You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "Haselmann, Till" <Ti...@viadee.de> on 2007/09/21 09:39:56 UTC
Problems with Policy file
Hello everybody,
I have created a Web Service using Sun's Metro stack (i.e., JAX-WS + WSIT). For this, I also created a policy file that works well with the WSIT implementation of WS-Policy/WS-SecurityPolicy/... Now, I would like to create a CXF-based Web Service + client for the same WSDL/Policy file. The Policy looks more or less like this (I cut some parts to save space):
<?xml version="1.0" encoding="UTF-8"?>
<definitions targetNamespace="http://computernoma.de/AlgebraService"
xmlns="http://schemas.xmlsoap.org/wsdl/"
...
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sc="http://schemas.sun.com/2006/03/wss/client"
xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy">
<wsp:UsingPolicy/>
<types>...</types>
<message ...>...</message>
<portType name="AlgebraServicePortType">
<wsdl:operation name="Evaluate">
<wsdl:input name="Request" message="ns:EvaluationRequest" />
<wsdl:output name="Response" message="ns:EvaluationResponse" />
</wsdl:operation>
</portType>
<binding name="SOAPportBinding" type="ns:AlgebraServicePortType">
<wsp:PolicyReference URI="#SOAPBindingPolicy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<wsdl:operation name="Evaluate">
<soap:operation soapAction="urn:Evaluate" style="document" />
<wsdl:input name="Request"><soap:body use="literal" /></wsdl:input>
<wsdl:output name="Response"> <soap:body use="literal" /></wsdl:output>
</wsdl:operation>
</binding>
<service ...>...</service>
<wsp:Policy wsu:Id="SOAPBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
<!--<wsrm:RMAssertion/>-->
<sp:SymmetricBinding>
<wsp:Policy>
...
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss10>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
<sp:MustSupportRefThumbprint />
<sp:MustSupportRefEncryptedKey />
</wsp:Policy>
</sp:Wss11>
<sp:SignedParts>...</sp:SignedParts>
<sp:EncryptedParts...</sp:EncryptedParts>
<sc:KeyStore wspp:visibility="private" .../>
<sc:TrustStore wspp:visibility="private" ... />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</definitions>
I assume that it's a valid policy by the standards (looks ok, works with Sun's implementation). I try to load it into CXF by engaging the policy engine in the cxf.xml (taken from CXF samples):
<bean id="org.apache.cxf.ws.policy.PolicyEngine" class="org.apache.cxf.ws.policy.spring.InitializingPolicyEngine">
<property name="bus" ref="cxf" />
<property name="enabled" value="true" />
</bean>
I then initialize the Web Service stub on the client side by calling the constructor with a path to the above WSDL-file. However, it does not seem to understand the policy. The service works well, but no policy assertions are processed: WS-Addressing is not turned on, no security header is inserted, ... I read through the documentation but did not find any solution.
What's my mistake? How can I use WS-Policy with CXF? Could it be that the <wsp:PolicyReference .../> is not respected by CXF?
As a next step: How do I specify a keystore for CXF? The <sc:KeyStore .../> seems to be a proprietary Sun extension.
Any help is appreciated!
Yours,
Till.
---------------------------------------------------------------------
Till Haselmann
Diplomand
viadee Unternehmensberatung GmbH
Anton-Bruchausen-Str. 8
48147 Münster
Telefon: +49 251 7 77 77 303
till.haselmann@viadee.de
www.viadee.de
Sitz und Amtsgericht: Münster, HRB 4318
Geschäftsführer: Martina Wegener, Heinrich Riemann
Re: Problems with Policy file
Posted by Sergey Beryozkin <se...@iona.com>.
Hi
Unfortunately, no WS-SecurityPolicy is supported by CXF at this point of time though I believe people are planning to gradually add the support for it.
The only workaround I can suggest at this point of time is to translate WS-PolicySecurity settings into corresponding
CXF configuration properties, possibly using an XSLT stylesheet. I appreciate it's not what a user would typically expect to do :-) but that is what needs to be done now.
WS-Adrressing policy is supported but I believe the reason it's not enforced is that the policy engine does not recognize one of the required policy assertions listed in <All>, which is <sp:SymmetricBinding>. WS-RM is supported too.
Hope this clarifies the issue...
Cheers, Sergey
----- Original Message -----
From: "Haselmann, Till" <Ti...@viadee.de>
To: <cx...@incubator.apache.org>
Sent: Friday, September 21, 2007 8:39 AM
Subject: Problems with Policy file
Hello everybody,
I have created a Web Service using Sun's Metro stack (i.e., JAX-WS + WSIT). For this, I also created a policy file that works well with the WSIT implementation of WS-Policy/WS-SecurityPolicy/... Now, I would like to create a CXF-based Web Service + client for the same WSDL/Policy file. The Policy looks more or less like this (I cut some parts to save space):
<?xml version="1.0" encoding="UTF-8"?>
<definitions targetNamespace="http://computernoma.de/AlgebraService"
xmlns="http://schemas.xmlsoap.org/wsdl/"
...
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sc="http://schemas.sun.com/2006/03/wss/client"
xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy">
<wsp:UsingPolicy/>
<types>...</types>
<message ...>...</message>
<portType name="AlgebraServicePortType">
<wsdl:operation name="Evaluate">
<wsdl:input name="Request" message="ns:EvaluationRequest" />
<wsdl:output name="Response" message="ns:EvaluationResponse" />
</wsdl:operation>
</portType>
<binding name="SOAPportBinding" type="ns:AlgebraServicePortType">
<wsp:PolicyReference URI="#SOAPBindingPolicy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<wsdl:operation name="Evaluate">
<soap:operation soapAction="urn:Evaluate" style="document" />
<wsdl:input name="Request"><soap:body use="literal" /></wsdl:input>
<wsdl:output name="Response"> <soap:body use="literal" /></wsdl:output>
</wsdl:operation>
</binding>
<service ...>...</service>
<wsp:Policy wsu:Id="SOAPBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
<!--<wsrm:RMAssertion/>-->
<sp:SymmetricBinding>
<wsp:Policy>
...
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss10>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
<sp:MustSupportRefThumbprint />
<sp:MustSupportRefEncryptedKey />
</wsp:Policy>
</sp:Wss11>
<sp:SignedParts>...</sp:SignedParts>
<sp:EncryptedParts...</sp:EncryptedParts>
<sc:KeyStore wspp:visibility="private" .../>
<sc:TrustStore wspp:visibility="private" ... />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</definitions>
I assume that it's a valid policy by the standards (looks ok, works with Sun's implementation). I try to load it into CXF by engaging the policy engine in the cxf.xml (taken from CXF samples):
<bean id="org.apache.cxf.ws.policy.PolicyEngine" class="org.apache.cxf.ws.policy.spring.InitializingPolicyEngine">
<property name="bus" ref="cxf" />
<property name="enabled" value="true" />
</bean>
I then initialize the Web Service stub on the client side by calling the constructor with a path to the above WSDL-file. However, it does not seem to understand the policy. The service works well, but no policy assertions are processed: WS-Addressing is not turned on, no security header is inserted, ... I read through the documentation but did not find any solution.
What's my mistake? How can I use WS-Policy with CXF? Could it be that the <wsp:PolicyReference .../> is not respected by CXF?
As a next step: How do I specify a keystore for CXF? The <sc:KeyStore .../> seems to be a proprietary Sun extension.
Any help is appreciated!
Yours,
Till.
---------------------------------------------------------------------
Till Haselmann
Diplomand
viadee Unternehmensberatung GmbH
Anton-Bruchausen-Str. 8
48147 Münster
Telefon: +49 251 7 77 77 303
till.haselmann@viadee.de
www.viadee.de
Sitz und Amtsgericht: Münster, HRB 4318
Geschäftsführer: Martina Wegener, Heinrich Riemann
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland