I am using CXF policy capability for the first time. My problem is that the policies defined under cxf:bus tag is not getting attached to the endpoints. When I define the same set of policies under the endpoints tag, it works perfectly fine. Below I have pasted my spring configuration file. It would be great if somebody can tell me what I am doing wrong. I use camel-cxf-2.8.1 and cxf-2.4.2
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:camel="http://camel.apache.org/schema/spring"; xmlns:camelcxf="http://camel.apache.org/schema/cxf"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:cxfendpoint="http://camel.apache.org/schema/cxf"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:p="http://cxf.apache.org/policy"; xmlns:wsp="http://www.w3.org/2006/07/ws-policy"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:wsaw="http://www.w3.org/2005/08/addressing"; xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://www.w3.org/2006/07/ws-policy http://www.w3.org/2006/07/ws-policy.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml"/> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/> <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/> <camel:camelContext id="camelContext"> <camel:route> <camel:from uri="cxf:bean:routerEndpoint" /> <camel:process ref="myProcessor" /> </camel:route> </camel:camelContext> <cxfendpoint:cxfEndpoint id="routerEndpoint" address="/CxfEndpointBeansRouterTest" serviceClass="com.test.HelloService" bus="#cxf"> <cxfendpoint:properties> <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> <entry key="ws-security.is-bsp-compliant" value="false"/> <entry key="ws-security.saml2.validator"> <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"> <constructor-arg value="true"/> </bean> </entry> <entry key="ws-security.sts.client"> <bean class="org.apache.cxf.ws.security.trust.STSClient"> <constructor-arg ref="cxf"/> <property name="wsdlLocation" value="http://localhost:8082/cxf-services-sts-war-2.5.2/X509?wsdl"/> <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/> <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port"/> <property name="properties"> <map> <entry key="ws-security.signature.username" value="myservicekey"/> <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> <entry key="ws-security.encryption.properties" value="serviceKeystore.properties"/> <entry key="ws-security.encryption.username" value="mystskey"/> </map> </property> </bean> </entry> </cxfendpoint:properties> </cxfendpoint:cxfEndpoint> <bean id="myProcessor" class="com.test.MyProcessor"/> <bean id="samlAssertionQName" class="javax.xml.namespace.QName"> <constructor-arg value="urn:oasis:names:tc:SAML:2.0:assertion"/> <constructor-arg value="Assertion"/> </bean> <cxf:bus bus="cxf"> <cxf:features> <p:policies enabled="true"> <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <wsam:Addressing wsp:Optional="false"> <wsp:Policy /> </wsam:Addressing> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> <sp:RequestSecurityTokenTemplate> <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</t:KeyType> <t:KeySize>128</t:KeySize> </sp:RequestSecurityTokenTemplate> <wsp:Policy> <sp:RequireInternalReference /> </wsp:Policy> <sp:Issuer> <wsaw:Address>http://localhost:8080/SecurityTokenService/UT </wsaw:Address> <wsaw:Metadata> <wsx:Metadata> <wsx:MetadataSection> <wsx:MetadataReference> <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex </wsaw:Address> </wsx:MetadataReference> </wsx:MetadataSection> </wsx:Metadata> </wsaw:Metadata> </sp:Issuer> </sp:IssuedToken> </wsp:Policy> </sp:ProtectionToken> <sp:Layout> <wsp:Policy> <sp:Lax /> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp /> <sp:OnlySignEntireHeadersAndBody /> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128 /> </wsp:Policy> </sp:AlgorithmSuite> </wsp:Policy> </sp:SymmetricBinding> <sp:Wss11> <wsp:Policy> <sp:MustSupportRefIssuerSerial /> <sp:MustSupportRefThumbprint /> <sp:MustSupportRefEncryptedKey /> </wsp:Policy> </sp:Wss11> <sp:Trust13> <wsp:Policy> <sp:MustSupportIssuedTokens /> <sp:RequireClientEntropy /> <sp:RequireServerEntropy /> </wsp:Policy> </sp:Trust13> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </p:policies> </cxf:features> <cxf:inInterceptors> <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/> </cxf:inInterceptors> <cxf:outInterceptors> <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> </cxf:outInterceptors> </cxf:bus> <bean id="stsTokenValidator" class="org.apache.cxf.ws.security.trust.STSTokenValidator"> <constructor-arg value="true"/> </bean> </beans> *This is the error I get when i send a request with a SAML token in the header.* 10:25:00.614 [http-apr-8080-exec-10] WARN org.apache.cxf.phase.PhaseInterceptor Chain - Interceptor for {http://handler.xua.emc.com/}HelloService has thrown exc eption, unwinding now org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oas is-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood. at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.che ckUltimateReceiverHeaders(MustUnderstandInterceptor.java:150) ~[cxf-2.4.2.jar:2. 4.2] at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.han dleMessage(MustUnderstandInterceptor.java:96) ~[cxf-2.4.2.jar:2.4.2] at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.han dleMessage(MustUnderstandInterceptor.java:49) ~[cxf-2.4.2.jar:2.4.2] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept orChain.java:263) ~[cxf-2.4.2.jar:2.4.2] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainIniti ationObserver.java:121) [cxf-2.4.2.jar:2.4.2] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(Abstract HTTPDestination.java:206) [cxf-2.4.2.jar:2.4.2] at org.apache.cxf.transport.servlet.ServletController.invokeDestination( ServletController.java:218) [cxf-2.4.2.jar:2.4.2] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletCont roller.java:200) [cxf-2.4.2.jar:2.4.2] at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpr ingServlet.java:114) [cxf-2.4.2.jar:2.4.2] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Ab stractHTTPServlet.java:184) [cxf-2.4.2.jar:2.4.2] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractH TTPServlet.java:107) [cxf-2.4.2.jar:2.4.2] -- View this message in context: http://cxf.547215.n5.nabble.com/Policies-defined-under-cxf-bus-is-not-getting-attached-to-the-endpoints-tp5696458.html Sent from the cxf-user mailing list archive at Nabble.com.
