You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Karl Rhenius (JIRA)" <ji...@apache.org> on 2011/02/25 11:49:39 UTC
[jira] Created: (CXF-3365) CXF uses wrong policy alternative on
response message
CXF uses wrong policy alternative on response message
-----------------------------------------------------
Key: CXF-3365
URL: https://issues.apache.org/jira/browse/CXF-3365
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 2.3.2
Reporter: Karl Rhenius
CXF uses a wrong policy on outgoing messages, if the wsdl has alternative policies.
Here is my setup:
Server-policy:
<wsp:ExactlyOne>
<wsp:All>
#1 SecureConversation policy
</wsp:All>
<wsp:All>
#2 nothing special, clients just send an UsernameToken
</wsp:All>
</wsp:ExactlyOne>
Client-policy:
<wsp:ExactlyOne>
<wsp:All>
#1 SecureConversation policy
</wsp:All>
</wsp:ExactlyOne>
The client defines only the SecureConversation policy in it's wsdl.
If I test my service, they communicate like this:
Client > Server: RST/SCT message
Server > Client: answers with a token
Client > Server: calls the webservice with an encrypted soap message
Server > Client: answers the service call with an unencrypted message
(the server took policy #2 for the answer) -> client throws an exception
"These policy alternatives can not be satisfied"
I attached a test project, based on the AC_IPingService from the interop samples.
You can change the wsdl, which will be used by the server, in WSSCTest.startServers().
Related to this issue is the following bug:
If the UsernameToken policy is defined before the SecureConversation policy, the webservice fails on the RST/SCT message. Start the server with UtSecConvIPingService() to test this.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-3365) CXF uses wrong policy alternative on
response message
Posted by "Daniel Kulp (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp resolved CXF-3365.
------------------------------
Resolution: Fixed
Fix Version/s: 2.5
Assignee: Daniel Kulp
See my comments in:
http://cxf.547215.n5.nabble.com/WS-Policy-alternatives-td4867625.html
about the compatibility of the fix and why it's only fixed for CXF 2.5.
> CXF uses wrong policy alternative on response message
> -----------------------------------------------------
>
> Key: CXF-3365
> URL: https://issues.apache.org/jira/browse/CXF-3365
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.3.2
> Reporter: Karl Rhenius
> Assignee: Daniel Kulp
> Fix For: 2.5
>
> Attachments: cxf-jira-3365.zip
>
>
> CXF uses a wrong policy on outgoing messages, if the wsdl has alternative policies.
> Here is my setup:
> Server-policy:
> <wsp:ExactlyOne>
> <wsp:All>
> #1 SecureConversation policy
> </wsp:All>
> <wsp:All>
> #2 nothing special, clients just send an UsernameToken
> </wsp:All>
> </wsp:ExactlyOne>
> Client-policy:
> <wsp:ExactlyOne>
> <wsp:All>
> #1 SecureConversation policy
> </wsp:All>
> </wsp:ExactlyOne>
> The client defines only the SecureConversation policy in it's wsdl.
> If I test my service, they communicate like this:
> Client > Server: RST/SCT message
> Server > Client: answers with a token
> Client > Server: calls the webservice with an encrypted soap message
> Server > Client: answers the service call with an unencrypted message
> (the server took policy #2 for the answer) -> client throws an exception
> "These policy alternatives can not be satisfied"
> I attached a test project, based on the AC_IPingService from the interop samples.
> You can change the wsdl, which will be used by the server, in WSSCTest.startServers().
> Related to this issue is the following bug:
> If the UsernameToken policy is defined before the SecureConversation policy, the webservice fails on the RST/SCT message. Start the server with UtSecConvIPingService() to test this.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (CXF-3365) CXF uses wrong policy alternative on
response message
Posted by "Karl Rhenius (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karl Rhenius updated CXF-3365:
------------------------------
Attachment: cxf-jira-3365.zip
testcase
> CXF uses wrong policy alternative on response message
> -----------------------------------------------------
>
> Key: CXF-3365
> URL: https://issues.apache.org/jira/browse/CXF-3365
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.3.2
> Reporter: Karl Rhenius
> Attachments: cxf-jira-3365.zip
>
>
> CXF uses a wrong policy on outgoing messages, if the wsdl has alternative policies.
> Here is my setup:
> Server-policy:
> <wsp:ExactlyOne>
> <wsp:All>
> #1 SecureConversation policy
> </wsp:All>
> <wsp:All>
> #2 nothing special, clients just send an UsernameToken
> </wsp:All>
> </wsp:ExactlyOne>
> Client-policy:
> <wsp:ExactlyOne>
> <wsp:All>
> #1 SecureConversation policy
> </wsp:All>
> </wsp:ExactlyOne>
> The client defines only the SecureConversation policy in it's wsdl.
> If I test my service, they communicate like this:
> Client > Server: RST/SCT message
> Server > Client: answers with a token
> Client > Server: calls the webservice with an encrypted soap message
> Server > Client: answers the service call with an unencrypted message
> (the server took policy #2 for the answer) -> client throws an exception
> "These policy alternatives can not be satisfied"
> I attached a test project, based on the AC_IPingService from the interop samples.
> You can change the wsdl, which will be used by the server, in WSSCTest.startServers().
> Related to this issue is the following bug:
> If the UsernameToken policy is defined before the SecureConversation policy, the webservice fails on the RST/SCT message. Start the server with UtSecConvIPingService() to test this.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira