I suggest using a debugger + putting a breakpoint here to find out why a token wasn't retrieved from the list of security results:
https://github.com/apache/cxf/blob/master/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java#L457 Colm. On Tue, May 16, 2017 at 9:43 AM, pat7 <[email protected]> wrote: > Hi, > I want to implement a file transfer via Soap. I receive a wsdl and generate > my classes via jaxb. I use Apache cxf 3.1.7 with Spring Boot to configure > the cxf via java. > > The policies (MTOM & WS-Conv.) references to all my methods from the > endpoint. The client has to include in his request a security context token > (SCT) to fulfil the policy(WS-Conv.). The server side authenticate the > client with the SCT and according to the definition the SCT is not > encrypting messages. (only to identify the client). > Furthermore, I do not cache the SCT, but I stored it in my database and > want > to compare it with a simple callback handler. Honestly, I don’t know if > this > works with a SCT and Apache CXF. > > If I disable my WS-SecureConversation policy, my MTOM policy works, which I > do not understand. Otherwise, if I enable all policies and send a request > to > the endpoint like the following one, I receive some errors. > > *Request* > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > <soap:Header> > <wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis- > 200401-wss-wssecurity-secext-1.0.xsd"> > <wsc:SecurityContextToken > xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";> > <wsc:Identifier > xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";> > test:f33ba228-dfb6-45ff-ac3a-47ec391ccf7c</wsc:Identifier> > </wsc:SecurityContextToken> > </wsse:Security> > </soap:Header> > <soap:Body> > </soap:Body> > </soap:Envelope> > *End Request* > > With the above request I receive the following error message: > > These policy alternatives can not be satisfied: > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy} > SecureConversationToken: > No SecureConversation token found in message. > {http://www.w3.org/2007/08/soap12-mtom-policy}MTOM > at > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy( > AssertionInfoMap.java:179) > at > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle( > PolicyVerificationInInterceptor.java:102) > at > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage( > AbstractPolicyInterceptor.java:44) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( > PhaseInterceptorChain.java:308) > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage( > ChainInitiationObserver.java:121) > ... > > Does anybody know why I am getting these errors? Thx in advance. > Regards, > Patrick > > > > > > -- > View this message in context: http://cxf.547215.n5.nabble. > com/WS-SecureConversation-MTOM-Policy-cannot-be-satisfied-tp5780524.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
