Well, this error comes from that you explicitly specify
WSS4jInInterceptor, which is incorrect for policy based ws-security
configuration.
For policy based ws-security configuration, WSSecurityPolicyLoader
will add PolicyBasedWSS4JInterceptor automatically which will set
related assertion accordingly.
Also, you miss to import some resources like
<import resource="classpath:META-INF/cxf/cxf-extension-
policy.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-ws-
security.xml" />
Your src/main/resources/META-INF/spring/beans.xml should be
<?xml version="1.0" encoding="UTF-8"?>
<beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0";
xmlns:osgi="http://www.springframework.org/schema/osgi";
xmlns:hema="http://www.adnovate.com/HEMA/StoreDataService";
xmlns:util="http://www.springframework.org/schema/util";
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://servicemix.apache.org/cxfbc/1.0
http://servicemix.apache.org/cxfbc/1.0/servicemix-cxf-bc.xsd
http://www.springframework.org/schema/osgi
http://www.springframework.org/schema/osgi/spring-osgi.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd
">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-
soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-
http.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-
policy.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-ws-
security.xml" />
<bean id="myPasswordCallback"
class="com.adnovate.security.PasswordTextHandler"/>
<util:map id="properties">
<entry>
<key >
<util:constant
static-
field="org.apache.cxf.ws.security.SecurityConstants.CALLBACK_HANDLER" />
</key>
<ref bean="myPasswordCallback"/>
</entry>
</util:map>
<cxfbc:consumer wsdl="wsdl/StoreDataService.wsdl"
targetEndpoint="hema:DataServiceEndpoint"
targetService="hema:StoreDataServiceSE"
useJBIWrapper="false" useSOAPEnvelope="true"
delegateToJaas="false" properties="#properties">
<cxfbc:inInterceptors>
</cxfbc:inInterceptors>
</cxfbc:consumer>
<bean class="org.apache.servicemix.common.osgi.EndpointExporter" />
</beans>
It works by my test, although you will see
org.apache.servicemix.nmr.api.ServiceMixException: Could not dispatch
exchange. No matching endpoints, apparently this is caused by you are
missing some target endpoint (maybe cxf se endpoint) of cxf bc
consumer in your testcase.
Freeman
On 2010-6-17, at 上午4:25, sfoster wrote:
Hi Freeman,
When I add delegateToJaas="false" to the consumer I get the
following error:
22:20:59,050 | WARN | 9...@qtp-9080772-0 |
PhaseInterceptorChain |
ache.cxf.common.logging.LogUtils 361 | Interceptor for
{http://www.adnovate.com/HEMA/StoreDataService}StoreDataService#{http://www.adnovate.com/HEMA/StoreDataService
}GetAllStoreData
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: These policy alternatives can not be
satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/
200702}SupportingTokens
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/
200702}UsernameToken
at
org
.apache
.cxf
.ws
.policy
.AbstractPolicyInterceptor
.handleMessage(AbstractPolicyInterceptor.java:47)
at
org
.apache
.cxf
.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:
243)
at
org
.apache
.cxf
.transport
.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109)
at
org.apache.servicemix.cxfbc.CxfBcConsumer
$JbiChainInitiationObserver.onMessage(CxfBcConsumer.java:675)
at
org
.apache
.cxf
.transport
.http_jetty
.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:312)
at
org
.apache
.cxf
.transport
.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:
276)
at
org
.apache
.cxf
.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:
70)
at
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:
765)
at
org
.mortbay
.jetty
.handler
.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49)
at
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:
152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:
542)
at
org.mortbay.jetty.HttpConnection
$RequestHandler.content(HttpConnection.java:938)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at
org
.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:
409)
at
org.mortbay.thread.QueuedThreadPool
$PoolThread.run(QueuedThreadPool.java:582)
Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/
200702}SupportingTokens
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/
200702}UsernameToken
at
org
.apache
.cxf
.ws
.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:
140)
at
org
.apache
.cxf
.ws
.policy
.PolicyVerificationInInterceptor
.handle(PolicyVerificationInInterceptor.java:96)
at
org
.apache
.cxf
.ws
.policy
.AbstractPolicyInterceptor
.handleMessage(AbstractPolicyInterceptor.java:45)
... 18 more
--
View this message in context:
http://servicemix.396122.n5.nabble.com/SMX-4-2-0-Using-WS-SecurityPolicy-in-cxf-bc-gives-an-NPE-tp509643p509783.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
