Hello, I'm having trouble developing an Apache CXF client for the following WSDL:
https://rheaavs.element44.net/AvsMpsService_R1_Variante2.wsdl When invoking a WS call, the following Exception is thrown: Caused by: java.lang.IllegalArgumentException: Invalid Policy at org.apache.wss4j.policy.model.AbstractTokenWrapper.parseNestedPolicy(AbstractTokenWrapper.java:71) at org.apache.wss4j.policy.model.AbstractTokenWrapper.<init>(AbstractTokenWrapper.java:42) at org.apache.wss4j.policy.model.SupportingTokens.<init>(SupportingTokens.java:44) at org.apache.wss4j.policy.builders.SupportingTokensBuilder.build(SupportingTokensBuilder.java:44) at org.apache.wss4j.policy.builders.SupportingTokensBuilder.build(SupportingTokensBuilder.java:35) at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138) at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224) at org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217) at org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180) at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215) at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174) at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124) at org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:291) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:271) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:219) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:167) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:160) at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:97) at org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:451) at org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:152) at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:140) at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:584) at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:313) at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:294) at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61) at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:317) at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:337) at org.apache.cxf.transport.http.HTTPConduit.getClient(HTTPConduit.java:860) at org.apache.cxf.transport.http.HTTPConduit.configureConduitFromEndpointInfo(HTTPConduit.java:359) at org.apache.cxf.transport.http.HTTPConduit.finalizeConfig(HTTPConduit.java:439) at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:242) at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:222) at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:229) at org.apache.cxf.endpoint.AbstractConduitSelector.createConduit(AbstractConduitSelector.java:145) at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:107) at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare(UpfrontConduitSelector.java:63) at org.apache.cxf.endpoint.ClientImpl.prepareConduitSelector(ClientImpl.java:853) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:511) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138) ... 3 more I've tracked this down to the sp:EndorsingSupportingTokens/wsp:Policy which has 2 token assertions as childs: a sp:X509Token and a sp:IssuedToken. Apparently CXF doesn't like this. If I either remove one of these childs or put a wsp:ExactlyOne around them, the exception will not be thrown and the SOAP-Request will be sent but the remote server will not accept the message and return an InvalidSecurity SOAP-Fault. If I put a wsp:All around them instead, the "Invalid Policy" exception will be thrown again. I don't understand why Apache CXF throws the exception for the original WSDL. So far, I couldn't find anything in the specs making the 2 token assertions illegal. The specs defines theEndorsingSupportingTokens like this: ------------------------------------------------- <sp:EndorsingSupportingTokens xmlns:sp="..." ... > <wsp:Policy xmlns:wsp="..."> [Token Assertion]+ <sp:AlgorithmSuite ... > ... </sp:AlgorithmSuite> ? ( <sp:SignedParts ... > ... </sp:SignedParts> | <sp:SignedElements ... > ... </sp:SignedElements> | <sp:EncryptedParts ... > ... </sp:EncryptedParts> | <sp:EncryptedElements ... > ... </sp:EncryptedElements> | <sp:ContentEncryptedElements ... > ... </sp:ContentEncryptedElements> ) * ... </wsp:Policy> ... </sp:EndorsingSupportingTokens> ... /sp:EndorsingSupportingTokens/wsp:Policy/[Token Assertion] The policy MUST identify one or more token assertions. ------------------------------------------------- So did I miss something or is this a bug in Apache CXF? Best regards, Stefan ________________________________ PHARMATECHNIK GmbH und Co. KG Münchner Strasse 15 D-82319 Starnberg Sitz der Gesellschaft: Starnberg HRA: 64434, HRB: 66369, Amtsgericht München Geschäftsführer: Dr. Detlef Graessner, Cornelia Graessner-Neiss, Stephan Jörgens
