Hi,
thx for the detailed response and yes I implement the BIPRO Norm.
I spend the last days to get working my transfer service but I did not have
success. I insert the boostrap policy into my transfer service wsdl and the
policy looks following:
<wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";
xsi:schemaLocation="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.xsd";
wsu:Id="AuthSecurityPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
</wsp:Policy>
</sp:TransportBinding>
<sp:SupportingTokens>
<wsp:Policy>
<sp:SecureConversationToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<sp:Issuer>
<wsa:Address>https://localhost:8443/TransferService-2.6.0.1.0</wsa:Address>
</sp:Issuer>
<wsp:Policy>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssUsernameToken11/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:SupportingTokens>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
</wsp:Policy>
</sp:Trust10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Additionally, I am the STS provider because no central STS provider exits. I
store all security context token in a database where I can retrieve the
token easy. I implement a 260.1 STS, which can only issue tokens.
I add the bootstrap policy into sts wsdl too, for testing with soap ui.
The policy looks like the following:
<wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="BiPROAuthSecurityPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
</wsp:Policy>
</sp:TransportBinding>
<sp:SupportingTokens>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<sp:UsernameToken
wsu:Id="BiPROBasicToken"
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy/>
</sp:UsernameToken>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssUsernameToken11/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
In soap ui I add the sct manually and generate the following request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:tran="http://www.bipro.net/namespace/transfer";
xmlns:bas="http://www.bipro.net/namespace/basis";
xmlns:nac="http://www.bipro.net/namespace/nachrichten";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsc:SecurityContextToken
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";>
<wsc:Identifier>test:45e9444a-ee7a-42d7-841f-66fd20d525ac</wsc:Identifier>
</wsc:SecurityContextToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<tran:listShipments>
<tran:Request>
<nac:ConsumerID>VR-8889991</nac:ConsumerID>
<tran:KategorieDerLieferung></tran:KategorieDerLieferung>
<tran:BestaetigeLieferungen>false</tran:BestaetigeLieferungen>
</tran:Request>
</tran:listShipments>
</soapenv:Body>
</soapenv:Envelope>
Unfortunately, I receive still the same errors:
These policy alternatives can not be satisfied:
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SecureConversationToken:
No SecureConversation token found in message.
{http://www.w3.org/2007/08/soap12-mtom-policy}MTOM
at
org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)
at
org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:102)
at
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
I tried the last the days to adapt policy but I did not have success. Is it
possible that the problem occurs because I do not use the full
functionalities from the cxf sts?
Maybe anybody know where I produce my errors.
Regards,
Patrick
--
View this message in context:
http://cxf.547215.n5.nabble.com/WS-SecureConversation-MTOM-Policy-cannot-be-satisfied-tp5780524p5780956.html
Sent from the cxf-user mailing list archive at Nabble.com.
