Do you have the "cxf-rt-ws-security" jar on the classpath? That's the module that validates the WS-Security message and policy assertions. As all of the security assertions appear to be failing it doesn't look like the jar is on the classpath.
If the jar is on the classpath already, then enable debug logging and it should tell you specifically what policy failed. Colm. On Thu, Mar 28, 2019 at 10:12 PM lobrene <[email protected]> wrote: > > Hi cxf users!!, > > I can't handle response security policy in my client to web service SOAP > based WS Policy(can connect, authenticate and get a response), i can > override these polities with a custom interceptor, but would like verifies > satisfied policy assertions, the wsdl WS policy seems to be correct. I'm > using cxf version 3.2 and java 1.8. I debug the > PolicyVerificationInInterceptor, the message policies arent asserted, but i > dont find where or how are asserted. Can someone help me? (thanks in > advance) > > This is my error: > > 2019-03-15 19:09:17,948 ERROR s.policy.PolicyVerificationInInterceptor: 107 > - Inbound policy verification failed: These policy alternatives can not be > satisfied: > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AsymmetricBinding > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}InitiatorToken > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}X509Token > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}WssX509V3Token10 > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}RecipientToken > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AlgorithmSuite > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TripleDesRsa15 > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Layout > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Strict > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}IncludeTimestamp > { > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}OnlySignEntireHeadersAndBody > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SignedParts > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10 > { > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}MustSupportRefKeyIdentifier > { > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}MustSupportRefIssuerSerial > 2019-03-15 > <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy%7DMustSupportRefIssuerSerial2019-03-15> > 19:09:17,954 WARN g.apache.cxf.phase.PhaseInterceptorChain: 475 > - Interceptor for > { > http://servidor.gestion.es/}gestionOOGG#{http://servidor.gestion.es/}calcula > has thrown exception, unwinding now > org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not > be satisfied: > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AsymmetricBinding > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}InitiatorToken > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}X509Token > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}WssX509V3Token10 > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}RecipientToken > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AlgorithmSuite > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TripleDesRsa15 > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Layout > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Strict > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}IncludeTimestamp > { > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}OnlySignEntireHeadersAndBody > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SignedParts > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10 > { > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}MustSupportRefKeyIdentifier > { > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}MustSupportRefIssuerSerial > at > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179) > at > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:102) > at > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > at > org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:797) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1680) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1557) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1358) > at > org.apache.cxf.io > .CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56) > at org.apache.cxf.io > .CachedOutputStream.close(CachedOutputStream.java:216) > at > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) > at > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658) > at > > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > > > This is my WS Policy : > > <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="SigOnly"> > <wsp:ExactlyOne> > <wsp:All> > <sp:AsymmetricBinding > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > <wsp:Policy> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > <wsp:Policy> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:TripleDesRsa15/> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict/> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp/> > <sp:OnlySignEntireHeadersAndBody/> > </wsp:Policy> > </sp:AsymmetricBinding> > <sp:SignedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body/> > </sp:SignedParts> > <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > <sp:MustSupportRefKeyIdentifier/> > <sp:MustSupportRefIssuerSerial/> > </wsp:Policy> > </sp:Wss10> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > > And the log RESPONSE: > > ID: 1 > Response-Code: 200 > Encoding: ISO-8859-1 > Content-Type: multipart/related; > boundary="MIMEBoundary_315ceb1888a1fc9657a40e99f2a8894763a2741765f88c82"; > type="application/xop+xml"; > start="<[email protected]>"; > start-info="text/xml" > Headers: {connection=[close], Content-Language=[es], > content-type=[multipart/related; > boundary="MIMEBoundary_315ceb1888a1fc9657a40e99f2a8894763a2741765f88c82"; > type="application/xop+xml"; > start="<[email protected]>"; > start-info="text/xml"], Date=[Fri, 15 Mar 2019 17:52:27 GMT], > Server=[Apache/2.4.6 (Red Hat Enterprise Linux)], > transfer-encoding=[chunked], Via=[1.1 extranet.es]} > Payload: --MIMEBoundary_315ceb1888a1fc9657a40e99f2a8894763a2741765f88c82 > Content-Type: application/xop+xml; charset=UTF-8; type="text/xml" > Content-Transfer-Encoding: binary > Content-ID: <[email protected] > > > > <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ > "><soapenv:Header><wsse:Security > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > soapenv:mustUnderstand="1"><wsu:Timestamp > > wsu:Id="TS-62F2E16AFEAD8B66221552672348112191"><wsu:Created>2019-03-15T17:52:28.112Z</wsu:Created><wsu:Expires>2019-03-15T17:57:28.112Z</wsu:Expires></wsu:Timestamp><ds:Signature > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > Id="SIG-62F2E16AFEA2348112193D8B6622155267"><ds:SignedInfo><ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# > "><ec:InclusiveNamespaces > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > PrefixList="soapenv"/></ds:CanonicalizationMethod><ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference > URI="#Id-1807007877"><ds:Transforms><ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# > "><ec:InclusiveNamespaces > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > PrefixList=""/></ds:Transform></ds:Transforms><ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "/><ds:DigestValue>TZ4CVMYQ7cnrmaL0impkwZZyY9o=</ds:DigestValue></ds:Reference><ds:Reference > URI="#TS-62F2E16AFEAD8B66221552672348112191"><ds:Transforms><ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# > "><ec:InclusiveNamespaces > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsse > soapenv"/></ds:Transform></ds:Transforms><ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "/><ds:DigestValue>Nwmy7avuw/0gs3ebs2JGCcUUa/0=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>D9k1UZuF2PTri9syGDLFDY+KXY7QblASEHC2T7kmEzaZXInQ150dBOfuL93tgeA73GqUiXj63qdqvDZ1yNvsGXLArK2Q2gO7kqkz3upkd9VY5OvGHR1K1E2DVSBc5bkXhIHFVCLfdNkDl4EbFvMdY9YnxTs6GNLK9MUDFJKq3I6RcF+giNXKq3krjqgo2Zyrs3Lg+b1YtyGuX2JuSAfl55Xt6i6r8M58ao95yFEyr7raoCE5wj+x9JVkfqTTPIiBJahfNERXnvqKgdgXLBR88uQ7EG9WbzdBDVQd0VQiqzbP+C9R59njnCHBEz+4sQvdCKpvlxpKxAjw7YoPaHbRuQ==</ds:SignatureValue><ds:KeyInfo > Id="KI-62F2E16AFEA2348112193D8B6622155267"><wsse:SecurityTokenReference > wsu:Id="STR-62F2E16AFEA2348112193D8B6622155267"><wsse:KeyIdentifier > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier > " > EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > ">xEc6fwXSdKtoWQZWAy8UtFrwqkc=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soapenv:Header><soapenv:Body > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="Id-1807007877"><ns:calcularInteresesResponse > xmlns:ns="http://servidor.gestion.es/xsd";><ns:return><?xml > version="1.0" > encoding="UTF-8" standalone="yes"?> > <xmlType> > <id_peticion>129ST01</id_peticion> > <interesesCalculados> > <id_calculo>1</id_calculo> > <importe xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:xs="http://www.w3.org/2001/XMLSchema"; > xsi:type="xs:string">25.0</importe> > <tipo_interes>N</tipo_interes> > <tramo> > <fecha_desde>16/03/2010</fecha_desde> > <fecha_hasta>16/03/2012</fecha_hasta> > <tipo_aplicado>5</tipo_aplicado> > </tramo> > </interesesCalculados> > <respuesta> > <resultado>0</resultado> > </respuesta> > </xmlType> > > </ns:return></ns:calcularInteresesResponse></soapenv:Body></soapenv:Envelope> > > > Kinds regards. > > Lobrene. > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
