Hi, I want to implement a file transfer via Soap. I receive a wsdl and generate my classes via jaxb. I use Apache cxf 3.1.7 with Spring Boot to configure the cxf via java.
The policies (MTOM & WS-Conv.) references to all my methods from the endpoint. The client has to include in his request a security context token (SCT) to fulfil the policy(WS-Conv.). The server side authenticate the client with the SCT and according to the definition the SCT is not encrypting messages. (only to identify the client). Furthermore, I do not cache the SCT, but I stored it in my database and want to compare it with a simple callback handler. Honestly, I don’t know if this works with a SCT and Apache CXF. If I disable my WS-SecureConversation policy, my MTOM policy works, which I do not understand. Otherwise, if I enable all policies and send a request to the endpoint like the following one, I receive some errors. *Request* <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";> <wsc:Identifier xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";>test:f33ba228-dfb6-45ff-ac3a-47ec391ccf7c</wsc:Identifier> </wsc:SecurityContextToken> </wsse:Security> </soap:Header> <soap:Body> </soap:Body> </soap:Envelope> *End Request* With the above request I receive the following error message: These policy alternatives can not be satisfied: {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SecureConversationToken: No SecureConversation token found in message. {http://www.w3.org/2007/08/soap12-mtom-policy}MTOM at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179) at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:102) at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) ... Does anybody know why I am getting these errors? Thx in advance. Regards, Patrick -- View this message in context: http://cxf.547215.n5.nabble.com/WS-SecureConversation-MTOM-Policy-cannot-be-satisfied-tp5780524.html Sent from the cxf-user mailing list archive at Nabble.com.
