Hi Michael,
The problem is that the security policy of the service does not conform to
the spec:
<sp:TransportToken>
<wsp:Policy>
<wsp:Policy>
<sp:HttpBasicAuthentication/>
</wsp:Policy>
</wsp:Policy>
</sp:TransportToken>
There should be a "HttpsToken" policy wrapping "HttpBasicAuthentication".
See here for an example:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/basic-auth-policy.xml;h=f36e46702aa0fa7330694c9069d3b67d40aff02b;hb=HEAD
Colm.
On Wed, Jun 15, 2016 at 6:06 PM, Michael Beardsley <
[email protected]> wrote:
> I am trying to get a simple SOAP client working based off a WSDL that has
> various policies defined.
>
> - I do not own the service and have no way to modify it.
> - Spring is not involved in anyway and will not be.
> - Using jaxws-maven-plugin to generate the proxy code. Version 2.4.1
> - Using version 3.1.6 of CXF
> - Including the following dependencies: cxf-rt-rs-client, cxf-rt-security,
> cxf-rt-ws-policy, cxf-rt-ws-security, cxf-rt-frontend-jaxws,
> cxf-rt-features-logging
>
> (The JAX-RS client dependency is included because this app will call a
> REST service after getting a response from the SOAP service. The JAX-RS
> stuff is working fine).
>
> The SOAP message generated by CXF appears to be properly formed. I can
> successfully send the exact same message to the service endpoint using cURL
> and get the expected response. I can see in the logging that CXF is
> receiving the same response as cURL, but then blowing up on:
>
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor handle SEVERE:
> Inbound policy verification failed: These policy alternatives can not be
> satisfied:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not be satisfied: {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpBasicAuthentication
>
> The response from the SOAP service does not include the Authorization
> header. Is that why this is happening? Why does CXF care about
> authentication on the inbound message? My client doesn’t have or require
> authentication… the service does.
>
> Stepping through in the debugger shows that the AssertionInfoMap has
> ServiceModelPolicyProvider and Wsdl11AttachmentPolicyProvider instances
> available, but nothing referring to HTTP Basic Auth. Am I missing a
> dependency?
>
> Here is my client code
>
> public static void main(String[] args) {
> // Get a proxy for the SOAP endpoint. This is generated from their
> WSDL file as part of the Maven build.
> Zcustomer1 soap = new Zcustomer1();
> ZUDSCUSTOMER1 port = soap.getZcustomer1();
>
> LoggingInInterceptor logInbound = new LoggingInInterceptor();
> logInbound.setPrettyLogging(true);
> LoggingOutInterceptor logOutbound = new LoggingOutInterceptor();
> logOutbound.setPrettyLogging(true);
>
> Client cxf = ClientProxy.getClient(port);
> cxf.getInInterceptors().add(logInbound);
> cxf.getOutInterceptors().add(logOutbound);
>
> // The SOAP service uses HTTP Basic Authentication
> Map<String, Object> requestContext = ((BindingProvider)
> port).getRequestContext();
> requestContext.put(BindingProvider.USERNAME_PROPERTY, "username");
> requestContext.put(BindingProvider.PASSWORD_PROPERTY, "password");
>
> // Invoke the SOAP service
> String iKUNNR = "foo";
> KNA1 response = port.zudsCUSTOMER1(iKUNNR);
> }
>
>
> Here is the WSDL
>
> <?xml version="1.0" encoding="utf-8"?>
> <wsdl:definitions targetNamespace="urn:sap-com:document:sap:rfc:functions"
> xmlns:wsdl="
> http://schemas.xmlsoap.org/wsdl/";
> xmlns:xsd="
> http://www.w3.org/2001/XMLSchema";
> xmlns:soap="
> http://schemas.xmlsoap.org/wsdl/soap/";
> xmlns:wsoap12="
> http://schemas.xmlsoap.org/wsdl/soap12/";
> xmlns:http="
> http://schemas.xmlsoap.org/wsdl/http/";
> xmlns:mime="
> http://schemas.xmlsoap.org/wsdl/mime/";
>
> xmlns:tns="urn:sap-com:document:sap:rfc:functions"
> xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy";
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
>
> <wsp:UsingPolicy wsdl:required="true"/>
> <wsp:Policy wsu:Id="BN__zcustomer1">
> <wsp:ExactlyOne>
> <wsp:All>
> <wsp:All xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <sp:TransportBinding xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
> <wsp:Policy>
> <sp:TransportToken>
>
> <wsp:Policy>
>
> <wsp:Policy>
>
> <sp:HttpBasicAuthentication/>
>
> </wsp:Policy>
>
> </wsp:Policy>
>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
>
> <wsp:Policy>
>
> <sp:Basic128Rsa15/>
>
> </wsp:Policy>
>
> </sp:AlgorithmSuite>
> <sp:Layout>
>
> <wsp:Policy>
>
> <sp:Strict/>
>
> </wsp:Policy>
> </sp:Layout>
> </wsp:Policy>
> </sp:TransportBinding>
> </wsp:All>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsdl:types>
> <xsd:schema attributeFormDefault="qualified"
> targetNamespace="urn:sap-com:document:sap:rfc:functions">
> <xsd:simpleType name="char10">
> <xsd:restriction base="xsd:string">
> <xsd:maxLength value="10"/>
> </xsd:restriction>
> </xsd:simpleType>
> <xsd:complexType name="KNA1">
> <xsd:sequence>
> <xsd:element name="KUNNR"
> type="tns:char10"/>
> </xsd:sequence>
> </xsd:complexType>
> <xsd:element name="ZUDS_CUSTOMER1">
> <xsd:complexType>
> <xsd:sequence>
> <xsd:element
> name="I_KUNNR" type="tns:char10"/>
> </xsd:sequence>
> </xsd:complexType>
> </xsd:element>
> <xsd:element name="ZUDS_CUSTOMER1Response">
> <xsd:complexType>
> <xsd:sequence>
> <xsd:element name="O_KNA1"
> type="tns:KNA1"/>
> </xsd:sequence>
> </xsd:complexType>
> </xsd:element>
> </xsd:schema>
> </wsdl:types>
> <wsdl:message name="ZUDS_CUSTOMER1">
> <wsdl:part name="parameters" element="tns:ZUDS_CUSTOMER1"/>
> </wsdl:message>
> <wsdl:message name="ZUDS_CUSTOMER1Response">
> <wsdl:part name="parameter"
> element="tns:ZUDS_CUSTOMER1Response"/>
> </wsdl:message>
> <wsdl:portType name="ZUDS_CUSTOMER1">
> <wsdl:operation name="ZUDS_CUSTOMER1">
> <wsdl:input message="tns:ZUDS_CUSTOMER1"/>
> <wsdl:output message="tns:ZUDS_CUSTOMER1Response"/>
> </wsdl:operation>
> </wsdl:portType>
> <wsdl:binding name="zcustomer1" type="tns:ZUDS_CUSTOMER1">
> <wsp:Policy>
> <wsp:PolicyReference URI="#BN__zcustomer1"/>
> </wsp:Policy>
> <soap:binding transport="
> http://schemas.xmlsoap.org/soap/http"; style="document"/>
> <wsdl:operation name="ZUDS_CUSTOMER1">
> <soap:operation
> soapAction="urn:sap-com:document:sap:rfc:functions:ZUDS_CUSTOMER1:ZUDS_CUSTOMER1Request"
> style="document"/>
> <wsdl:input>
> <soap:body use="literal"/>
> </wsdl:input>
> <wsdl:output>
> <soap:body use="literal"/>
> </wsdl:output>
> </wsdl:operation>
> </wsdl:binding>
> <wsdl:service name="zcustomer1">
> <wsdl:port name="zcustomer1" binding="tns:zcustomer1">
> <soap:address location="http://0.0.0.0/zcustomer1
> "/>
> </wsdl:port>
> </wsdl:service>
> </wsdl:definitions>
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
