Cool. Btw, in 3.0.1 I activated URIDomainExpressionBuilder by default, so it should work out of the box.
Regards, Andrei. > -----Original Message----- > From: Lambert, Michael [mailto:[email protected]] > Sent: Samstag, 5. Juli 2014 04:31 > To: [email protected] > Subject: Re: policy attachment > > Everything works Andrei including the new URI syntax; I really appreciate the > help! cxf 2.7.12 isnt available in maven central yet so i had to copy over > the two > classes you mentioned but it works perfectly! > > Thanks! > > -Mike > > > On Fri, Jul 4, 2014 at 10:30 AM, Andrei Shakirin <[email protected]> > wrote: > > > Hi, > > > > > -----Original Message----- > > > From: Lambert, Michael [mailto:[email protected]] > > > Sent: Donnerstag, 3. Juli 2014 17:00 > > > To: [email protected] > > > Subject: Re: policy attachment > > > > > > I figured it out but the documentation wasnt a lot of help. It > > > appears > > that the > > > EndpointReferenceDomainExpression is being compared to the address > > > configured in the jaxrs-endpoint and not what is in the wsdl. This > > > makes PERFECT sense but as all the example configuration contained > > > the > > complete url > > > (including protocol and port: e.g. > > > > Correct, the service will be published under address configured into > > jaxws:endpoint and this address will be used for domain expression matching. > > Perhaps it makes sense to explicitly write it into policy documentation. > > Do you have wsp:URI running as well (using URIDomainExpressionBuilder)? > > > > Regards, > > Andrei. > > > > > http://localhost:8080/user-servic/userService) i wrongly presumed > > > that > > it was > > > either reading the address from the actual request and comparing it > > > to > > the > > > expression or reading it from the configured wsdl address. > > > > > > So when a configuration looks like this: > > > > > > <jaxws:endpoint id="userService" > > > implementor="com.healthmedia.ws.wsdl.user.v1.UserServiceImpl" > > > address="/userService"> > > > <jaxws:properties> > > > <entry key="ws-security.ut.validator" value-ref="validator" /> > > > </jaxws:properties> </jaxws:endpoint> > > > > > > The policy expression should reflect the address above like so: > > > > > > <?xml version="1.0" encoding="UTF-8" ?> <attachments > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"; > > > xmlns:wsa="http://www.w3.org/2005/08/addressing"; > > > xmlns:i18np="http://www.w3.org/2008/04/ws-i18np"; > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > > <wsp:PolicyAttachment> > > > <wsp:AppliesTo> > > > <wsa:EndpointReference> > > > <wsa:Address>/userService</wsa:Address> > > > </wsa:EndpointReference> > > > </wsp:AppliesTo> > > > <wsp:Policy> > > > <wsp:ExactlyOne> > > > <wsp:All> > > > <wsp:Policy> > > > <i18np:i18n Optional="false" /> > > > </wsp:Policy> > > > </wsp:All> > > > </wsp:ExactlyOne> > > > </wsp:Policy> > > > </wsp:PolicyAttachment> > > > </attachments> > > > > > > Thanks for the help. This was tremendously frustrating to figure out. > > Thank god > > > for debuggers! > > > > > > -Mike > > > > > > > > > > > > On Thu, Jul 3, 2014 at 7:37 AM, Lambert, Michael > > > <[email protected] > > > > wrote: > > > > > > > Sorry Andrei, > > > > > > > > I didnt think you were going to respond so i moved forward with a > > > > solution using another technique. I would like to solve this issue > > > > however so i created a branch with the problem: > > > > > > > > > > > > https://github.com/MacFlecknoe/service-repository-sample/blob/poli > > > > cy-a > > > > ttachement-problem/schema/src/main/resources/policy/authentication > > > > -pol icy.xml > > > > https://github.com/MacFlecknoe/service-repository-sample/blob/ > > > > policy-attachement-problem > > > > /schema/src/main/resources/service/user-soap-v1.wsdl > > > > <https://github.com/MacFlecknoe/service-repository-sample/blob/mas > > > > ter/ schema/src/main/resources/service/user-soap-v1.wsdl> > > > > https://github.com/MacFlecknoe/service-repository-sample/blob/ > > > > <https://github.com/MacFlecknoe/service-repository-sample/blob/mas > > > > ter/ user/service/src/main/webapp/WEB-INF/beans.xml> > > > > policy-attachement-problem > > > > <https://github.com/MacFlecknoe/service-repository-sample/blob/mas > > > > ter/ schema/src/main/resources/service/user-soap-v1.wsdl> > > > > /user/service/src/main/webapp/WEB-INF/beans.xml > > > > > > > > Could you take another quick peek? Again, the problem is that the > > > > policy is being completely ignored. The address i have it > > > > configured for is both reflected in the wsdl and in reality when I > > > > start my > > server. > > > > > > > > Also, is there a way to configure the address in the policy so > > > > that is dynamic? I am not sure what the end address of the service > > > > is going to be once its deployed (e.g. its domain will likely change). > > > > > > > > Thanks, > > > > > > > > Mike > > > > > > > > > > > > On Thu, Jul 3, 2014 at 4:38 AM, Andrei Shakirin > > > > <[email protected]> > > > > wrote: > > > > > > > >> Hi, > > > >> > > > >> I am bit confused: don't see policy attachments in your > > > >> configuration, you attach policies direct to endpoint: > > > >> > > > >> <jaxws:features> > > > >> <bean class="org.apache.cxf.feature.LoggingFeature"/> > > > >> <p:policies> > > > >> <!-- we attach policies via spring as there are issues > > > >> leveraging external policy attachments when using > > > >> PolicyAttachement > > with > > > cxf 2.*--> > > > >> <wsp:PolicyReference > > > >> URI="classpath:policy/authentication-policy.xml" /> > > > >> <wsp:PolicyReference URI="classpath:policy/i18n-policy.xml" /> > > > >> </p:policies> > > > >> </jaxws:features> > > > >> > > > >> To use policy attachments you need something like: > > > >> > > > >> <cxf:bus> > > > >> <cxf:features> > > > >> <p:policies/> > > > >> </cxf:features> > > > >> </cxf:bus> > > > >> > > > >> <p:externalAttachment > > > >> location="${temp.location}/addr-external.xml"/> > > > >> > > > >> Where addr-external.xml is policy attachment: > > > >> > > > >> <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wsa=" > > > >> http://www.w3.org/2005/08/addressing";> > > > >> <wsp:PolicyAttachment> > > > >> <wsp:AppliesTo> > > > >> <wsa:EndpointReference> > > > >> <wsa:Address> > > > >> http://localhost:9020/SoapContext/GreeterPort</wsa:Address> > > > >> </wsa:EndpointReference> > > > >> </wsp:AppliesTo> > > > >> <wsp:Policy> > > > >> <wsp:ExactlyOne> > > > >> <wsp:All> > > > >> <wsam:Addressing xmlns:wsam=" > > > >> http://www.w3.org/2007/02/addressing/metadata";> > > > >> <wsp:Policy/> > > > >> </wsam:Addressing> > > > >> </wsp:All> > > > >> </wsp:ExactlyOne> > > > >> </wsp:Policy> > > > >> </wsp:PolicyAttachment> > > > >> </attachments> > > > >> > > > >> I propose that you look into working policy attachments CXF > > > >> system tests and find the difference with your code. > > > >> If that doesn't help, please create a small distilled sample with > > > >> simple policy (for example WS-Addressing) to illustrate your > > > >> problem, I will look into it. > > > >> > > > >> Regards, > > > >> Andrei. > > > >> > > > >> > -----Original Message----- > > > >> > From: Lambert, Michael [mailto:[email protected]] > > > >> > Sent: Mittwoch, 2. Juli 2014 15:25 > > > >> > To: [email protected] > > > >> > Subject: Re: policy attachment > > > >> > > > > >> > Thats part of the problem Andrei. I have followed the examples > > > >> > and its > > > >> just not > > > >> > working for me. Can you take a look at my policy file and wsdl > > > >> > and see > > > >> if > > > >> > anything obvious sticks out as wrong? > > > >> > > > > >> > https://github.com/MacFlecknoe/service-repository- > > > >> > sample/blob/master/schema/src/main/resources/policy/authenticat > > > >> > ion- > > > >> > policy.xml > > > >> > https://github.com/MacFlecknoe/service-repository- > > > >> > sample/blob/master/schema/src/main/resources/service/user-soap- > > > >> > v1.w > > > >> > sdl > > > >> > > > > >> > Here is how I have it configured: > > > >> > https://github.com/MacFlecknoe/service-repository- > > > >> > sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.x > > > >> > ml > > > >> > > > > >> > It only works when I embed the policy in the wsdl file itself. > > > >> > The > > > >> external > > > >> > attachment file loads but doesnt trigger the ws-security policy > > > >> > to > > fire. > > > >> > > > > >> > -Mike > > > >> > > > > >> > > > > >> > On Wed, Jul 2, 2014 at 8:27 AM, Andrei Shakirin > > > >> > <[email protected]> > > > >> > wrote: > > > >> > > > > >> > > Hi, > > > >> > > > > > >> > > > -----Original Message----- > > > >> > > > From: Lambert, Michael [mailto:[email protected]] > > > >> > > > Sent: Mittwoch, 2. Juli 2014 14:05 > > > >> > > > To: [email protected] > > > >> > > > Subject: RE: policy attachment > > > >> > > > > > > >> > > > Thanks Andrei! That helps a lot... I'll try your suggestion > > > >> > > > and let you > > > >> > > know how it > > > >> > > > goes. > > > >> > > > > > > >> > > > > > >> > > OK. > > > >> > > > > > >> > > > Any insight as to why I can't get end point references to work? > > > >> > > > Is there > > > >> > > a trick to > > > >> > > > configuring it? I followed the example on the samples but > > > >> > > > can't seem to > > > >> > > get it > > > >> > > > to work with my wsdl. Does the end point need to match what > > > >> > > > is in the > > > >> > > wsdl or > > > >> > > > what cxf generates the address to be when it starts? Any > > > >> > > > documentation surrounding this? > > > >> > > > > > >> > > This construction should work by default, if endpoint address > > > >> > > matches to your service: > > > >> > > > > > >> > > <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy"; > > xmlns:wsa=" > > > >> > > http://www.w3.org/2005/08/addressing";> > > > >> > > <wsp:PolicyAttachment> > > > >> > > <wsp:AppliesTo> > > > >> > > <wsa:EndpointReference> > > > >> > > > > > >> > > <wsa:Address>http://localhost:9020/SoapContext/GreeterPort > > > >> > > </wsa:Address> > > > >> > > </wsa:EndpointReference> > > > >> > > </wsp:AppliesTo> > > > >> > > <wsp:Policy> > > > >> > > <wsp:ExactlyOne> > > > >> > > <wsp:All> > > > >> > > <wsam:Addressing xmlns:wsam=" > > > >> > > http://www.w3.org/2007/02/addressing/metadata";> > > > >> > > <wsp:Policy/> > > > >> > > </wsam:Addressing> > > > >> > > </wsp:All> > > > >> > > </wsp:ExactlyOne> > > > >> > > </wsp:Policy> > > > >> > > </wsp:PolicyAttachment> > > > >> > > </attachments> > > > >> > > > > > >> > > For details, look into addr-external.xml and > > > >> > > AddressingPolicyTest.java in > > > >> > > systests/ws-specs: > > > >> > > > > > >> > > > > > >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systes > > > >> ts/w > > > >> s > > > >> > > -specs/src/test/java/org/apache/cxf/systest/ws/policy;h=5e632 > > > >> > > 3442 952eb 619300582a2ced25cf861f6118;hb=HEAD > > > >> > > > > > >> > > Regards, > > > >> > > Andrei. > > > >> > > > > > >> > > > > > >> > > > > > > >> > > > Thanks much! > > > >> > > > On Jul 2, 2014 3:19 AM, "Andrei Shakirin" > > > >> > > > <[email protected]> > > > >> wrote: > > > >> > > > > > > >> > > > > Hi, > > > >> > > > > > > > >> > > > > If you use CXF >= 3.0.0, 2.7.12, you should register > > > >> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExp > > > >> > > > > ress > > > >> > > > > ionBu > > > >> > > > > ilde > > > >> > > > > r as bus extension. > > > >> > > > > It supports all policy attachment URL syntaxes (except > > extension). > > > >> > > > > > > > >> > > > > By default CXF registers the > > > >> > > > > org.apache.cxf.ws.policy.attachment.external.EndpointRefe > > > >> > > > > renc eDoma inEx pressionBuilder supporting only > > > >> > > > > wsa:EndpointReference. > > > >> > > > > > > > >> > > > > See https://issues.apache.org/jira/browse/CXF-5685 for > > details. > > > >> > > > > > > > >> > > > > Either add following string into > > META-INF/cxf/bus-extensions.txt: > > > >> > > > > > > > >> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExp > > > >> > > > > ress ionBu ilde r::true or add bean in Spring/Blueprint > > > >> > > > > context with URIDomainExpressionBuilder type. > > > >> > > > > > > > >> > > > > System test registering URIDomainExpressionBuilder: > > > >> > > > > > > > >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systes > > > >> t > > > >> > > > > s/ws > > > >> > > > > -specs/src/test/java/org/apache/cxf/systest/ws/policy/Add > > > >> > > > > ress > > > >> > > > > ingPo > > > >> > > > > licy > > > >> > > > > > > > >> > > > > > > >> > > > > ExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0 > > > >> > c > > > >> > > > 00 > > > >> > > > > 42b649;hb=HEAD > > > >> > > > > . > > > >> > > > > > > > >> > > > > If you use CXF version < 3.0.0, 2.7.12, just copy the > > > >> > > > > classes URIDomainExpressionBuilder.java, > > > >> > > > > URIDomainExpression.java and register > URIDomainExpressionBuilder as bus extension. > > > >> > > > > > > > >> > > > > Let me know if it works as expected. > > > >> > > > > > > > >> > > > > Regards, > > > >> > > > > Andrei. > > > >> > > > > > > > >> > > > > > -----Original Message----- > > > >> > > > > > From: Lambert, Michael > > > >> > > > > > [mailto:[email protected]] > > > >> > > > > > Sent: Mittwoch, 2. Juli 2014 08:13 > > > >> > > > > > To: [email protected] > > > >> > > > > > Subject: policy attachment > > > >> > > > > > > > > >> > > > > > I feel awful for asking so many questions but googling > > > >> > > > > > hasnt been > > > >> > > > > helpful. > > > >> > > > > > > > > >> > > > > > I am attempting to attach an external security policy > > > >> > > > > > to an endpoint > > > >> > > > > with no > > > >> > > > > > success. When I attempt to use a wsp:UI in the > > > >> > > > > > AppliesTo element cxf > > > >> > > > > blows up. > > > >> > > > > > Here is the contents of the file: > > > >> > > > > > > > > >> > > > > > ---- > > > >> > > > > > <?xml version="1.0" encoding="UTF-8" ?> <attachments > > > >> > > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"; > > > >> > > > > > xmlns:wsa="http://www.w3.org/2005/08/addressing"; > > > >> > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securit > > > >> > > > > > ypol > > > >> > > > > > icy > > > >> "> > > > >> > > > > > <wsp:PolicyAttachment> > > > >> > > > > > <wsp:AppliesTo> > > > >> > > > > > <wsp:URI> > > > >> > > > > > > > > >> > > > > > > > >> http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.po > > > >> r > > > >> > > > > t(Gr > > > >> > > > > eeterSer > > > >> > > > > > vice/GreeterPort) > > > >> > > > > > </wsp:URI> > > > >> > > > > > </wsp:AppliesTo> > > > >> > > > > > <wsp:Policy> > > > >> > > > > > <wsp:ExactlyOne> > > > >> > > > > > <wsp:All> > > > >> > > > > > <wsp:Policy> > > > >> > > > > > <sp:UsernameToken sp:IncludeToken=" > > > >> > > > > > > > > >> > > > > > > > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken > > > >> / > > > >> > > > > Alwa > > > >> > > > > ysTo > > > >> > > > > > Recipient > > > >> > > > > > "> > > > >> > > > > > <wsp:Policy> > > > >> > > > > > <sp:WssUsernameToken10 /> </wsp:Policy> > > > >> > > > > > </sp:UsernameToken> </wsp:Policy> </wsp:All> > > > >> > > > > > </wsp:ExactlyOne> </wsp:Policy> </wsp:PolicyAttachment> > > > >> > > > > > </attachments> > > > >> > > > > > > > > >> > > > > > ---- > > > >> > > > > > And here is the error: > > > >> > > > > > ---- > > > >> > > > > > Caused by: javax.xml.ws.WebServiceException: > > > >> > > > > > org.apache.cxf.ws.policy.PolicyException: > > > >> > > > > > NO_DOMAINEXPRESSIONBUILDER_EXC > > > >> > > > > > ---- > > > >> > > > > > It appears that the wsp:URI element passed into > > > >> > > > > > DomainExpressionBuilderRegistry.build(Element element) > > > >> > > > > > has null contents > > > >> > > > > for > > > >> > > > > > a reason that I cannot figure out. I have tried > > > >> > > > > > different syntaxes and > > > >> > > > > URLs to try > > > >> > > > > > to get it to work and its always null. > > > >> > > > > > > > > >> > > > > > Putting an EndpointReference in the AppliesTo element > > > >> > > > > > doesnt > > > >> error: > > > >> > > > > > > > > >> > > > > > <wsa:EndpointReference><wsa:Address>http://localhost:80 > > > >> > > > > > 80/u > > > >> > > > > > ser- service/userService</wsa:Address> > > > >> > > > > > </wsa:EndpointReference> > > > >> > > > > > > > > >> > > > > > But it doesnt work either. It never seems to intercept > > > >> > > > > > calls to the > > > >> > > > > service hosted > > > >> > > > > > at the configured URL. The ONLY way I have able to get > > > >> > > > > > it to work is by embedding the policy in the wsdl. I > > > >> > > > > > dont want to do that however as I > > > >> > > > > want a > > > >> > > > > > mediator to handle the policy and would like the > > > >> > > > > > contract policies to > > > >> > > > > configured > > > >> > > > > > differently in different environments. > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > Any help would be appreciated. I am tearing my hair out > > > >> > > > > > over this. I > > > >> > > > > cant be the > > > >> > > > > > only one attempting to do this. > > > >> > > > > > > > > >> > > > > > The code is on github: > > > >> > > > > > > > > >> > > > > > https://github.com/MacFlecknoe/service-repository- > > > >> > > > > > sample/blob/master/schema/src/main/resources/policy/aut > > > >> > > > > > hent > > > >> > > > > > icati > > > >> > > > > > on- > > > >> > > > > > policy.xml > > > >> > > > > > > > > >> > > > > > Thanks. > > > >> > > > > > > > > >> > > > > > Mike > > > >> > > > > > > > >> > > > > > >> > > > > > > > > > >
