You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2010/10/11 16:33:33 UTC
[jira] Updated: (CXF-3037) Policy references embedded in policy are
not processed
[ https://issues.apache.org/jira/browse/CXF-3037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp updated CXF-3037:
-----------------------------
Fix Version/s: (was: 2.2.11)
> Policy references embedded in policy are not processed
> ------------------------------------------------------
>
> Key: CXF-3037
> URL: https://issues.apache.org/jira/browse/CXF-3037
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.2.10
> Reporter: Dennis Sosnoski
> Assignee: Daniel Kulp
>
> WS-Policy allows <wsp:PolicyReference> to be embedded within policy documents, but CXF does not handle these references. Here's an example:
>
> <!-- Policy for symmetric binding, using an ephemeral key generated by the client and
> sent to the server as part of the request, using asymmetric encryption with the server
> public key to secure the symmetric key. -->
> <wsp:Policy wsu:Id="SymmBinding"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:SymmetricBinding>
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireDerivedKeys/>
> <sp:RequireThumbprintReference/>
> <sp:WssX509V3Token10/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic128Rsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:SymmetricBinding>
> </wsp:Policy>
>
> <!-- Policy for symmetric binding, using an ephemeral key generated by the client and
> sent to the server as part of the request, using asymmetric encryption with the server
> public key to secure the symmetric key. -->
> <wsp:Policy wsu:Id="SymmEncr"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="#SymmBinding"/>
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefThumbprint/>
> <sp:MustSupportRefEncryptedKey/>
> </wsp:Policy>
> </sp:Wss11>
> </wsp:Policy>
> When trying to use this policy on the client it causes an NPE inside Neethi:
> [java] WARNING: Interceptor for {http://ws.sosnoski.com/library/wsdl}CXFLibrary#{http://ws.sosnoski.com/library/wsdl}getBook has thrown exception, unwinding now
> [java] java.lang.NullPointerException
> [java] at org.apache.neethi.AbstractPolicyOperator.normalizeOperator(AbstractPolicyOperator.java:116)
> [java] at org.apache.neethi.AbstractPolicyOperator.normalize(AbstractPolicyOperator.java:73)
> [java] at org.apache.neethi.Policy.normalize(Policy.java:64)
> [java] at org.apache.neethi.Policy.normalize(Policy.java:49)
> [java] at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialisePolicy(EffectivePolicyImpl.java:134)
> [java] at org.apache.cxf.ws.policy.EffectivePolicyImpl.initialise(EffectivePolicyImpl.java:86)
> [java] at org.apache.cxf.ws.policy.PolicyEngineImpl.getEffectiveClientRequestPolicy(PolicyEngineImpl.java:155)
> [java] at org.apache.cxf.ws.policy.PolicyOutInterceptor.handle(PolicyOutInterceptor.java:110)
> The problem here is that CXF passes a null for the policy context when calling the Policy.normalize() method. Just passing the context should be enough to make this work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.