[jira] [Resolved] (CXF-5405) WS-RM with anonymous endpoint throwing security policy validation exception for SequenceAck

Mon, 20 Jan 2014 07:34:39 -0800 

     [ 
https://issues.apache.org/jira/browse/CXF-5405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Aki Yoshida resolved CXF-5405.
------------------------------

       Resolution: Fixed
    Fix Version/s: 3.0.0-milestone2

> WS-RM with anonymous endpoint throwing security policy validation exception 
> for SequenceAck
> -------------------------------------------------------------------------------------------
>
>                 Key: CXF-5405
>                 URL: https://issues.apache.org/jira/browse/CXF-5405
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.7.7
>            Reporter: Aki Yoshida
>            Assignee: Aki Yoshida
>             Fix For: 3.0.0-milestone2, 2.6.12, 2.7.9
>
>
> When WS-RM with an anonoymous endpoint is used in conjuction with a policy 
> based WS-Security configuration, the sequence acknoledgement response to the 
> client is rejected by the policy validator.
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The 
> received token does not match the token inclusion requirement
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not 
> be satisfied: 
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The 
> received token does not match the token inclusion requirement
>       at 
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)
>       at 
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
>       at 
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
>       at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>       at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:835)
>       at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1606)
> The cause of this issue is in the RM processing to reset the requestor role, 
> whose value will subsequently be used by the policy validator to choose the 
> correct configuration value. The requestor role for the SequenceAck messages 
> should not be reset.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to