Hi, I added a test to replicate this scenario and it works:
https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=commit;h=fa985a4e Could you try updating to a more recent version of CXF to see if it works? Failing that, maybe take a look at the test I added and see if you can modify it so that it fails as per your scenario. Colm. On Wed, Dec 9, 2015 at 7:38 AM, Alx <[email protected]> wrote: > I am attaching them at the port level i.e.: > > <service name="Service"> > <port name="ServiceInterfacePort" > binding="pdef:ServiceInterfaceSecureSOAPBinding"> > <wsp:PolicyReference URI="#SecurityServiceSignPolicy" /> > <soap:address location="https://www.example.org/"; /> > </port> > </service> > > The problem is that the referenced binding isdefined in a wsdl that I do > not own (so I can't really attach the policy to the input, output and fault > elements). > > Does this mean that the behaviour is normal when attaching the policy at > the service element? > > Thank you for the feedback! > > Alex > > On Tue, Dec 1, 2015 at 4:22 PM, Colm O hEigeartaigh <[email protected]> > wrote: > > > Are you attaching security policies to the wsdl:fault part of your > security > > binding? If policies are only attached to the wsdl:input/output, then the > > SOAP Faults won't be secured. Here is an example: > > > > > > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl;h=2e388f57657c88339659e1555e5cf5c439a691ce;hb=HEAD > > > > Colm. > > > > On Fri, Nov 27, 2015 at 8:12 AM, Alexandros Trifyllis < > > [email protected] > > > wrote: > > > > > Further into debugging, I notice that in class > AbstractPolicyInterceptor > > > line 69 (version 2.7.13): > > > > > > if (faultClass != null && > faultClass.isAssignableFrom(cause.getClass())) > > { > > > > > > the "faultClass" can never be "assignableFrom" the "cause". > > > > > > The "faultClass" is a custom class of mine which extends Exception. The > > > "cause" in the case of schema validation > > > is javax.xml.bind.UnmarshalException which also extends Exception. > > > > > > In that case, one is not assignable from the other. > > > > > > This failed check results in the framework not adding crucial > > interceptors > > > in the chain, like PolicyBasedWSS4JOutInterceptor etc. > > > > > > On Thu, Nov 26, 2015 at 2:59 PM, Alexandros Trifyllis < > > > [email protected] > > > > wrote: > > > > > > > I have a wsdl with security policy for signing messages. In my > > endpoint I > > > > have the annotation @SchemaValidation. When a validation throws a > > > SoapFault > > > > the message (with the SoapFault) is not signed. Running CXF in debug > > > mode I > > > > see that the interceptor chain used is different compared to the > chain > > > when > > > > no fault occurs. This is normal but what does not seem normal is that > > the > > > > fault chain does not conatin interceptors > > > > like: PolicyBasedWSS4JOutInterceptor, UsernameTokenInterceptor which > > are > > > > required for the message to be signed. Here is the chain when no > fault > > > > occurs: > > > > > > > > 14:14:56,310 FINE [org.apache.cxf.phase.PhaseInterceptorChain] > > (default > > > > task-4) Chain org.apache.cxf.phase.PhaseInterceptorChain@5a2ad9f8 > was > > > > modified. Current flow: > > > > setup [ServerPolicyOutFaultInterceptor] > > > > pre-logical [MAPAggregatorImpl, SoapHeaderOutFilterInterceptor, > > > > SecurityVerificationOutInterceptor] > > > > prepare-send [MessageSenderInterceptor, > > GenericSecurityOutInterceptor, > > > > Soap12FaultOutInterceptor] > > > > pre-stream [LoggingOutInterceptor, CustomizeLoggingOutInterceptor, > > > > StaxOutInterceptor] > > > > pre-protocol [WebFaultOutInterceptor, MAPCodec, > > > > PolicyBasedWSS4JOutInterceptor, UsernameTokenInterceptor] > > > > write [SoapOutInterceptor] > > > > marshal [Soap12FaultOutInterceptorInternal] > > > > post-protocol [PolicyBasedWSS4JOutInterceptorInternal] > > > > write-ending [SoapOutEndingInterceptor] > > > > pre-protocol-ending [SAAJOutEndingInterceptor] > > > > pre-stream-ending [StaxOutEndingInterceptor] > > > > prepare-send-ending [MessageSenderEndingInterceptor] > > > > > > > > > > > > and when fault occurs: > > > > > > > > 12:55:34,500 FINE [org.apache.cxf.phase.PhaseInterceptorChain] > > (default > > > > task-3) Chain org.apache.cxf.phase.PhaseInterceptorChain@30f5696 was > > > > created. Current flow: > > > > setup [ServerPolicyOutFaultInterceptor] > > > > pre-logical [SoapHeaderOutFilterInterceptor] > > > > prepare-send [MessageSenderInterceptor, > > GenericSecurityOutInterceptor, > > > > Soap12FaultOutInterceptor] > > > > pre-stream [LoggingOutInterceptor, CustomizeLoggingOutInterceptor, > > > > StaxOutInterceptor] > > > > pre-protocol [WebFaultOutInterceptor] > > > > write [SoapOutInterceptor] > > > > > > > > > > > > Am I missing some configuration? > > > > > > > > Thank you in advance > > > > > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
