I created a webservice on JBoss AS 7.1.1 (which uses CXF 2.6.8) as a Stateless Session Bean using code first approach.
@Stateless @WebService(targetNamespace = "http://mycompany/mynamespace";, serviceName = "myService", name = "myService", portName = "myServicePort") @EndpointProperties ({ @EndpointProperty(key = "endpoint-processes-headers", value = "{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security";), @EndpointProperty(key = "ws-security.signature.properties", value = "signature.properties"), @EndpointProperty(key = "ws-security.encryption.properties", value = "encryption.properties"), @EndpointProperty(key = "ws-security.signature.username", value = "sig-user"), @EndpointProperty(key = "ws-security.encryption.username", value = "enc-user"), @EndpointProperty(key = "ws-security.callback-handler", value = "my.company.ClientCallback") }) @Features(features = "org.apache.cxf.ws.policy.WSPolicyFeature") @Policy(placement = Policy.Placement.BINDING, uri = "/META-INF/pw-reset-policy.xml") @InInterceptors(interceptors = { "org.apache.cxf.ws.policy.PolicyOutInterceptor" } ) @OutInterceptors(interceptors = {"org.apache.cxf.ws.policy.PolicyOutInterceptor"}) public class MyServiceBean implements MyService {...} The policy I attach looks like this: <wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="SecurityServiceSignThenEncryptPolicy"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding > <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssX509V1Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:WssX509V1Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:EncryptSignature/> <sp:OnlySignEntireHeadersAndBody/> <sp:SignBeforeEncrypting/> </wsp:Policy> </sp:AsymmetricBinding> <sp:SignedParts > <sp:Body/> </sp:SignedParts> <sp:EncryptedParts > <sp:Body/> </sp:EncryptedParts> <sp:Wss10> <wsp:Policy> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> I use the interface MyService (and all the other data classes) on the client as well to generate a service Stub on the fly using jax-ws Service.create pointing to the WSDL this service creates. The client (provided with all the keystores and properties) does correctly encrypt the the message, or at least I assume it does because the server always produces an exception: Interceptor for {http://www.tenfold-security.com/password}passwordReset has thrown exception, unwinding now: org.apache.cxf.interceptor.Fault: Message part {http://www.w3.org/2001/04/xmlenc#}EncryptedData was not recognized. (Does it exist in service WSDL?) at org.apache.cxf.interceptor.DocLiteralInInterceptor.validatePart(DocLiteralInInterceptor.java:237) [cxf-api.jar:2.6.8] at org.apache.cxf.interceptor.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:191) [cxf-api.jar:2.6.8] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) [cxf-api.jar:2.6.8] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api.jar:2.6.8] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) [cxf-rt-transports-http.jar:2.6.8] at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:95) at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) [cxf-rt-transports-http.jar:2.6.8] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) [cxf-rt-transports-http.jar:2.6.8] at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi.jar:2.1.1.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:897) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:626) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2039) at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45] I tried a lot of things to make this work, but nothing did so far. I added @Features(features = "org.apache.cxf.ws.policy.WSPolicyFeature") which apparently did nothing. I tried to use the WSS4JInInterceptor and WSS4JOutInterceptor which only complained that there is no Security action defined. I also tried to configure the interceptors via cxf.xml but then it complained about not being able to read the file because it could not find some schemas (http://cxf.apache.org/configuration/parameterized-types which was referenced in http://cxf.apache.org/core). I also didn't find any way to configure the WSS4J interceptors via annotations. I tried to use JBoss-WS's @EndpointConfig annotation providing the configuration via a endpoint-config.xml file. Same result. I did subclass WSS4JInInterceptor and set the action property in the constructor. But then it complained about not finding the signature properties file. So in the end nothing worked. Did I miss something? Am I doing something wrong? So far the client (also using CXF 2.6.8 on another JBoss server) seems to correctly read the policy from the WSDL with no other configuration than keystores, etc required. I didn't need to specify anything in particular for policy handling. Yet the server just cannot handle it. Kind Regards, Philip. -- View this message in context: http://cxf.547215.n5.nabble.com/EJB-Webservice-does-not-handle-policy-tp5758729.html Sent from the cxf-user mailing list archive at Nabble.com.
