Hi, I changed my policy to AlwaysToRecipient as you suggested but I still have the same problem. I will try and put together a minimal test case to confirm the problem.
On Thu, Mar 1, 2012 at 9:09 AM, Jason Pell <[email protected]> wrote: > Ok - thanks, I am still familiarizing myself with the ws-security policy > spec, I did not realize the Include value controlled when it was applied as > far as incoming or outgoing. I will have to read that section of the spec > again, it makes sense though. > > Thanks muchly for the reply, > > Sent from my iPhone > > On Feb 29, 2012, at 20:22, Colm O hEigeartaigh <[email protected]> wrote: > >>> Do I have to concern myself with this exception? The policies >>> correctly validate on the incoming request, SupportingTokens would be >>> pointless for outgoing, but certainly TransportToken should be >>> validated as the response is SSL??? >> >> If the SupportingTokens policy is pointless for outgoing, then why >> does it have an include value of "Always"? Maybe you need to use >> "AlwaysToRecipient" instead? The TransportToken error might be caused >> by the SupportingToken error. >> >> Colm. >> >> On Wed, Feb 29, 2012 at 12:51 AM, Jason Pell <[email protected]> wrote: >>> Hi, >>> >>> Do I have to concern myself with this exception? The policies >>> correctly validate on the incoming request, SupportingTokens would be >>> pointless for outgoing, but certainly TransportToken should be >>> validated as the response is SSL??? >>> >>> Here is the full detail: >>> >>> 28841 [qtp11816628-15] DEBUG >>> org.apache.cxf.ws.policy.PolicyVerificationOutInterceptor - An >>> exception was thrown when verifying that the effective policy for this >>> request was satisfied. However, this exception will not result in a >>> fault. The exception raised is: >>> org.apache.cxf.ws.policy.PolicyException: These policy alternatives >>> can not be satisfied: >>> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken >>> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens >>> >>> Here is my policy info - I have removed the standard containment xml >>> (<wsp:Policy>, <wsp:ExactlyOne>, <wsp:All>) for brevity >>> >>> My transport binding is (assigned to Policy.Placement.SERVICE): >>> >>> <sp:TransportBinding> >>> <wsp:Policy> >>> <sp:TransportToken> >>> <wsp:Policy> >>> <sp:HttpsToken> >>> <wsp:Policy >>> /> >>> </sp:HttpsToken> >>> </wsp:Policy> >>> </sp:TransportToken> >>> <sp:Layout> >>> <wsp:Policy> >>> <sp:Lax /> >>> </wsp:Policy> >>> </sp:Layout> >>> <!-- <sp:IncludeTimestamp /> --> >>> <sp:AlgorithmSuite> >>> <wsp:Policy> >>> <sp:Basic128 /> >>> </wsp:Policy> >>> </sp:AlgorithmSuite> >>> </wsp:Policy> >>> </sp:TransportBinding> >>> >>> >>> Here is my supporting tokens policy (assigned at Policy.Placement.SERVICE): >>> >>> <sp:SupportingTokens> >>> <wsp:Policy> >>> <sp:KerberosToken >>> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always";> >>> <wsp:Policy> >>> >>> <sp:WssGssKerberosV5ApReqToken11 /> >>> </wsp:Policy> >>> </sp:KerberosToken> >>> </wsp:Policy> >>> </sp:SupportingTokens> >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com
