Hi cxf users!!,
I can't handle response security policy in my client to web service SOAP
based WS Policy(can connect, authenticate and get a response), i can
override these polities with a custom interceptor, but would like verifies
satisfied policy assertions, the wsdl WS policy seems to be correct. I'm
using cxf version 3.2 and java 1.8. I debug the
PolicyVerificationInInterceptor, the message policies arent asserted, but i
dont find where or how are asserted. Can someone help me? (thanks in
advance)
This is my error:
2019-03-15 19:09:17,948 ERROR s.policy.PolicyVerificationInInterceptor: 107
- Inbound policy verification failed: These policy alternatives can not be
satisfied:
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AsymmetricBinding
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}InitiatorToken
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}X509Token
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}WssX509V3Token10
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}RecipientToken
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AlgorithmSuite
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TripleDesRsa15
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Layout
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Strict
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}IncludeTimestamp
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}OnlySignEntireHeadersAndBody
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SignedParts
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}MustSupportRefKeyIdentifier
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}MustSupportRefIssuerSerial
2019-03-15 19:09:17,954 WARN g.apache.cxf.phase.PhaseInterceptorChain: 475
- Interceptor for
{http://servidor.gestion.es/}gestionOOGG#{http://servidor.gestion.es/}calcula
has thrown exception, unwinding now
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not
be satisfied:
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AsymmetricBinding
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}InitiatorToken
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}X509Token
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}WssX509V3Token10
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}RecipientToken
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AlgorithmSuite
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TripleDesRsa15
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Layout
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Strict
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}IncludeTimestamp
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}OnlySignEntireHeadersAndBody
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SignedParts
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}MustSupportRefKeyIdentifier
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}MustSupportRefIssuerSerial
at
org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)
at
org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:102)
at
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:797)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1680)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1557)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1358)
at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
at
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:216)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
This is my WS Policy :
<wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SigOnly">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
And the log RESPONSE:
ID: 1
Response-Code: 200
Encoding: ISO-8859-1
Content-Type: multipart/related;
boundary="MIMEBoundary_315ceb1888a1fc9657a40e99f2a8894763a2741765f88c82";
type="application/xop+xml";
start="<[email protected]>";
start-info="text/xml"
Headers: {connection=[close], Content-Language=[es],
content-type=[multipart/related;
boundary="MIMEBoundary_315ceb1888a1fc9657a40e99f2a8894763a2741765f88c82";
type="application/xop+xml";
start="<[email protected]>";
start-info="text/xml"], Date=[Fri, 15 Mar 2019 17:52:27 GMT],
Server=[Apache/2.4.6 (Red Hat Enterprise Linux)],
transfer-encoding=[chunked], Via=[1.1 extranet.es]}
Payload: --MIMEBoundary_315ceb1888a1fc9657a40e99f2a8894763a2741765f88c82
Content-Type: application/xop+xml; charset=UTF-8; type="text/xml"
Content-Transfer-Encoding: binary
Content-ID: <[email protected]>
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";><soapenv:Header><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
soapenv:mustUnderstand="1"><wsu:Timestamp
wsu:Id="TS-62F2E16AFEAD8B66221552672348112191"><wsu:Created>2019-03-15T17:52:28.112Z</wsu:Created><wsu:Expires>2019-03-15T17:57:28.112Z</wsu:Expires></wsu:Timestamp><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="SIG-62F2E16AFEA2348112193D8B6622155267"><ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#";
PrefixList="soapenv"/></ds:CanonicalizationMethod><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#Id-1807007877"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#";
PrefixList=""/></ds:Transform></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>TZ4CVMYQ7cnrmaL0impkwZZyY9o=</ds:DigestValue></ds:Reference><ds:Reference
URI="#TS-62F2E16AFEAD8B66221552672348112191"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsse
soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>Nwmy7avuw/0gs3ebs2JGCcUUa/0=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>D9k1UZuF2PTri9syGDLFDY+KXY7QblASEHC2T7kmEzaZXInQ150dBOfuL93tgeA73GqUiXj63qdqvDZ1yNvsGXLArK2Q2gO7kqkz3upkd9VY5OvGHR1K1E2DVSBc5bkXhIHFVCLfdNkDl4EbFvMdY9YnxTs6GNLK9MUDFJKq3I6RcF+giNXKq3krjqgo2Zyrs3Lg+b1YtyGuX2JuSAfl55Xt6i6r8M58ao95yFEyr7raoCE5wj+x9JVkfqTTPIiBJahfNERXnvqKgdgXLBR88uQ7EG9WbzdBDVQd0VQiqzbP+C9R59njnCHBEz+4sQvdCKpvlxpKxAjw7YoPaHbRuQ==</ds:SignatureValue><ds:KeyInfo
Id="KI-62F2E16AFEA2348112193D8B6622155267"><wsse:SecurityTokenReference
wsu:Id="STR-62F2E16AFEA2348112193D8B6622155267"><wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>xEc6fwXSdKtoWQZWAy8UtFrwqkc=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soapenv:Header><soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Id-1807007877"><ns:calcularInteresesResponse
xmlns:ns="http://servidor.gestion.es/xsd";><ns:return><?xml version="1.0"
encoding="UTF-8" standalone="yes"?>
<xmlType>
<id_peticion>129ST01</id_peticion>
<interesesCalculados>
<id_calculo>1</id_calculo>
<importe xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xs="http://www.w3.org/2001/XMLSchema";
xsi:type="xs:string">25.0</importe>
<tipo_interes>N</tipo_interes>
<tramo>
<fecha_desde>16/03/2010</fecha_desde>
<fecha_hasta>16/03/2012</fecha_hasta>
<tipo_aplicado>5</tipo_aplicado>
</tramo>
</interesesCalculados>
<respuesta>
<resultado>0</resultado>
</respuesta>
</xmlType>
</ns:return></ns:calcularInteresesResponse></soapenv:Body></soapenv:Envelope>
Kinds regards.
Lobrene.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
