Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.SIG_PROP_FILE,
"server_sign.properties");
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP +
" " + WSHandlerConstants.SIGNATURE);
bindingProvider.getResponseContext().put("password", "xxxxx");
inProps.put(WSHandlerConstants.USER,
"cs-bedrijven.procesinfrastructuur.nl");
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
--- server_sign.properties ---
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
#org.apache.ws.security.crypto.merlin.keystore.alias=cs-bedrijven.procesinfrastructuur.nl
org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
This is how I configure WSS4JInInterceptor. I have no extra config files
and I prefer to set all config in the code. When the client works I want
to try to get rid of the server_sign.properties, I want to set that
dynamic.
Ralph
From:
Colm O hEigeartaigh <[email protected]>
To:
"[email protected]" <[email protected]>
Date:
02-08-2013 15:04
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
As a sanity check, can I see your CXF client configuration?
PolicyVerificationInInterceptor does run after
PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
WSS4JInInterceptor explicilty in your configuration?
Colm.
On Fri, Aug 2, 2013 at 1:26 PM,
<[email protected]>wrote:
> Hi Colm,
>
> He doesn't reach the point you asked for. In
> 'org.apache.cxf.ws.policy.AssertionInfoMap.java' checkEffectivePolicy he
> doesn't find any validated policy, the ArrayList validated is empty, the
> ArrayList errors contains 50. He throws at line 179 an exception (cxf
> 2.7.6).
> This method is called from
> 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
handle.
> Line 101 is the line where call is done.
> The variable aim contains:
> {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken:false], {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout:false],
> AnonymousResponses=[AnonymousResponses:false, AnonymousResponses:false],
{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding:false], {
http://www.w3.org/2007/02/addressing/metadata
> }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}X509Token:false,
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts:false], {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization=[{
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization:false]}
>
> If you need to know something else, let me know!
>
> Ralph
>
>
>
> From:
> Colm O hEigeartaigh <[email protected]>
> To:
> "[email protected]" <[email protected]>
> Date:
> 02-08-2013 12:57
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> Do you have access to a debugger? If so could you put a breakpoint in
> PolicyBasedWSS4JInInterceptor in the doResults method and trace the
flow?
> The problem is that some policy is getting unasserted, but I can't
figure
> out which one from the logging.
>
> Colm.
>
>
> On Fri, Aug 2, 2013 at 11:53 AM,
> <[email protected]>wrote:
>
> > Hi,
> >
> > This comes from the WSDL as it is given to me. When generated with all
> > three policies enabled, the first is used I believe. I just tried to
> > generate with only one enabled. I tried three times (one time for
> > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > TripleDesRsa15), all the same result as before.
> > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > WS-Addressing - failed to retrieve Message Addressing Properties from
> > context'.
> > Is it possible that I need to add something to avoid this? And if yes
> how
> > do I do that?
> >
> > Ralph
> >
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <[email protected]>
> > To:
> > "[email protected]" <[email protected]>
> > Date:
> > 02-08-2013 12:34
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > can not be satisfied:
> >
> >
> >
> > Hi,
> >
> > I'm not sure if this is the cause of the problem, but the following
> policy
> > is not valid:
> >
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic128Rsa15/>
> > <sp:Basic256Rsa15/>
> > <sp:TripleDesRsa15/>
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> >
> > The specification only allows you to specify one of the policies
above.
> >
> > Colm.
> >
> >
> > On Thu, Aug 1, 2013 at 3:44 PM,
> > <[email protected]>wrote:
> >
> > > Hi Colm,
> > >
> > > The previous message didn't contain a attachement. But in the mean
> time
> > I
> > > managed to get a better log. I will attach it as .txt
> > >
> > >
> > >
> > > From: Colm O hEigeartaigh <[email protected]> To:
> > "[email protected]"
> > > <[email protected]> Date: 01-08-2013 10:48 Subject: Re:
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can
> > not
> > > be satisfied:
> > > ------------------------------
> > >
> > >
> > >
> > > Could you turn logging to "FINE" + attach the log? That should tell
us
> > the
> > > exact policy validation error(s).
> > >
> > > Colm.
> > >
> > >
> > > On Thu, Aug 1, 2013 at 9:17 AM,
<[email protected]
> > > >wrote:
> > >
> > > > Hi,
> > > >
> > > > Because the formatting was crappy an attachement.
> > > >
> > > >
> > > >
> > > > From: Colm O hEigeartaigh <[email protected]> To: "
> > > [email protected]"
> > > > <[email protected]> Date: 01-08-2013 10:09 Subject: Re:
> > > > org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > can
> > > not
> > > > be satisfied:
> > > > ------------------------------
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > > It looks like the service is processing the CXF request correctly,
> but
> > is
> > > > not returning a response that complies with the security policy,
and
> > the
> > > > client is throwing an exception. It's impossible to find out
without
> > > seeing
> > > > the security policy though. It should be in the WSDL file
referenced
> > in
> > > the
> > > > log, if you could attach it:
> > > >
> > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > Bedrijven_v1.2_preprod.wsdl"
> > > >
> > > > Colm.
> > > >
> > > >
> > > >
> > > > On Thu, Aug 1, 2013 at 8:53 AM,
> <[email protected]
> > > > >wrote:
> > > >
> > > > > Dear Colm,
> > > > >
> > > > > Sorry i didn't see your previous response. Because of my great
> > e-mail
> > > > > client (Notus ;) ) I wasn't properly connected to the
mailinglist,
> > > > > apologies for the inconvenience.
> > > > > I don't know how to get the security policy of the service.
> > > > > I added the message I send to the server. (I've removed the
> > > SecurityToken
> > > > > for security reasons).
> > > > > The message I received is the text I copied from the log. I also
> > added
> > > > the
> > > > > logging I get at the moment.
> > > > >
> > > > > Ralph
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > From: Colm O hEigeartaigh <[email protected]> To: "
> > > > [email protected]"
> > > > > <[email protected]> Date: 01-08-2013 09:34 Subject: Re:
> > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > can
> > > > not
> > > > > be satisfied:
> > > > > ------------------------------
> > > > >
> > > > >
> > > > >
> > > > > Did you not see my previous response? We need to see the
security
> > > policy
> > > > of
> > > > > the service, the request message + the response message to be
able
> > to
> > > > help
> > > > > you.
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > <[email protected]
> > > > > >wrote:
> > > > >
> > > > > > Dear CXF Support,
> > > > > >
> > > > > > First, I am a newbie with CXF. I am writing a CXF client to
> > interact
> > > > with
> > > > > > the government. I am able to send a message. But when I
receive
> > the
> > > > > > response my client crashes.
> > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java
> > 1.6.45.
> > > > If
> > > > > > you need more info, please let me know as I don't exactly know
> > what
> > > > info
> > > > > > you need to help me.
> > > > > > Please help me, I'm stuck.
> > > > > >
> > > > > > Ralph Keegstra
> > > > > >
> > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > can
> > > > > > not be satisfied:
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout
> > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > {
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements
> > > > > > AnonymousResponses
> > > > > > at
> > > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > AssertionInfoMap.java:179)
> > > > > > at
> > > > > >
org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > at
> > > > > >
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > ClientImpl.java:800)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > HTTPConduit.java:1592)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > HTTPConduit.java:1490)
> > > > > > at
> > > > > >
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > HTTPConduit.java:1309)
> > > > > > at
> org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > CachedOutputStream.java:223)
> > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > AbstractConduit.java:56)
> > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > HTTPConduit.java:622)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > MessageSenderInterceptor.java:62)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > )
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > ClientProxy.java:96)
> > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > JaxWsClientProxy.java:133)
> > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > at
nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > Exception in thread "main"
javax.xml.ws.soap.SOAPFaultException:
> > > These
> > > > > > policy alternatives can not be satisfied:
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout
> > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > {
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements
> > > > > > AnonymousResponses
> > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > JaxWsClientProxy.java:155)
> > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > at
nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These
> policy
> > > > > > alternatives can not be satisfied:
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout
> > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > {
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements
> > > > > > AnonymousResponses
> > > > > > at
> > > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > AssertionInfoMap.java:179)
> > > > > > at
> > > > > >
org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > at
> > > > > >
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > ClientImpl.java:800)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > HTTPConduit.java:1592)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > HTTPConduit.java:1490)
> > > > > > at
> > > > > >
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > HTTPConduit.java:1309)
> > > > > > at
> org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > CachedOutputStream.java:223)
> > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > AbstractConduit.java:56)
> > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > HTTPConduit.java:622)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > MessageSenderInterceptor.java:62)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > )
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > ClientProxy.java:96)
> > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > JaxWsClientProxy.java:133)
> > > > > > ... 3 more
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
