CXF does not support "SecureConversationTokens" when they are defined as a "SupportingToken" with no accompanying security binding. If the sole use-case of your service is just to check that the SecurityContextToken is in the security header of the request, then it is pretty easy to write your own CXF interceptor to check this and assert the appropriate policies.
Colm. On Thu, Oct 23, 2014 at 2:16 PM, Christofer Steingrefer < [email protected]> wrote: > Hey, > > i have some problems, hope you can help me. > > I'm trying to implement my Business Service with cxf, but have some > problems with policies. > > This is the policy definition from my wsdl: > <wsp:Policy wsu:Id="AuthSecurityPolicy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SupportingTokens> > <wsp:Policy> > <sp:SecureConversationToken > sp:IncludeToken=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > "> > <sp:Issuer> > <wsa:Address>http://localhost:8080/STS > </wsa:Address> > </sp:Issuer> > </sp:SecureConversationToken> > </wsp:Policy> > </sp:SupportingTokens> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > and this is my Soap-Request: > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ > " > xmlns:doub="http://www.example.org/schema/DoubleIt";> > <soapenv:Header> > <wsse:Security xmlns:wsse=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "> > <wsc:SecurityContextToken wsu:Id="sctId-C369774BE974CD565514139821204088" > xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > > <wsc:Identifier>bipro:C369774BE974CD565514139821204087</wsc:Identifier> > </wsc:SecurityContextToken> > </wsse:Security> > </soapenv:Header> > <soapenv:Body> > .................. > </soapenv:Body> > </soapenv:Envelope> > > I always get a Soap-Fault back: > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > <soap:Body> > <soap:Fault> > <faultcode>soap:Server</faultcode> > <faultstring>These policy alternatives can not be satisfied: > { > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient}SupportingTokens > { > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient}SecureConversationToken > </faultstring> > </soap:Fault> > </soap:Body> > </soap:Envelope> > > Do you know why? > I'm using cxf with version 2.7.11. > > Thanks, > Chris > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
