Hi,
I implemented a STS with CXF 3.1.7 in a JAVA spring boot configuration for
the BiPRO norm. I tested the STS with SoapUI and issuing a security context
token worked well.
Now I implement a second service, which should work with the implemented
STS, however I receive several errors if I call the second service with
SoapUI.
Here is my *STS config* in spring boot:
@Bean
public ServletRegistrationBean dispatcherServlet() {
ServletRegistrationBean servletRegistrationBean = new
ServletRegistrationBean(new CXFServlet());
servletRegistrationBean.addUrlMappings("/*");
return servletRegistrationBean;
}
@Bean(name = Bus.DEFAULT_BUS_ID)
public SpringBus springBus() {
return new SpringBus();
}
@Bean
public StaxTransformFeature transformFeature(){
StaxTransformFeature staxTransformFeature = new
StaxTransformFeature();
Map<String,String> inAppendElements = new
HashMap<String,String>();
Map<String,String> inTransformElements = new
HashMap<String,String>();
inAppendElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestType";,
"{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestType=http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue";);
inTransformElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestSecurityToken";,
"{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken";);
inTransformElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}RequestType";,
"{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestType";);
inTransformElements.put("{http://schemas.xmlsoap.org/ws/2005/02/trust}TokenType";,
"{http://docs.oasis-open.org/ws-sx/ws-trust/200512}TokenType";);
staxTransformFeature.setInAppendElements(inAppendElements);
staxTransformFeature.setInTransformElements(inTransformElements);
return staxTransformFeature;
}
@Bean
public SecurityTokenServiceProvider mySTSProviderBean(){
try {
SecurityTokenServiceProvider securityTokenServiceProvider = new
SecurityTokenServiceProvider();
securityTokenServiceProvider.setIssueSingleOperation(transprotIssueDelegate());
securityTokenServiceProvider.setValidateOperation(transportValidateDelegate());
securityTokenServiceProvider.setCancelOperation(transportCancelDelegate());
return securityTokenServiceProvider;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
@Bean
public TokenIssueOperation transprotIssueDelegate(){
TokenIssueOperation tokenIssueOperation = new
TokenIssueOperation();
tokenIssueOperation.setTokenProviders(transportTokenProviders());
tokenIssueOperation.setServices(transportServices());
tokenIssueOperation.setStsProperties(transportSTSProperties());
tokenIssueOperation.setTokenStore(defaulttokenStore());
tokenIssueOperation.setReturnReferences(false);
return tokenIssueOperation;
}
@Bean
public TokenValidateOperation transportValidateDelegate(){
TokenValidateOperation tokenValidateOperation = new
TokenValidateOperation();
tokenValidateOperation.setTokenProviders(transportTokenProviders());
tokenValidateOperation.setTokenValidators(transportTokenValidators());
tokenValidateOperation.setStsProperties(transportSTSProperties());
tokenValidateOperation.setTokenStore(defaulttokenStore());
return tokenValidateOperation;
}
@Bean
public TokenCancelOperation transportCancelDelegate(){
TokenCancelOperation tokenCancelOperation = new
TokenCancelOperation();
tokenCancelOperation.setTokenCancellers(transportTokenCancellers());
tokenCancelOperation.setStsProperties(transportSTSProperties());
tokenCancelOperation.setTokenStore(defaulttokenStore());
return tokenCancelOperation;
}
@Bean
public BiPROTokenProvider transportSCTProvider(){ //SCTProvider
BiPROTokenProvider biprotokenprovider = new
BiPROTokenProvider();
biprotokenprovider.setReturnEntropy(false);
return biprotokenprovider;
}
@Bean
public SCTValidator transportSCTValidator(){
return new SCTValidator();
}
@Bean
public SCTCanceller transportSCTCanceller(){
return new SCTCanceller();
}
@Bean
public StaticService transportService(){
StaticService staticservice = new StaticService();
staticservice.setEndpoints(transportEndpoints());
return staticservice;
}
@Bean
public DefaultInMemoryTokenStore defaulttokenStore(){
DefaultInMemoryTokenStore tokenstore = new
DefaultInMemoryTokenStore();
tokenstore.setTTL(1800);
return tokenstore;
}
@Bean
public EncryptionProperties encProperties(){
EncryptionProperties encryptionproperties = new
EncryptionProperties();
encryptionproperties.setEncryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc";);
return encryptionproperties;
}
@Bean
public StaticSTSProperties transportSTSProperties(){
StaticSTSProperties staticSTSproperties = new
StaticSTSProperties();
staticSTSproperties.setCallbackHandlerClass("com.test.endpoint.STSCallbackHandler");
return staticSTSproperties;
}
@Bean
public SCTInInterceptor sctinterceptor(){
return new SCTInInterceptor();
}
@Bean
public SCTOutInterceptor sctOutInterceptor(){
return new SCTOutInterceptor();
}
@Bean
public List<TokenProvider> transportTokenProviders(){
List<TokenProvider> tokenProviderList= new
ArrayList<TokenProvider>();
tokenProviderList.add(transportSCTProvider());
return tokenProviderList;
}
@Bean
public List<TokenValidator> transportTokenValidators(){
List<TokenValidator> tokenValidator= new
ArrayList<TokenValidator>();
tokenValidator.add(transportSCTValidator());
return tokenValidator;
}
@Bean
public List<TokenCanceller> transportTokenCancellers(){
List<TokenCanceller> tokenCanceller= new
ArrayList<TokenCanceller>();
tokenCanceller.add(transportSCTCanceller());
return tokenCanceller;
}
@Bean
public List<String> transportEndpoints(){
List<String> transportendpoints = new ArrayList<String>();
transportendpoints.add("https://localhost:8443/TransferService-2.6.0.1.0";);
return transportendpoints;
}
@Bean
public List<ServiceMBean> transportServices(){
List<ServiceMBean> serviceMBean = new ArrayList<ServiceMBean>();
serviceMBean.add(transportService());
return serviceMBean;
}
/*
* endpoint STS
* */
@Bean
public SecurityTokenService26010 securityTokenService26010(){
return new SecurityTokenService26010();
}
@Bean
public Endpoint endpoint() throws Exception{
//Object implementor = new SecurityTokenServiceProvider();
EndpointImpl endpoint = new
EndpointImpl(springBus(),mySTSProviderBean());
endpoint.setServiceName(securityTokenService26010().getServiceName());
endpoint.setWsdlLocation(securityTokenService26010().getWSDLDocumentLocation().toString());
endpoint.publish("/SecurityTokenService-2.6.0.1.0");
endpoint.getInInterceptors().add(sctinterceptor());
endpoint.getOutInterceptors().add(sctOutInterceptor());
Map<String, Object> inProps = new HashMap<>();
inProps.put("ws-security.callback-handler",
STSCallbackHandler.class.getName());
inProps.put("org.apache.cxf.ws.security.tokenstore.TokenStore",
defaulttokenStore());
endpoint.setProperties(inProps);
endpoint.getFeatures().add(transformFeature());
return endpoint;
}
/*
* endpoint Transferservice
* */
@Bean
public TransferServicePortType transferServicePortType(){
return new TransferServiceEndpoint();
}
@Bean
public TransferService26010 transferService26010(){
return new TransferService26010();
}
@Bean
public Endpoint transferendpoint(){
EndpointImpl transferendpoint = new
EndpointImpl(springBus(),transferServicePortType());
transferendpoint.setServiceName(transferService26010().getServiceName());
transferendpoint.setWsdlLocation(transferService26010().getWSDLDocumentLocation().toString());
transferendpoint.publish("/TransferService-2.6.0.1.0");
transferendpoint.getInInterceptors().add(sctinterceptor());
transferendpoint.getOutInterceptors().add(sctOutInterceptor());
Map<String, Object> inProps = new HashMap<>();
inProps.put("mtom-enabled", true);
transferendpoint.setProperties(inProps);
return transferendpoint;
}
*End STS config*
This is the request in SoapUI, which is sent to the second service:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:tran="http://www.bipro.net/namespace/transfer";
xmlns:bas="http://www.bipro.net/namespace/basis";
xmlns:nac="http://www.bipro.net/namespace/nachrichten";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<soapenv:Header>
<wsse:Security>
<wsc:SecurityContextToken
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";>
<wsc:Identifier>bipro:880fa760-5e59-41aa-b883-fbfa89b1c136</wsc:Identifier>
</wsc:SecurityContextToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<tran:listShipments>
<tran:Request>
<nac:BiPROVersion>2.0.6.1.0</nac:BiPROVersion>
<nac:ConsumerID>VR-12345</nac:ConsumerID>
<tran:KategorieDerLieferung>170</tran:KategorieDerLieferung>
<tran:BestaetigeLieferungen>false</tran:BestaetigeLieferungen>
</tran:Request>
</tran:listShipments>
</soapenv:Body>
</soapenv:Envelope>
And here is the policy definition in the wsdl from the second service:
<wsp:Policy wsu:Id="AuthSecurityPolicy"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssUsernameToken11/>
</wsp:Policy>
</sp:UsernameToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
</wsp:Policy>
</sp:Wss10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Trust13>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
</wsp:Policy>
</sp:Trust13>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
*End policy*
I read a lot in older forum posts to get working my second service with the
STS, but nothing worked. Here are the errors if I call the second service
with the above SoapUI request:
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not
be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SecureConversationToken:
No SecureConversation token found in message.
{http://www.w3.org/2007/08/soap12-mtom-policy}MTOM
Does anybody know why I am getting these errors? Maybe I forget something in
my configuration? Thx in advance.
Regards,
Patrick
--
View this message in context:
http://cxf.547215.n5.nabble.com/These-policy-alternatives-can-not-be-satisfied-tp5782647.html
Sent from the cxf-user mailing list archive at Nabble.com.
