I would recommend trying with a more recent version of CXF to see if the problem has been fixed.
Colm. On Wed, Jul 1, 2015 at 11:26 AM, pmarkus <[email protected]> wrote: > I created a webservice on JBoss AS 7.1.1 (which uses CXF 2.6.8) as a > Stateless Session Bean using code first approach. > > @Stateless > @WebService(targetNamespace = "http://mycompany/mynamespace";, serviceName > = > "myService", name = "myService", portName = "myServicePort") > @EndpointProperties > ({ > @EndpointProperty(key = "endpoint-processes-headers", > value > = > "{ > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security > "), > @EndpointProperty(key = > "ws-security.signature.properties", > value = "signature.properties"), > @EndpointProperty(key = > "ws-security.encryption.properties", value = "encryption.properties"), > @EndpointProperty(key = "ws-security.signature.username", > value = "sig-user"), > @EndpointProperty(key = "ws-security.encryption.username", > value = "enc-user"), > @EndpointProperty(key = "ws-security.callback-handler", > value = "my.company.ClientCallback") > }) > @Features(features = "org.apache.cxf.ws.policy.WSPolicyFeature") > @Policy(placement = Policy.Placement.BINDING, uri = > "/META-INF/pw-reset-policy.xml") > @InInterceptors(interceptors = { > "org.apache.cxf.ws.policy.PolicyOutInterceptor" } ) > @OutInterceptors(interceptors = > {"org.apache.cxf.ws.policy.PolicyOutInterceptor"}) > public class MyServiceBean implements MyService > {...} > > The policy I attach looks like this: > <wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy > " > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="SecurityServiceSignThenEncryptPolicy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:AsymmetricBinding > > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > <sp:WssX509V1Token11/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > <wsp:Policy> > <sp:WssX509V1Token11/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:TripleDesRsa15/> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Lax/> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp/> > <sp:EncryptSignature/> > <sp:OnlySignEntireHeadersAndBody/> > <sp:SignBeforeEncrypting/> > </wsp:Policy> > </sp:AsymmetricBinding> > <sp:SignedParts > > <sp:Body/> > </sp:SignedParts> > <sp:EncryptedParts > > <sp:Body/> > </sp:EncryptedParts> > <sp:Wss10> > <wsp:Policy> > <sp:MustSupportRefIssuerSerial/> > </wsp:Policy> > </sp:Wss10> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > I use the interface MyService (and all the other data classes) on the > client > as well to generate a service Stub on the fly using jax-ws Service.create > pointing to the WSDL this service creates. > > The client (provided with all the keystores and properties) does correctly > encrypt the the message, or at least I assume it does because the server > always produces an exception: > > Interceptor for {http://www.tenfold-security.com/password}passwordReset > has > thrown exception, unwinding now: org.apache.cxf.interceptor.Fault: Message > part {http://www.w3.org/2001/04/xmlenc#}EncryptedData was not recognized. > (Does it exist in service WSDL?) > at > > org.apache.cxf.interceptor.DocLiteralInInterceptor.validatePart(DocLiteralInInterceptor.java:237) > [cxf-api.jar:2.6.8] > at > > org.apache.cxf.interceptor.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:191) > [cxf-api.jar:2.6.8] > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) > [cxf-api.jar:2.6.8] > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > [cxf-api.jar:2.6.8] > at > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) > [cxf-rt-transports-http.jar:2.6.8] > at > > org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:95) > at > > org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156) > at > org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) > [cxf-rt-transports-http.jar:2.6.8] > at > > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) > [cxf-rt-transports-http.jar:2.6.8] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > at > org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) > at > org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) > [jbossws-spi.jar:2.1.1.Final] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) > at > > org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) > at > > org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:897) > at > > org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:626) > at > org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2039) > at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45] > > > I tried a lot of things to make this work, but nothing did so far. > I added @Features(features = "org.apache.cxf.ws.policy.WSPolicyFeature") > which apparently did nothing. > > I tried to use the WSS4JInInterceptor and WSS4JOutInterceptor which only > complained that there is no Security action defined. > > I also tried to configure the interceptors via cxf.xml but then it > complained about not being able to read the file because it could not find > some schemas (http://cxf.apache.org/configuration/parameterized-types > which > was referenced in http://cxf.apache.org/core). > > I also didn't find any way to configure the WSS4J interceptors via > annotations. > > I tried to use JBoss-WS's @EndpointConfig annotation providing the > configuration via a endpoint-config.xml file. Same result. > > I did subclass WSS4JInInterceptor and set the action property in the > constructor. But then it complained about not finding the signature > properties file. > > So in the end nothing worked. Did I miss something? Am I doing something > wrong? > > So far the client (also using CXF 2.6.8 on another JBoss server) seems to > correctly read the policy from the WSDL with no other configuration than > keystores, etc required. I didn't need to specify anything in particular > for > policy handling. Yet the server just cannot handle it. > > Kind Regards, > Philip. > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/EJB-Webservice-does-not-handle-policy-tp5758729.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
