Hi,
I have been trying to use UsernameToken WS-SecurityPolicy assertion, but I
do not see the SOAP headers in the payload.
Hence I keep getting the following exception on the server side:
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not
be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802}SupportingTokens
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802}UsernameToken
at
org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)
I am using CXF 2.7.11 and following are the relevant client side
configurations.
Spring config has following entries:
<cxf:bus>
<cxf:features>
<p:policies/>
</cxf:features>
</cxf:bus>
<jaxws:client id="endpoint"
serviceClass="com.company.EndpointClassName"
</jaxws:client>
WSDL refers to policy as follows:
<wsp:Policy wsu:Id="DoubleItPlaintextPolicy">
<sp:SupportingTokens>
<wsp:Policy> <sp:UsernameToken
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
<wsp:Policy/>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:Policy>
….
<wsdl:binding name="xyz_Binding" type="tns:XYZ_PortType">
<wsp:PolicyReference URI="#DoubleItPlaintextPolicy"/>
...
The client has cxf-rt-ws-security and cxf-rt-ws-policy dependencies in the
classpath.
I am using cxf-codegen-plugin to generate the source classes using the
WSDL. The serviceClass attribute of jaxws:client element above points to
the generated endpoint interface.
I am unable to get to the root cause of why SOAP headers are absent in the
request, could someone please help me with it?
Thanks,
Giriraj.
