STSClient.validateSecurityToken expects RequestSecurityTokenResponseCollection?

Tue, 22 Mar 2016 10:45:06 -0700 

Hi -

I'm using the CXF 3.1.4 STSClient to write a simple test client for my 
CXF-based STS. Requesting tokens has worked as expected, but requesting 
validation of a token is having a problem. It would appear that STSClient 
creates a proper RST, and gets a proper RSTR from the STS. But something deep 
inside the stack is expecting a RequestSecurityTokenResponseCollection instead 
of a RequestSecurityTokenResponse, which is causing this exception:

org.apache.cxf.interceptor.Fault: Unexpected element 
{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityTokenResponse 
found.   Expected 
{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityTokenResponseCollection.
                at 
org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor.validatePart(DocLiteralInInterceptor.java:280)
                at 
org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:191)
                at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
                at 
org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
                at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1669)
                at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1550)
                at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1347)
                at 
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
                at 
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215)
                at 
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
                at 
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:651)
                at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
                at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
                at 
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
                at 
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
                at 
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
                at 
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
                at 
org.apache.cxf.ws.security.trust.AbstractSTSClient.validate(AbstractSTSClient.java:1124)
                at 
org.apache.cxf.ws.security.trust.STSClient.validateSecurityToken(STSClient.java:105)
                at 
org.apache.cxf.ws.security.trust.STSClient.validateSecurityToken(STSClient.java:100)
                at 
gov.faa.iam.sts.IAMSTSTestClient.sendValidateRequest(IAMSTSTestClient.java:242)
                at 
gov.faa.iam.sts.IAMSTSTestClient.run(IAMSTSTestClient.java:264)
                at 
gov.faa.iam.sts.IAMSTSTestClient.main(IAMSTSTestClient.java:326)

I really don't want to change the STS at this point to return a RSTRC for 
validations. But it's not clear what to change in the STSClient to deal with 
the RSTR - there's already code there for handling it, but the execution 
doesn't look like it's getting that far. I'm not even sure why it says it's 
expecting an RSTRC. Does anyone have any ideas on what might be happening here?

Thanx,


Stephen W. Chappell

Reply via email to