Hi, Yes feel free to update the wiki to indicate that we do not support the 1.0 specification. I think using WSS4JOutInterceptor instead is a good approach. You will then likely have to create an interceptor to mark the 1.0 policies as read.
The best place to start is with a sample client request that works + then work backwards in terms of figuring out how to configure WSS4J to generate the same request. Colm. On Fri, Apr 11, 2014 at 7:27 PM, Andrew Janke <[email protected]>wrote: > Hi, CXF folks, > > I think I need to get a web service client working with a service whose > WSDL uses WS-SecurityPolicy 1.0 definitions. What's a good way to do this > with the current CXF release? > > I'd also like to update the CXF WS-SecurityPolicy doco page (at > http://cxf.apache.org/docs/ws-securitypolicy.html) to indicate which WSSP > versions are supported. Having that info up front would have saved me some > time and frustration. Any objections? > > > Here's the background. > > This is the service's WSDL: https://misapi.ercot.com/2007- > 08/Nodal/eEDS/EWS/?WSDL > > It has policy bits like this. > > <wsp:Policy > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";><sp:SecurityHeader > MustManifestEncryption="true" MustPrepend="true" xmlns:sp="http://schemas. > xmlsoap.org/ws/2002/12/secext"/></wsp:Policy> > <wsp:Policy wsu:Id="SecurityTokens" xmlns:wsp="http://schemas. > xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis- > open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "><wsp:ExactlyOne><wsp:All><sp:SecurityToken xmlns:_ns1="http://www. > actional.com" xmlns:sp="http://schemas.xmlsoap.org/ws/2002/12/secext"; > ><sp:TokenType>_ns1:SSLClientCertificate</sp: > TokenType></sp:SecurityToken></wsp:All><wsp:All><sp:SecurityToken > xmlns:sp="http://schemas.xmlsoap.org/ws/2002/12/secext"; > ><sp:TokenType>sp:X509v3</sp:TokenType></sp:SecurityToken>< > /wsp:All><wsp:All><sp:SecurityToken xmlns:_ns1="http://www.actional.com"; > xmlns:sp="http://schemas.xmlsoap.org/ws/2002/12/secext"; > ><sp:TokenType>_ns1:SSLClientCertificate</sp: > TokenType></sp:SecurityToken><sp:SecurityToken xmlns:sp="http://schemas. > xmlsoap.org/ws/2002/12/secext"><sp:TokenType>sp:X509v3</sp: > TokenType></sp:SecurityToken></wsp:All></wsp:ExactlyOne></wsp:Policy> > <wsp:Policy wsu:Id="SignedBody" xmlns:wsp="http://schemas. > xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis- > open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><sp:Integrity > xmlns:sp="http://schemas.xmlsoap.org/ws/2002/12/secext";><sp:TokenInfo><sp: > SecurityToken><sp:TokenType>sp:X509v3</sp:TokenType></sp: > SecurityToken></sp:TokenInfo><sp:MessageParts>wsp:GetBody(.) > </sp:MessageParts></sp:Integrity></wsp:Policy> > ... > <wsp:Policy wsu:Id="MarketInfo_input_policy" xmlns:wsp=" > http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-utility-1.0.xsd"><wsp:PolicyReference > URI="#SecurityTokens"/><wsp:PolicyReference URI="#SignedBody"/></wsp: > Policy> > > > And when I try to run a simple CXF client built with wsdl2java using JAXB > bindings, I get this error. > > > Apr 11, 2014 1:23:13 PM > org.apache.cxf.service.factory.ReflectionServiceFactoryBean > buildServiceFromWSDL > INFO: Creating Service {http://www.ercot.com/wsdl/ > 2007-06/nodal/ewsConcrete}NodalService from WSDL: > file:/C:/Users/janke/Dropbox/freelancing/EON/ERCOT-awards/ > project/ercot-mis-client-cxf/ErcotMisClient/build/classes/ > egcna/ercotmis/wsdisc/resources/WSDL/eEDS_EWS-PROD-20140320-edited.wsdl > Apr 11, 2014 1:23:14 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl > handleNoRegisteredBuilder > WARNING: No assertion builder for type {http://schemas.xmlsoap.org/ > ws/2002/12/secext}SecurityToken registered. > Apr 11, 2014 1:23:14 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl > handleNoRegisteredBuilder > WARNING: No assertion builder for type {http://schemas.xmlsoap.org/ > ws/2002/12/secext}Integrity registered. > Apr 11, 2014 1:23:14 PM org.apache.cxf.phase.PhaseInterceptorChain > doDefaultLogging > WARNING: Interceptor for {http://www.ercot.com/wsdl/ > 2007-06/nodal/ewsConcrete}NodalService#{http://www. > ercot.com/wsdl/2007-06/nodal/ewsConcrete}MarketInfo has thrown exception, > unwinding now > org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives > can be satisfied. > at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative( > EffectivePolicyImpl.java:192) > at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative( > EffectivePolicyImpl.java:185) > at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise( > EffectivePolicyImpl.java:92) > at org.apache.cxf.ws.policy.PolicyEngineImpl. > getEffectiveClientRequestPolicy(PolicyEngineImpl.java:200) > at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle( > PolicyOutInterceptor.java:98) > at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage( > AbstractPolicyInterceptor.java:44) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > PhaseInterceptorChain.java:272) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke( > JaxWsClientProxy.java:135) > at com.sun.proxy.$Proxy32.marketInfo(Unknown Source) > at egcna.ercotmis.wsdisc.MarketInfoTestClient.pingServiceStatus( > MarketInfoTestClient.java:76) > at egcna.ercotmis.wsdisc.MarketInfoTestClient.main( > MarketInfoTestClient.java:49) > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of > the policy alternatives can be satisfied. > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke( > JaxWsClientProxy.java:157) > at com.sun.proxy.$Proxy32.marketInfo(Unknown Source) > at egcna.ercotmis.wsdisc.MarketInfoTestClient.pingServiceStatus( > MarketInfoTestClient.java:76) > at egcna.ercotmis.wsdisc.MarketInfoTestClient.main( > MarketInfoTestClient.java:49) > Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy > alternatives can be satisfied. > at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative( > EffectivePolicyImpl.java:192) > at org.apache.cxf.ws.policy.EffectivePolicyImpl.chooseAlternative( > EffectivePolicyImpl.java:185) > at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise( > EffectivePolicyImpl.java:92) > at org.apache.cxf.ws.policy.PolicyEngineImpl. > getEffectiveClientRequestPolicy(PolicyEngineImpl.java:200) > at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle( > PolicyOutInterceptor.java:98) > at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage( > AbstractPolicyInterceptor.java:44) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > PhaseInterceptorChain.java:272) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke( > JaxWsClientProxy.java:135) > ... 3 more > Java Result: 1 > > > My diagnosis of that is that http://schemas.xmlsoap.org/ws/2002/12/secextis > the namespace for WS-SecurityPolicy 1.0, and those identifiers are > lacking "registered handlers" because CXF doesn't support WSSP v 1.0, based > on some earlier mailing list traffic. (Correct me if I'm wrong.) > > I read through the Jan '13 thread where Bob Ross was trying to do this > with a similar web service. (http://cxf.547215.n5.nabble. > com/Best-CXF-client-approach-for-remote-WSDL-using-wsp- > Policy-td5721874.html) Is this still good advice? Basically, write a > custom WSS4JOutInterceptor? > > Anybody know enough about WS-SecurityPolicy to know if I could just > rewrite the WSDL to use WS-SecurityPolicy 1.1 terms and get the behavior > the server is expecting, rather than writing custom Java code? > > Thanks for taking the time to read this. > > Cheers, > Andrew > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
