1lAEqtg0FC4/E9oySq3CQ==</ds:SignatureValue> > <ds:KeyInfo Id="KI-21B631412B80F4436D139350960323343"> > <wsse:SecurityTokenReference > wsu:Id="STR-21B631412B80F4436D139350960323344"> > <ds:X509Data> > <ds:X509IssuerSerial> > <ds:X509IssuerName>CN=gid.ws,OU=OI,O=TNL PCS S/A,L=Rio de Janeiro,ST=Rio > de > Janeiro,C=BR</ds:X509IssuerName> > <ds:X509SerialNumber>186004993</ds:X509SerialNumber> > </ds:X509IssuerSerial> > </ds:X509Data> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > <xenc:EncryptedKey Id="EK-21B631412B80F4436D139350960322941" xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod Algorithm=" > http://www.w3.org/2001/04/xmlenc#rsa-1_5 > "/> > <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <wsse:SecurityTokenReference> > <ds:X509Data> > <ds:X509IssuerSerial> > <ds:X509IssuerName>CN=gid.ws,OU=OI,O=TNL PCS S/A,L=Rio de Janeiro,ST=Rio > de Janeiro,C=BR</ds:X509IssuerName> > <ds:X509SerialNumber>2048318029</ds:X509SerialNumber> > </ds:X509IssuerSerial> > </ds:X509Data> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > <xenc:CipherData> > > <xenc:CipherValue>f3dXKuGY9gJi6QNj8jRxPOGzkLxmnGKdEwSWL43BjnrkS5GZVJw2HqIwZZHZ27p+fiyneKpqkCL52TMET3G0s0PUCZ2xk2vBLqvS2M7Ppt1h22UCYKZh9UpPStc/7vrclQu0Zgx/h4u3+QMFKhgTOh8KC5S1SSS+2IOmNO2Tlm+rNVBWSN4mKRHEd+kLg4+qUIqsmQ8JF69GOeMtKCfRIZCHRN5EP/k2UGAUKN7pFnD/YAlXh8o83Lr//mpZhseYT39LCakUPnkk+HjuX6c/aHbQD0WRfdLR/qHMuEuVUWwAph/ZiH47TgT4rpmKkvxJuQWuBovnEg3OEXUqg7vtmQ==</xenc:CipherValue> > </xenc:CipherData> > <xenc:ReferenceList> > <xenc:DataReference URI="#ED-45"/> > </xenc:ReferenceList> > </xenc:EncryptedKey> > <wsu:Timestamp wsu:Id="TS-44"> > <wsu:Created>2014-02-27T14:00:03Z</wsu:Created> > <wsu:Expires>2014-02-27T15:23:23Z</wsu:Expires> > </wsu:Timestamp> > </wsse:Security> > </soapenv:Header> > <soapenv:Body wsu:Id="id-46" xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > <xenc:EncryptedData Id="ED-45" Type=" > http://www.w3.org/2001/04/xmlenc#Content"; xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod Algorithm=" > http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> > <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <wsse:SecurityTokenReference wsse11:TokenType=" > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > " > xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsse11=" > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";> > <wsse:Reference URI="#EK-21B631412B80F4436D139350960322941"/> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > <xenc:CipherData> > > <xenc:CipherValue>3brCGRdilhQMbeXPIQ5LWgtyuLNVZnq/KjbkXYh/49LAdsB8Gh+FmCywHi/R1M4FkW896M/GYkDaOVK/rp0frV403c9K5c+RmlgzOFNyZCIp1Hyyy98Lr6oNdJPrGTnwGxbbadhBUb6mEuCb/Ywj+XiRLApr4WtKAs3mv0WCIoArKfP9YDY7ONK5xbqYQY6Zse3UkoIvIdY6NXTC7lQDUAC7yiMbfbSM4yjJ/nmaJJW9Qp4guUaXYj1tjEs7yQ1HkbKwr6NEhQhK7GDe+xfFBuW5YT0VfoKv134ThGP2umKB1gfqrd9vaNmbEBqylJTvFzXxGdaXzvVrjjB1tsUSgEJIDdhlqt5iKTu7HPGnNhTHafYR/XfHVK3jV4GJRHWEDKt8Vb+wa7bHZJXDVhvjXSJenR7VCh+F4ZkroMP0j8RFoPSEIZAgv/eQAdeJIqH/Xjf35vEKJ/FbUad5ybf06F7N/I2irOtPorOoOQtNMTMwrM/FPGFkkFjxKWBFpgxxcWSvvE1xs6MD5Q6lW5w7oZChza8vQyMyytMcJUxkxQAbKiu/hRD7wG5x/R9KLaqsKcsX9SQtd4/ZX4KTUhDWcJKuEs0khLV8WJkv7BxSba53HwtPlQHwP9aC2zFu+1OX2sw8Z5OlHDm6jBBVBtRt+THcf+nRktRowZiLzds1YCwW6ZcUK+cXKnIfEAoICtKrc6oELporR4Kz/FcfJHoVPxXh6qvoPNTImrw1WUWmUFhQo5sH7yBB3PG0wNSDRsev2p/3sc7fJ+acyC3GqVMoSyu0ExiMuuwBmZS/CzZE6PY=</xenc:CipherValue> > </xenc:CipherData> > </xenc:EncryptedData> > </soapenv:Body> > </soapenv:Envelope> > > *Thanks again.* > > Paulo Vivacqua > > > On Thu, Feb 27, 2014 at 11:35 AM, coheigea [via CXF] < > [email protected]> wrote: > > > No. What is the problem you are seeing? > > > > Colm. > > > > > > On Thu, Feb 27, 2014 at 2:17 PM, pvivacqua <[hidden email]< > http://user/SendEmail.jtp?type=node&node=5740584&i=0>> > > wrote: > > > > > Thanks Colm, I altered the token inclusion value of the InitiatorToken > > to > > > "Never" and it worked fine. By the way, do you know of any bug related > > to > > > the 'timestamp' policy that generates a fault even when the element is > > > present? > > > > > > thanks, > > > > > > > > > Paulo Vivacqua > > > > > > > > > On Thu, Feb 27, 2014 at 7:11 AM, coheigea [via CXF] < > > > [hidden email] <http://user/SendEmail.jtp?type=node&node=5740584&i=1>> > > wrote: > > > > > > > You could try adding a "<sp:RequireThumbprintReference />" to the > > > > InitiatorToken policy. If this doesn't work then you could change the > > > > token > > > > inclusion value of the InitiatorToken to "Never" (instead of > > > > "AlwaysToRecipient"). That would require the service to have the > > public > > > > key > > > > of the client stored locally. > > > > > > > > Colm. > > > > > > > > > > > > On Wed, Feb 26, 2014 at 5:51 PM, pvivacqua <[hidden email]< > > > http://user/SendEmail.jtp?type=node&node=5740562&i=0>> > > > > wrote: > > > > > > > > > Colm, thanks for the response. > > > > > > > > > > Is there any way around ? We are stuck with > jbossws-cxf-4.1.1.Final, > > > due > > > > to > > > > > Jboss 7.1.1. > > > > > > > > > > thanks > > > > > > > > > > Paulo Vivacqua > > > > > > > > > > > > > > > On Wed, Feb 26, 2014 at 1:02 PM, coheigea [via CXF] < > > > > > [hidden email] < > http://user/SendEmail.jtp?type=node&node=5740562&i=1>> > > > > > > wrote: > > > > > > > > > > > It's a bug that has only recently been fixed: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commit;h=eb9ea1e1c049299221f080184a346d0ae5f8aef7 > > > > > > > > > > > > You will have to upgrade to one of the latest (CXF) releases to > > pick > > > > it > > > > > > up. > > > > > > > > > > > > Colm. > > > > > > > > > > > > > > > > > > On Wed, Feb 26, 2014 at 2:53 PM, pvivacqua <[hidden email]< > > > > > http://user/SendEmail.jtp?type=node&node=5740532&i=0>> > > > > > > wrote: > > > > > > > > > > > > > *Hi, > > > > > > > > > > > > > > I am currently trying to implement WS-SecurityPolicy on a web > > > > service > > > > > > that > > > > > > > uses WS-Security (Jboss 7.1.1 + jbossws-cxf-4.1.1.Final). I am > > > > trying > > > > > to > > > > > > > make CXF enforce tree policies: UsernameToken with Mutual > > X.509v3 > > > > > > > Authentication, Sign and Encrypt as follows:* > > > > > > > > > > > > > > <wsp:Policy > > > > > > > xmlns:wsu=" > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > > > > > " > > > > > > > xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"; > > > > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"; > > > > > > > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; > > > > > > > xmlns:tcp=" > > > > > > http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service"; > > > > > > > xmlns:sp=" > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > > > > > > > > > > > xmlns:sc="http://schemas.sun.com/2006/03/wss/server"; > > > > > > > xmlns:fi=" > > > > > > > > > http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service > > > " > > > > > > > wsu:Id="GidWsNDSOiVendeBindingPolicy"> > > > > > > > <wsp:ExactlyOne> > > > > > > > <wsp:All> > > > > > > > <sp:AsymmetricBinding> > > > > > > > <wsp:Policy> > > > > > > > <sp:InitiatorToken> > > > > > > > <wsp:Policy> > > > > > > > > > > > <sp:X509Token > > > > > > > sp:IncludeToken=" > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > > > > > > > "> > > > > > > > > > > > > > > <wsp:Policy> > > > > > > > > > > > > > > <sp:WssX509V3Token11/> > > > > > > > > > > > > > > </wsp:Policy> > > > > > > > > > > > </sp:X509Token> > > > > > > > </wsp:Policy> > > > > > > > </sp:InitiatorToken> > > > > > > > <sp:RecipientToken> > > > > > > > <wsp:Policy> > > > > > > > > > > > <sp:X509Token > > > > > > > sp:IncludeToken=" > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > > > > > > > "> > > > > > > > > > > > > > > <wsp:Policy> > > > > > > > > > > > > > > <sp:WssX509V3Token10/> > > > > > > > > > > > > > > <sp:RequireIssuerSerialReference/> > > > > > > > > > > > > > > </wsp:Policy> > > > > > > > > > > > </sp:X509Token> > > > > > > > </wsp:Policy> > > > > > > > </sp:RecipientToken> > > > > > > > <sp:Layout> > > > > > > > <wsp:Policy> > > > > > > > > > > <sp:Strict/> > > > > > > > </wsp:Policy> > > > > > > > </sp:Layout> > > > > > > > > > <sp:EncryptBeforeSigning/> > > > > > > > <sp:AlgorithmSuite> > > > > > > > <wsp:Policy> > > > > > > > > > > > > > <sp:Basic128Rsa15/> > > > > > > > </wsp:Policy> > > > > > > > </sp:AlgorithmSuite> > > > > > > > </wsp:Policy> > > > > > > > </sp:AsymmetricBinding> > > > > > > > <sp:Wss10> > > > > > > > <wsp:Policy> > > > > > > > > > > > > <sp:MustSupportRefIssuerSerial/> > > > > > > > </wsp:Policy> > > > > > > > </sp:Wss10> > > > > > > > </wsp:All> > > > > > > > </wsp:ExactlyOne> > > > > > > > </wsp:Policy> > > > > > > > > > > > > > > > > > > > > > *All the policies work fine, except for the X509Token Assertion > > > that > > > > > > > generates the following exception.* > > > > > > > > > > > > > > 10:59:56,636 WARNING > > [org.apache.cxf.phase.PhaseInterceptorChain] > > > > > > > (http-localhost-127.0.0.1-8080-1) Interceptor for > > > > > > > { > > > > > > > > > > > > > > > > http://gid.ws.nds.oiVende/}GidWsNDSOiVende#{http://gid.ws.nds.OiVende/}teste > > > > > > > > > > > > > > > > > > > has thrown exception, unwinding now: > > > > org.apache.cxf.interceptor.Fault: > > > > > > > These > > > > > > > policy alternatives can not be satisfied: > > > > > > > { > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: > > > > > > > > > > The > > > > > > > received token does not match the token inclusion requirement > > > > > > > { > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token > > > > > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47) > > > > > > > > > > > > > > > > > > > [cxf-rt-ws-policy.jar:2.6.4] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > > > > > > > > > > > > > > > > > > > [cxf-api.jar:2.6.4] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > > > > > > > > > > > > > > > > > > > [cxf-api.jar:2.6.4] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:236) > > > > > > > > > > > > > > > > > > > [cxf-rt-transports-http.jar:2.6.4] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:95) > > > > > > > > > > > > > > > > > > > [jbossws-cxf-server.jar:4.1.1.Final] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156) > > > > > > > > > > > > > > > > > > > [jbossws-cxf-server.jar:4.1.1.Final] > > > > > > > at > > > > > > > > > org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) > > > > > > > [jbossws-cxf-server.jar:4.1.1.Final] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) > > > > > > > > > > > > > > > > > > > [cxf-rt-transports-http.jar:2.6.4] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) > > > > > > > > > > > > > > > > > > > [cxf-rt-transports-http.jar:2.6.4] > > > > > > > at > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > > > at > > > > > > > > > > > org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) > > > > > > > [jbossws-cxf-server.jar:4.1.1.Final] > > > > > > > at > > > > > > > > > > org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) > > > > > > > [jbossws-spi.jar:2.1.1.Final] > > > > > > > at > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > > > > > > > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) > > > > > > > > > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) > > > > > > > > > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) > > > > > > > > > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) > > > > > > > > > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) > > > > > > > > > > > > > > > > > > > [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) > > > > > > > > > > > > > > > > > > > [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) > > > > > > > > > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > > > > > > > > > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > > > > > > > > > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) > > > > > > > > > > > > > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at > > > > > > > > > > > > > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > > > > > > > [jbossweb-7.0.13.Final.jar:] > > > > > > > at java.lang.Thread.run(Thread.java:722) > > [rt.jar:1.7.0_21] > > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These > > policy > > > > > > > alternatives can not be satisfied: > > > > > > > { > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: > > > > > > > > > > The > > > > > > > received token does not match the token inclusion requirement > > > > > > > { > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token > > > > > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167) > > > > > > > > > > > > > > > > > > > [cxf-rt-ws-policy.jar:2.6.4] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101) > > > > > > > > > > > > > > > > > > > [cxf-rt-ws-policy.jar:2.6.4] > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45) > > > > > > > > > > > > > > > > > > > [cxf-rt-ws-policy.jar:2.6.4] > > > > > > > ... 26 more > > > > > > > > > > > > > > *The request that generated the exception:* > > > > > > > > > > > > > > <soapenv:Envelope xmlns:gid="http://gid.ws.nds.OiVende/"; > > > > > > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> > > > > > > > <soapenv:Header> > > > > > > > <wsse:Security > > > > > > > xmlns:wsse=" > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > > > > > " > > > > > > > xmlns:wsu=" > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > > > > > "> > > > > > > > <wsse:UsernameToken > > > > wsu:Id="UsernameToken-16"> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > <wsse:Username>AI1qTwNjGnsE99RHFhQ6QFbao7u/fw179mU5oTwGyP6LOOMcffLGZHnlUWD62o3onuGNGbFltkAA > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > LYVQmowJ2tfL2MdorywfON3uYdQksb0tROGj1q+dtfOEdOO0/nRB4KIPaI9iUQuLlTZTXZZLRCyL > > > > > > > > > > > > > > > > > > > tfuPdNkM8ZQ/IgX8v+k=</wsse:Username> > > > > > > > <wsse:Password > > > > > > > Type=" > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > > > > > > > > > > > > > > > > > > > > > > > > > > > > ">GileUp2HMHBkZ3PvHk9PZFbbmOXKrDoGL/vEUVhXgBuJ5Z9U236w0J55xU645eH4RsltG3T4XmNQ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > e1ypi0NUbVzk2De4elkAKBF3s9bQE1rmONLoUYXQRuYDjNBbzajR2okXS80oKi7w0QOLibTFfQeO > > > > > > > > > > > > > > > > > > > R04KmBo75ykchSqNwKM=</wsse:Password> > > > > > > > <wsse:Nonce > > > > > > > EncodingType=" > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > > > > > > > ">ngNCqeakderQcMpmxf4DvA==</wsse:Nonce> > > > > > > > > > > > > > > <wsu:Created>2014-02-26T13:59:52.827Z</wsu:Created> > > > > > > > </wsse:UsernameToken> > > > > > > > <ds:Signature Id="SIG-15" xmlns:ds=" > > > > > > > http://www.w3.org/2000/09/xmldsig#";> > > > > > > > <ds:SignedInfo> > > > > > > > > > <ds:CanonicalizationMethod > > > > > > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > > > > > > > > > <ec:InclusiveNamespaces > > > > > > > PrefixList="gid soapenv" > > > > > > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> > > > > > > > > > > </ds:CanonicalizationMethod> > > > > > > > <ds:SignatureMethod > > > > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > > > > > > > <ds:Reference > > URI="#id-14"> > > > > > > > <ds:Transforms> > > > > > > > > > > > <ds:Transform > > > > > > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > > > > > > > > > > > > <ec:InclusiveNamespaces PrefixList="gid" > > > > > > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> > > > > > > > > > > > </ds:Transform> > > > > > > > > </ds:Transforms> > > > > > > > > <ds:DigestMethod > > > > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > > > > > > > > > > > > > > <ds:DigestValue>OQqnS4HijCjWqZud07QwEnBv1ho=</ds:DigestValue> > > > > > > > </ds:Reference> > > > > > > > </ds:SignedInfo> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > <ds:SignatureValue>QW99DAhwIr/xgHnToRtPBVi87LtlUov6k/6kxGpGzqNpK4N5aI2FclAYX9AsU6Rt1mD4rvW7acvW > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > VttWeQ73bLRtaBm9i2Kcb4/qKISWCpkbomRZO9t3G107hy57WP7SsO1m+uILMD3HqPnYX9clV4Ch > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > kPHxpywKNdtJHd3TMBUgPHPWtHIcArm5buDfq4ptLTexq+YDcDpCbVB328S+oQpi8wZNSP9JX556 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > zHjNpDekI+S2dIDxSi/7a7PjNDO8d4ajg7yInznVx3AZm8AU6WHevdcFvIj8hFcKf+7eWNzS/Uos > > > > > > > > > > > > > > > > > > > FBr6+xuHX1C6dr/5FVgsCL2Ubr/vwPg8LdneJQ==</ds:SignatureValue> > > > > > > > <ds:KeyInfo > > > > > > > Id="KI-6F2BD13BBF5C75E94C139342319278815"> > > > > > > > > > > <wsse:SecurityTokenReference > > > > > > > wsu:Id="STR-6F2BD13BBF5C75E94C139342319278816"> > > > > > > > <ds:X509Data> > > > > > > > > > > > > > > <ds:X509IssuerSerial> > > > > > > > > > > > > > > <ds:X509IssuerName>CN=gid.ws,OU=OI,O=TNL PCS S/A,L=Rio de > > > > > > > Janeiro,ST=Rio de Janeiro,C=BR</ds:X509IssuerName> > > > > > > > > > > > > > > <ds:X509SerialNumber>186004993</ds:X509SerialNumber> > > > > > > > > > > > > > > </ds:X509IssuerSerial> > > > > > > > </ds:X509Data> > > > > > > > > > > > </wsse:SecurityTokenReference> > > > > > > > </ds:KeyInfo> > > > > > > > </ds:Signature> > > > > > > > <xenc:EncryptedKey > > > > > > > Id="EK-6F2BD13BBF5C75E94C139342319278513" > > > > > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > > > > > > > <xenc:EncryptionMethod > > > > > > > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> > > > > > > > <ds:KeyInfo xmlns:ds=" > > > > > > > http://www.w3.org/2000/09/xmldsig#";> > > > > > > > > > > > <wsse:SecurityTokenReference> > > > > > > > <ds:X509Data> > > > > > > > > > > > > > > <ds:X509IssuerSerial> > > > > > > > > > > > > > > <ds:X509IssuerName>CN=gid.ws,OU=OI,O=TNL PCS S/A,L=Rio de > > > > > > > Janeiro,ST=Rio de Janeiro,C=BR</ds:X509IssuerName> > > > > > > > > > > > > > > <ds:X509SerialNumber>2048318029</ds:X509SerialNumber> > > > > > > > > > > > > > > </ds:X509IssuerSerial> > > > > > > > </ds:X509Data> > > > > > > > > > > > </wsse:SecurityTokenReference> > > > > > > > </ds:KeyInfo> > > > > > > > <xenc:CipherData> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > <xenc:CipherValue>dt7uxlbVMrE2NW7gKB22hl8SaxAY0003BaIJFrs1wCfHhCtg0AhZxGL6Qw0r1lUXPYLMuMjjKddoUbZzsyH8oZYy8umVOokfZyAsukBT4+58MjHrtfhP95f57PB/5P9KDwAYuU/34UhFJfe2PMAAaTn2Wnuk1a0PqvPIHKm7oHWb6qekaKWssGWGvPhFAFg1ea5ao3S9e9OsyXzPxjlHE/bT/aA3dKO4usnkxb+HRweYZQ2E9OK25J5kdBg+fs6195zQI2hCr5X/+cNCm6VvE7RvfPkU0VrwFXSBp0opzg8dpb1ZH17WtV09nyjIsGlMypNvDYIWJYwvKZ2B4ISQkw==</xenc:CipherValue> > > > > > > > > > > > > > > > > > > > </xenc:CipherData> > > > > > > > <xenc:ReferenceList> > > > > > > > <xenc:DataReference > > > > > > URI="#ED-13"/> > > > > > > > </xenc:ReferenceList> > > > > > > > </xenc:EncryptedKey> > > > > > > > </wsse:Security> > > > > > > > </soapenv:Header> > > > > > > > <soapenv:Body wsu:Id="id-14" > > > > > > > xmlns:wsu=" > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > > > > > "> > > > > > > > <xenc:EncryptedData Id="ED-13" > > > > > > > Type="http://www.w3.org/2001/04/xmlenc#Content"; > > > > > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > > > > > > > <xenc:EncryptionMethod > > > > > > > Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> > > > > > > > <ds:KeyInfo xmlns:ds=" > > > > > > > http://www.w3.org/2000/09/xmldsig#";> > > > > > > > <wsse:SecurityTokenReference > > > > > > > wsse11:TokenType=" > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey > > > > > > > " > > > > > > > xmlns:wsse=" > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > > > > > " > > > > > > > xmlns:wsse11=" > > > > > > > > > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd > > > "> > > > > > > > > > > > <wsse:Reference > > > > > > > URI="#EK-6F2BD13BBF5C75E94C139342319278513"/> > > > > > > > </wsse:SecurityTokenReference> > > > > > > > </ds:KeyInfo> > > > > > > > <xenc:CipherData> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > <xenc:CipherValue>p10d5TaRMy1vspa7TjBYZXrd2ZnTIPa6e5+OWHHKO2FZDt/Gst1skyPw/WdA2qzLXtqYm9EXvlwpkcgOp6NrDKsxVgm3uymRsTtvQZ8xeb3OgaZAuW9Cu5ADCStu5N3ykOb/BLfkSFbtnOZSqNrfYEyrFgLBNOFbiY3pTPRP7jqqWaHZjlKJoPtsizt2VB2rbZxiIubbfEgAz1HITyTWa0umhMD0pFK3HewWfIyMNvPSLTHUHPH433u9pPkAROP1b+V1sYbVJpm2ED3L0lujiUujB1S/vV89hAMAHjAVq8qzLZCwOfI64IaNwxzkbZdNmf+UybPtv0+YCy9nKlUalk8lZltHMEi96xTfTHDJMTHhUFE11fS3pqcX3j3tgPJHPPkYz95ZO7Sdn/wQeJXjFL2BHs0tuHPQwY/We5IgSLWqZpCgMHaFOXj1t6XMxGy/n0Y7Y06svaXGevGejJzBixX+8Ab9lLFMqx3WdToeF3onzNCn+gYD8P7UVtV3medF7GWe0Bb/JJSq7bsO6xzDpDl0lntm3gWO3S/ChxidRtRj+rN6ZQ7rBBUXKaEO0Ce9pDnsSxeVMYxJGNwyCeL3d4NOTqG/YtmecN58sOnpsC2WXCz26YqKiWQLKkH0bBSXVGMzi6Fsk7TgSw9VcobiFTffa+tcvSEWeFE/k+YrlL+EhCgw/ez31kbTglsXn4R5UTB4exBNjX7iW/f7iQzgentAIRTOLor6AezHD1GBGB5KVJuIL/gbrsguOlLQ0nqDM31AUj6t1pz4ygCTczNk16yZ4DMEX6dcXQzexprtRbQbqxnWVtcdx4on8isUUQWJ5dKzuRfx5CJ+nYnHRPKhKv4R3oqIvm3bAIMm6kd2tFY8wniN+tkao7XXkuwxdZbD8ZLMyjFNx97c41DPdXq/B9nwkaCKRBUW05waZ3u8bFAIciC35soYzijbeCEY+31pEUkNE1HbGYyrCWrh1PRRb7YaBAHJojq3hHqjkdEbFYgHdEj3xmyHinbted0LWYeF2+0mLt3Lu3rGK9hxY0nE/SW72zl5+qKq0qdzZChivXWehlxMan+IweY1t91DL7q+dImrAoWS03AWsZasXIWmfRJDYBn8+rMJOEQndjd6nlzuZHFFek3Rc4Jx/UYMFzMD3l0qxPoYfMkBxtg7/VKyDA==</xenc:CipherValue> > > > > > > > > > > > > > > > > > > > </xenc:CipherData> > > > > > > > </xenc:EncryptedData> > > > > > > > </soapenv:Body> > > > > > > > </soapenv:Envelope> > > > > > > > > > > > > > > *The jbossws-cxf.xml jaxws configuration:* > > > > > > > > > > > > > > <jaxws:properties> > > > > > > > <entry key="ws-security.callback-handler" > > > > > > > value="br.com.gid.ws.interfaces.callback.PasswordCallback"/> > > > > > > > <entry key="ws-security.encryption.properties" > > > > > > > value="resources/GidWsNDS_Server_Decrypt.properties"/> > > > > > > > <entry key="ws-security.signature.properties" > > > > > > > value="resources/GidWsNDS_Server_Decrypt.properties"/> > > > > > > > <entry key="ws-security.encryption.username" > > > > > > > value="useReqSigCert"/> > > > > > > > <entry key="ws-security.validate.token" > > > > value="false"/> > > > > > > > </jaxws:properties> > > > > > > > > > > > > > > > > > > > > > *Thanks in advance.* > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > View this message in context: > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526.html > > > > > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Colm O hEigeartaigh > > > > > > > > > > > > Talend Community Coder > > > > > > http://coders.talend.com > > > > > > > > > > > > > > > > > > ------------------------------ > > > > > > If you reply to this email, your message will be added to the > > > > discussion > > > > > > below: > > > > > > > > > > > > > > > > > > > > > > > > > > > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740532.html > > > > > > To unsubscribe from Why is my X509Token policy not being > > satisfied? > > > > Is > > > > > > this a bug?, click here< > > > > > > > > > > > > > > > > . > > > > > > NAML< > > > > > > > > > > > > > > > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > View this message in context: > > > > > > > > > > > > > > > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740541.html > > > > > > > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > > > > > > > > > > > > > > > > -- > > > > Colm O hEigeartaigh > > > > > > > > Talend Community Coder > > > > http://coders.talend.com > > > > > > > > > > > > ------------------------------ > > > > If you reply to this email, your message will be added to the > > discussion > > > > below: > > > > > > > > > > > > > > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740562.html > > > > To unsubscribe from Why is my X509Token policy not being satisfied? > > Is > > > > this a bug?, click here< > > > > > > > > > > . > > > > NAML< > > > > > > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > > > > > > > > > > > > > > > > > > > > -- > > > View this message in context: > > > > > > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740581.html > > > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > ------------------------------ > > If you reply to this email, your message will be added to the discussion > > below: > > > > > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740584.html > > To unsubscribe from Why is my X509Token policy not being satisfied? Is > > this a bug?, click here< > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5740526&code=cHZpdmFjcXVhQGdtYWlsLmNvbXw1NzQwNTI2fDExOTgzNDEyMTk= > > > > . > > NAML< > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Why-is-my-X509Token-policy-not-being-satisfied-Is-this-a-bug-tp5740526p5740599.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
