You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "Lambert, Michael" <mi...@michaellambert.com> on 2014/07/02 08:13:17 UTC
policy attachment
I feel awful for asking so many questions but googling hasnt been helpful.
I am attempting to attach an external security policy to an endpoint with
no success. When I attempt to use a wsp:UI in the AppliesTo element cxf
blows up. Here is the contents of the file:
----
<?xml version="1.0" encoding="UTF-8" ?>
<attachments
xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:PolicyAttachment>
<wsp:AppliesTo>
<wsp:URI>
http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.port(GreeterService/GreeterPort)
</wsp:URI>
</wsp:AppliesTo>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsp:PolicyAttachment>
</attachments>
----
And here is the error:
----
Caused by: javax.xml.ws.WebServiceException:
org.apache.cxf.ws.policy.PolicyException: NO_DOMAINEXPRESSIONBUILDER_EXC
----
It appears that the wsp:URI element passed
into DomainExpressionBuilderRegistry.build(Element element) has null
contents for a reason that I cannot figure out. I have tried different
syntaxes and URLs to try to get it to work and its always null.
Putting an EndpointReference in the AppliesTo element doesnt error:
<wsa:EndpointReference><wsa:Address>http://localhost:8080/user-service/userService</wsa:Address>
</wsa:EndpointReference>
But it doesnt work either. It never seems to intercept calls to the
service hosted at the configured URL. The ONLY way I have able to get
it to work is by embedding the policy in the wsdl. I dont want to do
that however as I want a mediator to handle the policy and would like
the contract policies to configured differently in different
environments.
Any help would be appreciated. I am tearing my hair out over this. I cant
be the only one attempting to do this.
The code is on github:
https://github.com/MacFlecknoe/service-repository-sample/blob/master/schema/src/main/resources/policy/authentication-policy.xml
Thanks.
Mike
RE: policy attachment
Posted by Andrei Shakirin <as...@talend.com>.
Cool.
Btw, in 3.0.1 I activated URIDomainExpressionBuilder by default, so it should work out of the box.
Regards,
Andrei.
> -----Original Message-----
> From: Lambert, Michael [mailto:michael@michaellambert.com]
> Sent: Samstag, 5. Juli 2014 04:31
> To: users@cxf.apache.org
> Subject: Re: policy attachment
>
> Everything works Andrei including the new URI syntax; I really appreciate the
> help! cxf 2.7.12 isnt available in maven central yet so i had to copy over the two
> classes you mentioned but it works perfectly!
>
> Thanks!
>
> -Mike
>
>
> On Fri, Jul 4, 2014 at 10:30 AM, Andrei Shakirin <as...@talend.com>
> wrote:
>
> > Hi,
> >
> > > -----Original Message-----
> > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > Sent: Donnerstag, 3. Juli 2014 17:00
> > > To: users@cxf.apache.org
> > > Subject: Re: policy attachment
> > >
> > > I figured it out but the documentation wasnt a lot of help. It
> > > appears
> > that the
> > > EndpointReferenceDomainExpression is being compared to the address
> > > configured in the jaxrs-endpoint and not what is in the wsdl. This
> > > makes PERFECT sense but as all the example configuration contained
> > > the
> > complete url
> > > (including protocol and port: e.g.
> >
> > Correct, the service will be published under address configured into
> > jaxws:endpoint and this address will be used for domain expression matching.
> > Perhaps it makes sense to explicitly write it into policy documentation.
> > Do you have wsp:URI running as well (using URIDomainExpressionBuilder)?
> >
> > Regards,
> > Andrei.
> >
> > > http://localhost:8080/user-servic/userService) i wrongly presumed
> > > that
> > it was
> > > either reading the address from the actual request and comparing it
> > > to
> > the
> > > expression or reading it from the configured wsdl address.
> > >
> > > So when a configuration looks like this:
> > >
> > > <jaxws:endpoint id="userService"
> > > implementor="com.healthmedia.ws.wsdl.user.v1.UserServiceImpl"
> > > address="/userService">
> > > <jaxws:properties>
> > > <entry key="ws-security.ut.validator" value-ref="validator" />
> > > </jaxws:properties> </jaxws:endpoint>
> > >
> > > The policy expression should reflect the address above like so:
> > >
> > > <?xml version="1.0" encoding="UTF-8" ?> <attachments
> > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > > xmlns:i18np="http://www.w3.org/2008/04/ws-i18np"
> > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > > <wsp:PolicyAttachment>
> > > <wsp:AppliesTo>
> > > <wsa:EndpointReference>
> > > <wsa:Address>/userService</wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > > <wsp:Policy>
> > > <wsp:ExactlyOne>
> > > <wsp:All>
> > > <wsp:Policy>
> > > <i18np:i18n Optional="false" />
> > > </wsp:Policy>
> > > </wsp:All>
> > > </wsp:ExactlyOne>
> > > </wsp:Policy>
> > > </wsp:PolicyAttachment>
> > > </attachments>
> > >
> > > Thanks for the help. This was tremendously frustrating to figure out.
> > Thank god
> > > for debuggers!
> > >
> > > -Mike
> > >
> > >
> > >
> > > On Thu, Jul 3, 2014 at 7:37 AM, Lambert, Michael
> > > <michael@michaellambert.com
> > > > wrote:
> > >
> > > > Sorry Andrei,
> > > >
> > > > I didnt think you were going to respond so i moved forward with a
> > > > solution using another technique. I would like to solve this issue
> > > > however so i created a branch with the problem:
> > > >
> > > >
> > > > https://github.com/MacFlecknoe/service-repository-sample/blob/poli
> > > > cy-a
> > > > ttachement-problem/schema/src/main/resources/policy/authentication
> > > > -pol icy.xml
> > > > https://github.com/MacFlecknoe/service-repository-sample/blob/
> > > > policy-attachement-problem
> > > > /schema/src/main/resources/service/user-soap-v1.wsdl
> > > > <https://github.com/MacFlecknoe/service-repository-sample/blob/mas
> > > > ter/ schema/src/main/resources/service/user-soap-v1.wsdl>
> > > > https://github.com/MacFlecknoe/service-repository-sample/blob/
> > > > <https://github.com/MacFlecknoe/service-repository-sample/blob/mas
> > > > ter/ user/service/src/main/webapp/WEB-INF/beans.xml>
> > > > policy-attachement-problem
> > > > <https://github.com/MacFlecknoe/service-repository-sample/blob/mas
> > > > ter/ schema/src/main/resources/service/user-soap-v1.wsdl>
> > > > /user/service/src/main/webapp/WEB-INF/beans.xml
> > > >
> > > > Could you take another quick peek? Again, the problem is that the
> > > > policy is being completely ignored. The address i have it
> > > > configured for is both reflected in the wsdl and in reality when I
> > > > start my
> > server.
> > > >
> > > > Also, is there a way to configure the address in the policy so
> > > > that is dynamic? I am not sure what the end address of the service
> > > > is going to be once its deployed (e.g. its domain will likely change).
> > > >
> > > > Thanks,
> > > >
> > > > Mike
> > > >
> > > >
> > > > On Thu, Jul 3, 2014 at 4:38 AM, Andrei Shakirin
> > > > <as...@talend.com>
> > > > wrote:
> > > >
> > > >> Hi,
> > > >>
> > > >> I am bit confused: don't see policy attachments in your
> > > >> configuration, you attach policies direct to endpoint:
> > > >>
> > > >> <jaxws:features>
> > > >> <bean class="org.apache.cxf.feature.LoggingFeature"/>
> > > >> <p:policies>
> > > >> <!-- we attach policies via spring as there are issues
> > > >> leveraging external policy attachments when using
> > > >> PolicyAttachement
> > with
> > > cxf 2.*-->
> > > >> <wsp:PolicyReference
> > > >> URI="classpath:policy/authentication-policy.xml" />
> > > >> <wsp:PolicyReference URI="classpath:policy/i18n-policy.xml" />
> > > >> </p:policies>
> > > >> </jaxws:features>
> > > >>
> > > >> To use policy attachments you need something like:
> > > >>
> > > >> <cxf:bus>
> > > >> <cxf:features>
> > > >> <p:policies/>
> > > >> </cxf:features>
> > > >> </cxf:bus>
> > > >>
> > > >> <p:externalAttachment
> > > >> location="${temp.location}/addr-external.xml"/>
> > > >>
> > > >> Where addr-external.xml is policy attachment:
> > > >>
> > > >> <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
> > > >> http://www.w3.org/2005/08/addressing">
> > > >> <wsp:PolicyAttachment>
> > > >> <wsp:AppliesTo>
> > > >> <wsa:EndpointReference>
> > > >> <wsa:Address>
> > > >> http://localhost:9020/SoapContext/GreeterPort</wsa:Address>
> > > >> </wsa:EndpointReference>
> > > >> </wsp:AppliesTo>
> > > >> <wsp:Policy>
> > > >> <wsp:ExactlyOne>
> > > >> <wsp:All>
> > > >> <wsam:Addressing xmlns:wsam="
> > > >> http://www.w3.org/2007/02/addressing/metadata">
> > > >> <wsp:Policy/>
> > > >> </wsam:Addressing>
> > > >> </wsp:All>
> > > >> </wsp:ExactlyOne>
> > > >> </wsp:Policy>
> > > >> </wsp:PolicyAttachment>
> > > >> </attachments>
> > > >>
> > > >> I propose that you look into working policy attachments CXF
> > > >> system tests and find the difference with your code.
> > > >> If that doesn't help, please create a small distilled sample with
> > > >> simple policy (for example WS-Addressing) to illustrate your
> > > >> problem, I will look into it.
> > > >>
> > > >> Regards,
> > > >> Andrei.
> > > >>
> > > >> > -----Original Message-----
> > > >> > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > >> > Sent: Mittwoch, 2. Juli 2014 15:25
> > > >> > To: users@cxf.apache.org
> > > >> > Subject: Re: policy attachment
> > > >> >
> > > >> > Thats part of the problem Andrei. I have followed the examples
> > > >> > and its
> > > >> just not
> > > >> > working for me. Can you take a look at my policy file and wsdl
> > > >> > and see
> > > >> if
> > > >> > anything obvious sticks out as wrong?
> > > >> >
> > > >> > https://github.com/MacFlecknoe/service-repository-
> > > >> > sample/blob/master/schema/src/main/resources/policy/authenticat
> > > >> > ion-
> > > >> > policy.xml
> > > >> > https://github.com/MacFlecknoe/service-repository-
> > > >> > sample/blob/master/schema/src/main/resources/service/user-soap-
> > > >> > v1.w
> > > >> > sdl
> > > >> >
> > > >> > Here is how I have it configured:
> > > >> > https://github.com/MacFlecknoe/service-repository-
> > > >> > sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.x
> > > >> > ml
> > > >> >
> > > >> > It only works when I embed the policy in the wsdl file itself.
> > > >> > The
> > > >> external
> > > >> > attachment file loads but doesnt trigger the ws-security policy
> > > >> > to
> > fire.
> > > >> >
> > > >> > -Mike
> > > >> >
> > > >> >
> > > >> > On Wed, Jul 2, 2014 at 8:27 AM, Andrei Shakirin
> > > >> > <as...@talend.com>
> > > >> > wrote:
> > > >> >
> > > >> > > Hi,
> > > >> > >
> > > >> > > > -----Original Message-----
> > > >> > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > >> > > > Sent: Mittwoch, 2. Juli 2014 14:05
> > > >> > > > To: users@cxf.apache.org
> > > >> > > > Subject: RE: policy attachment
> > > >> > > >
> > > >> > > > Thanks Andrei! That helps a lot... I'll try your suggestion
> > > >> > > > and let you
> > > >> > > know how it
> > > >> > > > goes.
> > > >> > > >
> > > >> > >
> > > >> > > OK.
> > > >> > >
> > > >> > > > Any insight as to why I can't get end point references to work?
> > > >> > > > Is there
> > > >> > > a trick to
> > > >> > > > configuring it? I followed the example on the samples but
> > > >> > > > can't seem to
> > > >> > > get it
> > > >> > > > to work with my wsdl. Does the end point need to match what
> > > >> > > > is in the
> > > >> > > wsdl or
> > > >> > > > what cxf generates the address to be when it starts? Any
> > > >> > > > documentation surrounding this?
> > > >> > >
> > > >> > > This construction should work by default, if endpoint address
> > > >> > > matches to your service:
> > > >> > >
> > > >> > > <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > xmlns:wsa="
> > > >> > > http://www.w3.org/2005/08/addressing">
> > > >> > > <wsp:PolicyAttachment>
> > > >> > > <wsp:AppliesTo>
> > > >> > > <wsa:EndpointReference>
> > > >> > >
> > > >> > > <wsa:Address>http://localhost:9020/SoapContext/GreeterPort
> > > >> > > </wsa:Address>
> > > >> > > </wsa:EndpointReference>
> > > >> > > </wsp:AppliesTo>
> > > >> > > <wsp:Policy>
> > > >> > > <wsp:ExactlyOne>
> > > >> > > <wsp:All>
> > > >> > > <wsam:Addressing xmlns:wsam="
> > > >> > > http://www.w3.org/2007/02/addressing/metadata">
> > > >> > > <wsp:Policy/>
> > > >> > > </wsam:Addressing>
> > > >> > > </wsp:All>
> > > >> > > </wsp:ExactlyOne>
> > > >> > > </wsp:Policy>
> > > >> > > </wsp:PolicyAttachment>
> > > >> > > </attachments>
> > > >> > >
> > > >> > > For details, look into addr-external.xml and
> > > >> > > AddressingPolicyTest.java in
> > > >> > > systests/ws-specs:
> > > >> > >
> > > >> > >
> > > >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systes
> > > >> ts/w
> > > >> s
> > > >> > > -specs/src/test/java/org/apache/cxf/systest/ws/policy;h=5e632
> > > >> > > 3442 952eb 619300582a2ced25cf861f6118;hb=HEAD
> > > >> > >
> > > >> > > Regards,
> > > >> > > Andrei.
> > > >> > >
> > > >> > >
> > > >> > > >
> > > >> > > > Thanks much!
> > > >> > > > On Jul 2, 2014 3:19 AM, "Andrei Shakirin"
> > > >> > > > <as...@talend.com>
> > > >> wrote:
> > > >> > > >
> > > >> > > > > Hi,
> > > >> > > > >
> > > >> > > > > If you use CXF >= 3.0.0, 2.7.12, you should register
> > > >> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExp
> > > >> > > > > ress
> > > >> > > > > ionBu
> > > >> > > > > ilde
> > > >> > > > > r as bus extension.
> > > >> > > > > It supports all policy attachment URL syntaxes (except
> > extension).
> > > >> > > > >
> > > >> > > > > By default CXF registers the
> > > >> > > > > org.apache.cxf.ws.policy.attachment.external.EndpointRefe
> > > >> > > > > renc eDoma inEx pressionBuilder supporting only
> > > >> > > > > wsa:EndpointReference.
> > > >> > > > >
> > > >> > > > > See https://issues.apache.org/jira/browse/CXF-5685 for
> > details.
> > > >> > > > >
> > > >> > > > > Either add following string into
> > META-INF/cxf/bus-extensions.txt:
> > > >> > > > >
> > > >> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExp
> > > >> > > > > ress ionBu ilde r::true or add bean in Spring/Blueprint
> > > >> > > > > context with URIDomainExpressionBuilder type.
> > > >> > > > >
> > > >> > > > > System test registering URIDomainExpressionBuilder:
> > > >> > > > >
> > > >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systes
> > > >> t
> > > >> > > > > s/ws
> > > >> > > > > -specs/src/test/java/org/apache/cxf/systest/ws/policy/Add
> > > >> > > > > ress
> > > >> > > > > ingPo
> > > >> > > > > licy
> > > >> > > > >
> > > >> > > >
> > > >> >
> > > ExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0
> > > >> > c
> > > >> > > > 00
> > > >> > > > > 42b649;hb=HEAD
> > > >> > > > > .
> > > >> > > > >
> > > >> > > > > If you use CXF version < 3.0.0, 2.7.12, just copy the
> > > >> > > > > classes URIDomainExpressionBuilder.java,
> > > >> > > > > URIDomainExpression.java and register
> URIDomainExpressionBuilder as bus extension.
> > > >> > > > >
> > > >> > > > > Let me know if it works as expected.
> > > >> > > > >
> > > >> > > > > Regards,
> > > >> > > > > Andrei.
> > > >> > > > >
> > > >> > > > > > -----Original Message-----
> > > >> > > > > > From: Lambert, Michael
> > > >> > > > > > [mailto:michael@michaellambert.com]
> > > >> > > > > > Sent: Mittwoch, 2. Juli 2014 08:13
> > > >> > > > > > To: users@cxf.apache.org
> > > >> > > > > > Subject: policy attachment
> > > >> > > > > >
> > > >> > > > > > I feel awful for asking so many questions but googling
> > > >> > > > > > hasnt been
> > > >> > > > > helpful.
> > > >> > > > > >
> > > >> > > > > > I am attempting to attach an external security policy
> > > >> > > > > > to an endpoint
> > > >> > > > > with no
> > > >> > > > > > success. When I attempt to use a wsp:UI in the
> > > >> > > > > > AppliesTo element cxf
> > > >> > > > > blows up.
> > > >> > > > > > Here is the contents of the file:
> > > >> > > > > >
> > > >> > > > > > ----
> > > >> > > > > > <?xml version="1.0" encoding="UTF-8" ?> <attachments
> > > >> > > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > > >> > > > > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > > >> > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securit
> > > >> > > > > > ypol
> > > >> > > > > > icy
> > > >> ">
> > > >> > > > > > <wsp:PolicyAttachment>
> > > >> > > > > > <wsp:AppliesTo>
> > > >> > > > > > <wsp:URI>
> > > >> > > > > >
> > > >> > > > >
> > > >> http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.po
> > > >> r
> > > >> > > > > t(Gr
> > > >> > > > > eeterSer
> > > >> > > > > > vice/GreeterPort)
> > > >> > > > > > </wsp:URI>
> > > >> > > > > > </wsp:AppliesTo>
> > > >> > > > > > <wsp:Policy>
> > > >> > > > > > <wsp:ExactlyOne>
> > > >> > > > > > <wsp:All>
> > > >> > > > > > <wsp:Policy>
> > > >> > > > > > <sp:UsernameToken sp:IncludeToken="
> > > >> > > > > >
> > > >> > > > >
> > > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken
> > > >> /
> > > >> > > > > Alwa
> > > >> > > > > ysTo
> > > >> > > > > > Recipient
> > > >> > > > > > ">
> > > >> > > > > > <wsp:Policy>
> > > >> > > > > > <sp:WssUsernameToken10 /> </wsp:Policy>
> > > >> > > > > > </sp:UsernameToken> </wsp:Policy> </wsp:All>
> > > >> > > > > > </wsp:ExactlyOne> </wsp:Policy> </wsp:PolicyAttachment>
> > > >> > > > > > </attachments>
> > > >> > > > > >
> > > >> > > > > > ----
> > > >> > > > > > And here is the error:
> > > >> > > > > > ----
> > > >> > > > > > Caused by: javax.xml.ws.WebServiceException:
> > > >> > > > > > org.apache.cxf.ws.policy.PolicyException:
> > > >> > > > > > NO_DOMAINEXPRESSIONBUILDER_EXC
> > > >> > > > > > ----
> > > >> > > > > > It appears that the wsp:URI element passed into
> > > >> > > > > > DomainExpressionBuilderRegistry.build(Element element)
> > > >> > > > > > has null contents
> > > >> > > > > for
> > > >> > > > > > a reason that I cannot figure out. I have tried
> > > >> > > > > > different syntaxes and
> > > >> > > > > URLs to try
> > > >> > > > > > to get it to work and its always null.
> > > >> > > > > >
> > > >> > > > > > Putting an EndpointReference in the AppliesTo element
> > > >> > > > > > doesnt
> > > >> error:
> > > >> > > > > >
> > > >> > > > > > <wsa:EndpointReference><wsa:Address>http://localhost:80
> > > >> > > > > > 80/u
> > > >> > > > > > ser- service/userService</wsa:Address>
> > > >> > > > > > </wsa:EndpointReference>
> > > >> > > > > >
> > > >> > > > > > But it doesnt work either. It never seems to intercept
> > > >> > > > > > calls to the
> > > >> > > > > service hosted
> > > >> > > > > > at the configured URL. The ONLY way I have able to get
> > > >> > > > > > it to work is by embedding the policy in the wsdl. I
> > > >> > > > > > dont want to do that however as I
> > > >> > > > > want a
> > > >> > > > > > mediator to handle the policy and would like the
> > > >> > > > > > contract policies to
> > > >> > > > > configured
> > > >> > > > > > differently in different environments.
> > > >> > > > > >
> > > >> > > > > >
> > > >> > > > > > Any help would be appreciated. I am tearing my hair out
> > > >> > > > > > over this. I
> > > >> > > > > cant be the
> > > >> > > > > > only one attempting to do this.
> > > >> > > > > >
> > > >> > > > > > The code is on github:
> > > >> > > > > >
> > > >> > > > > > https://github.com/MacFlecknoe/service-repository-
> > > >> > > > > > sample/blob/master/schema/src/main/resources/policy/aut
> > > >> > > > > > hent
> > > >> > > > > > icati
> > > >> > > > > > on-
> > > >> > > > > > policy.xml
> > > >> > > > > >
> > > >> > > > > > Thanks.
> > > >> > > > > >
> > > >> > > > > > Mike
> > > >> > > > >
> > > >> > >
> > > >>
> > > >
> > > >
> >
Re: policy attachment
Posted by "Lambert, Michael" <mi...@michaellambert.com>.
Everything works Andrei including the new URI syntax; I really appreciate
the help! cxf 2.7.12 isnt available in maven central yet so i had to copy
over the two classes you mentioned but it works perfectly!
Thanks!
-Mike
On Fri, Jul 4, 2014 at 10:30 AM, Andrei Shakirin <as...@talend.com>
wrote:
> Hi,
>
> > -----Original Message-----
> > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > Sent: Donnerstag, 3. Juli 2014 17:00
> > To: users@cxf.apache.org
> > Subject: Re: policy attachment
> >
> > I figured it out but the documentation wasnt a lot of help. It appears
> that the
> > EndpointReferenceDomainExpression is being compared to the address
> > configured in the jaxrs-endpoint and not what is in the wsdl. This makes
> > PERFECT sense but as all the example configuration contained the
> complete url
> > (including protocol and port: e.g.
>
> Correct, the service will be published under address configured into
> jaxws:endpoint and this address will be used for domain expression matching.
> Perhaps it makes sense to explicitly write it into policy documentation.
> Do you have wsp:URI running as well (using URIDomainExpressionBuilder)?
>
> Regards,
> Andrei.
>
> > http://localhost:8080/user-servic/userService) i wrongly presumed that
> it was
> > either reading the address from the actual request and comparing it to
> the
> > expression or reading it from the configured wsdl address.
> >
> > So when a configuration looks like this:
> >
> > <jaxws:endpoint id="userService"
> > implementor="com.healthmedia.ws.wsdl.user.v1.UserServiceImpl"
> > address="/userService">
> > <jaxws:properties>
> > <entry key="ws-security.ut.validator" value-ref="validator" />
> > </jaxws:properties> </jaxws:endpoint>
> >
> > The policy expression should reflect the address above like so:
> >
> > <?xml version="1.0" encoding="UTF-8" ?>
> > <attachments
> > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > xmlns:i18np="http://www.w3.org/2008/04/ws-i18np"
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:PolicyAttachment>
> > <wsp:AppliesTo>
> > <wsa:EndpointReference>
> > <wsa:Address>/userService</wsa:Address>
> > </wsa:EndpointReference>
> > </wsp:AppliesTo>
> > <wsp:Policy>
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <wsp:Policy>
> > <i18np:i18n Optional="false" />
> > </wsp:Policy>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > </wsp:PolicyAttachment>
> > </attachments>
> >
> > Thanks for the help. This was tremendously frustrating to figure out.
> Thank god
> > for debuggers!
> >
> > -Mike
> >
> >
> >
> > On Thu, Jul 3, 2014 at 7:37 AM, Lambert, Michael
> > <michael@michaellambert.com
> > > wrote:
> >
> > > Sorry Andrei,
> > >
> > > I didnt think you were going to respond so i moved forward with a
> > > solution using another technique. I would like to solve this issue
> > > however so i created a branch with the problem:
> > >
> > >
> > > https://github.com/MacFlecknoe/service-repository-sample/blob/policy-a
> > > ttachement-problem/schema/src/main/resources/policy/authentication-pol
> > > icy.xml https://github.com/MacFlecknoe/service-repository-sample/blob/
> > > policy-attachement-problem
> > > /schema/src/main/resources/service/user-soap-v1.wsdl
> > > <https://github.com/MacFlecknoe/service-repository-sample/blob/master/
> > > schema/src/main/resources/service/user-soap-v1.wsdl>
> > > https://github.com/MacFlecknoe/service-repository-sample/blob/
> > > <https://github.com/MacFlecknoe/service-repository-sample/blob/master/
> > > user/service/src/main/webapp/WEB-INF/beans.xml>
> > > policy-attachement-problem
> > > <https://github.com/MacFlecknoe/service-repository-sample/blob/master/
> > > schema/src/main/resources/service/user-soap-v1.wsdl>
> > > /user/service/src/main/webapp/WEB-INF/beans.xml
> > >
> > > Could you take another quick peek? Again, the problem is that the
> > > policy is being completely ignored. The address i have it configured
> > > for is both reflected in the wsdl and in reality when I start my
> server.
> > >
> > > Also, is there a way to configure the address in the policy so that is
> > > dynamic? I am not sure what the end address of the service is going to
> > > be once its deployed (e.g. its domain will likely change).
> > >
> > > Thanks,
> > >
> > > Mike
> > >
> > >
> > > On Thu, Jul 3, 2014 at 4:38 AM, Andrei Shakirin <as...@talend.com>
> > > wrote:
> > >
> > >> Hi,
> > >>
> > >> I am bit confused: don't see policy attachments in your
> > >> configuration, you attach policies direct to endpoint:
> > >>
> > >> <jaxws:features>
> > >> <bean class="org.apache.cxf.feature.LoggingFeature"/>
> > >> <p:policies>
> > >> <!-- we attach policies via spring as there are issues
> > >> leveraging external policy attachments when using PolicyAttachement
> with
> > cxf 2.*-->
> > >> <wsp:PolicyReference
> > >> URI="classpath:policy/authentication-policy.xml" />
> > >> <wsp:PolicyReference URI="classpath:policy/i18n-policy.xml" />
> > >> </p:policies>
> > >> </jaxws:features>
> > >>
> > >> To use policy attachments you need something like:
> > >>
> > >> <cxf:bus>
> > >> <cxf:features>
> > >> <p:policies/>
> > >> </cxf:features>
> > >> </cxf:bus>
> > >>
> > >> <p:externalAttachment
> > >> location="${temp.location}/addr-external.xml"/>
> > >>
> > >> Where addr-external.xml is policy attachment:
> > >>
> > >> <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
> > >> http://www.w3.org/2005/08/addressing">
> > >> <wsp:PolicyAttachment>
> > >> <wsp:AppliesTo>
> > >> <wsa:EndpointReference>
> > >> <wsa:Address>
> > >> http://localhost:9020/SoapContext/GreeterPort</wsa:Address>
> > >> </wsa:EndpointReference>
> > >> </wsp:AppliesTo>
> > >> <wsp:Policy>
> > >> <wsp:ExactlyOne>
> > >> <wsp:All>
> > >> <wsam:Addressing xmlns:wsam="
> > >> http://www.w3.org/2007/02/addressing/metadata">
> > >> <wsp:Policy/>
> > >> </wsam:Addressing>
> > >> </wsp:All>
> > >> </wsp:ExactlyOne>
> > >> </wsp:Policy>
> > >> </wsp:PolicyAttachment>
> > >> </attachments>
> > >>
> > >> I propose that you look into working policy attachments CXF system
> > >> tests and find the difference with your code.
> > >> If that doesn't help, please create a small distilled sample with
> > >> simple policy (for example WS-Addressing) to illustrate your problem,
> > >> I will look into it.
> > >>
> > >> Regards,
> > >> Andrei.
> > >>
> > >> > -----Original Message-----
> > >> > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > >> > Sent: Mittwoch, 2. Juli 2014 15:25
> > >> > To: users@cxf.apache.org
> > >> > Subject: Re: policy attachment
> > >> >
> > >> > Thats part of the problem Andrei. I have followed the examples and
> > >> > its
> > >> just not
> > >> > working for me. Can you take a look at my policy file and wsdl and
> > >> > see
> > >> if
> > >> > anything obvious sticks out as wrong?
> > >> >
> > >> > https://github.com/MacFlecknoe/service-repository-
> > >> > sample/blob/master/schema/src/main/resources/policy/authentication-
> > >> > policy.xml
> > >> > https://github.com/MacFlecknoe/service-repository-
> > >> > sample/blob/master/schema/src/main/resources/service/user-soap-v1.w
> > >> > sdl
> > >> >
> > >> > Here is how I have it configured:
> > >> > https://github.com/MacFlecknoe/service-repository-
> > >> > sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.xml
> > >> >
> > >> > It only works when I embed the policy in the wsdl file itself. The
> > >> external
> > >> > attachment file loads but doesnt trigger the ws-security policy to
> fire.
> > >> >
> > >> > -Mike
> > >> >
> > >> >
> > >> > On Wed, Jul 2, 2014 at 8:27 AM, Andrei Shakirin
> > >> > <as...@talend.com>
> > >> > wrote:
> > >> >
> > >> > > Hi,
> > >> > >
> > >> > > > -----Original Message-----
> > >> > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > >> > > > Sent: Mittwoch, 2. Juli 2014 14:05
> > >> > > > To: users@cxf.apache.org
> > >> > > > Subject: RE: policy attachment
> > >> > > >
> > >> > > > Thanks Andrei! That helps a lot... I'll try your suggestion and
> > >> > > > let you
> > >> > > know how it
> > >> > > > goes.
> > >> > > >
> > >> > >
> > >> > > OK.
> > >> > >
> > >> > > > Any insight as to why I can't get end point references to work?
> > >> > > > Is there
> > >> > > a trick to
> > >> > > > configuring it? I followed the example on the samples but can't
> > >> > > > seem to
> > >> > > get it
> > >> > > > to work with my wsdl. Does the end point need to match what is
> > >> > > > in the
> > >> > > wsdl or
> > >> > > > what cxf generates the address to be when it starts? Any
> > >> > > > documentation surrounding this?
> > >> > >
> > >> > > This construction should work by default, if endpoint address
> > >> > > matches to your service:
> > >> > >
> > >> > > <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy"
> xmlns:wsa="
> > >> > > http://www.w3.org/2005/08/addressing">
> > >> > > <wsp:PolicyAttachment>
> > >> > > <wsp:AppliesTo>
> > >> > > <wsa:EndpointReference>
> > >> > >
> > >> > > <wsa:Address>http://localhost:9020/SoapContext/GreeterPort
> > >> > > </wsa:Address>
> > >> > > </wsa:EndpointReference>
> > >> > > </wsp:AppliesTo>
> > >> > > <wsp:Policy>
> > >> > > <wsp:ExactlyOne>
> > >> > > <wsp:All>
> > >> > > <wsam:Addressing xmlns:wsam="
> > >> > > http://www.w3.org/2007/02/addressing/metadata">
> > >> > > <wsp:Policy/>
> > >> > > </wsam:Addressing>
> > >> > > </wsp:All>
> > >> > > </wsp:ExactlyOne>
> > >> > > </wsp:Policy>
> > >> > > </wsp:PolicyAttachment>
> > >> > > </attachments>
> > >> > >
> > >> > > For details, look into addr-external.xml and
> > >> > > AddressingPolicyTest.java in
> > >> > > systests/ws-specs:
> > >> > >
> > >> > >
> > >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systests/w
> > >> s
> > >> > > -specs/src/test/java/org/apache/cxf/systest/ws/policy;h=5e6323442
> > >> > > 952eb 619300582a2ced25cf861f6118;hb=HEAD
> > >> > >
> > >> > > Regards,
> > >> > > Andrei.
> > >> > >
> > >> > >
> > >> > > >
> > >> > > > Thanks much!
> > >> > > > On Jul 2, 2014 3:19 AM, "Andrei Shakirin"
> > >> > > > <as...@talend.com>
> > >> wrote:
> > >> > > >
> > >> > > > > Hi,
> > >> > > > >
> > >> > > > > If you use CXF >= 3.0.0, 2.7.12, you should register
> > >> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpress
> > >> > > > > ionBu
> > >> > > > > ilde
> > >> > > > > r as bus extension.
> > >> > > > > It supports all policy attachment URL syntaxes (except
> extension).
> > >> > > > >
> > >> > > > > By default CXF registers the
> > >> > > > > org.apache.cxf.ws.policy.attachment.external.EndpointReferenc
> > >> > > > > eDoma inEx pressionBuilder supporting only
> > >> > > > > wsa:EndpointReference.
> > >> > > > >
> > >> > > > > See https://issues.apache.org/jira/browse/CXF-5685 for
> details.
> > >> > > > >
> > >> > > > > Either add following string into
> META-INF/cxf/bus-extensions.txt:
> > >> > > > >
> > >> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpress
> > >> > > > > ionBu ilde r::true or add bean in Spring/Blueprint context
> > >> > > > > with URIDomainExpressionBuilder type.
> > >> > > > >
> > >> > > > > System test registering URIDomainExpressionBuilder:
> > >> > > > >
> > >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systest
> > >> > > > > s/ws
> > >> > > > > -specs/src/test/java/org/apache/cxf/systest/ws/policy/Address
> > >> > > > > ingPo
> > >> > > > > licy
> > >> > > > >
> > >> > > >
> > >> >
> > ExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0
> > >> > c
> > >> > > > 00
> > >> > > > > 42b649;hb=HEAD
> > >> > > > > .
> > >> > > > >
> > >> > > > > If you use CXF version < 3.0.0, 2.7.12, just copy the classes
> > >> > > > > URIDomainExpressionBuilder.java, URIDomainExpression.java and
> > >> > > > > register URIDomainExpressionBuilder as bus extension.
> > >> > > > >
> > >> > > > > Let me know if it works as expected.
> > >> > > > >
> > >> > > > > Regards,
> > >> > > > > Andrei.
> > >> > > > >
> > >> > > > > > -----Original Message-----
> > >> > > > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > >> > > > > > Sent: Mittwoch, 2. Juli 2014 08:13
> > >> > > > > > To: users@cxf.apache.org
> > >> > > > > > Subject: policy attachment
> > >> > > > > >
> > >> > > > > > I feel awful for asking so many questions but googling
> > >> > > > > > hasnt been
> > >> > > > > helpful.
> > >> > > > > >
> > >> > > > > > I am attempting to attach an external security policy to an
> > >> > > > > > endpoint
> > >> > > > > with no
> > >> > > > > > success. When I attempt to use a wsp:UI in the AppliesTo
> > >> > > > > > element cxf
> > >> > > > > blows up.
> > >> > > > > > Here is the contents of the file:
> > >> > > > > >
> > >> > > > > > ----
> > >> > > > > > <?xml version="1.0" encoding="UTF-8" ?> <attachments
> > >> > > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > >> > > > > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > >> > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypol
> > >> > > > > > icy
> > >> ">
> > >> > > > > > <wsp:PolicyAttachment>
> > >> > > > > > <wsp:AppliesTo>
> > >> > > > > > <wsp:URI>
> > >> > > > > >
> > >> > > > >
> > >> http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.por
> > >> > > > > t(Gr
> > >> > > > > eeterSer
> > >> > > > > > vice/GreeterPort)
> > >> > > > > > </wsp:URI>
> > >> > > > > > </wsp:AppliesTo>
> > >> > > > > > <wsp:Policy>
> > >> > > > > > <wsp:ExactlyOne>
> > >> > > > > > <wsp:All>
> > >> > > > > > <wsp:Policy>
> > >> > > > > > <sp:UsernameToken sp:IncludeToken="
> > >> > > > > >
> > >> > > > >
> > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/
> > >> > > > > Alwa
> > >> > > > > ysTo
> > >> > > > > > Recipient
> > >> > > > > > ">
> > >> > > > > > <wsp:Policy>
> > >> > > > > > <sp:WssUsernameToken10 />
> > >> > > > > > </wsp:Policy>
> > >> > > > > > </sp:UsernameToken>
> > >> > > > > > </wsp:Policy>
> > >> > > > > > </wsp:All>
> > >> > > > > > </wsp:ExactlyOne>
> > >> > > > > > </wsp:Policy>
> > >> > > > > > </wsp:PolicyAttachment>
> > >> > > > > > </attachments>
> > >> > > > > >
> > >> > > > > > ----
> > >> > > > > > And here is the error:
> > >> > > > > > ----
> > >> > > > > > Caused by: javax.xml.ws.WebServiceException:
> > >> > > > > > org.apache.cxf.ws.policy.PolicyException:
> > >> > > > > > NO_DOMAINEXPRESSIONBUILDER_EXC
> > >> > > > > > ----
> > >> > > > > > It appears that the wsp:URI element passed into
> > >> > > > > > DomainExpressionBuilderRegistry.build(Element element) has
> > >> > > > > > null contents
> > >> > > > > for
> > >> > > > > > a reason that I cannot figure out. I have tried different
> > >> > > > > > syntaxes and
> > >> > > > > URLs to try
> > >> > > > > > to get it to work and its always null.
> > >> > > > > >
> > >> > > > > > Putting an EndpointReference in the AppliesTo element
> > >> > > > > > doesnt
> > >> error:
> > >> > > > > >
> > >> > > > > > <wsa:EndpointReference><wsa:Address>http://localhost:8080/u
> > >> > > > > > ser- service/userService</wsa:Address>
> > >> > > > > > </wsa:EndpointReference>
> > >> > > > > >
> > >> > > > > > But it doesnt work either. It never seems to intercept
> > >> > > > > > calls to the
> > >> > > > > service hosted
> > >> > > > > > at the configured URL. The ONLY way I have able to get it
> > >> > > > > > to work is by embedding the policy in the wsdl. I dont want
> > >> > > > > > to do that however as I
> > >> > > > > want a
> > >> > > > > > mediator to handle the policy and would like the contract
> > >> > > > > > policies to
> > >> > > > > configured
> > >> > > > > > differently in different environments.
> > >> > > > > >
> > >> > > > > >
> > >> > > > > > Any help would be appreciated. I am tearing my hair out
> > >> > > > > > over this. I
> > >> > > > > cant be the
> > >> > > > > > only one attempting to do this.
> > >> > > > > >
> > >> > > > > > The code is on github:
> > >> > > > > >
> > >> > > > > > https://github.com/MacFlecknoe/service-repository-
> > >> > > > > > sample/blob/master/schema/src/main/resources/policy/authent
> > >> > > > > > icati
> > >> > > > > > on-
> > >> > > > > > policy.xml
> > >> > > > > >
> > >> > > > > > Thanks.
> > >> > > > > >
> > >> > > > > > Mike
> > >> > > > >
> > >> > >
> > >>
> > >
> > >
>
RE: policy attachment
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
> -----Original Message-----
> From: Lambert, Michael [mailto:michael@michaellambert.com]
> Sent: Donnerstag, 3. Juli 2014 17:00
> To: users@cxf.apache.org
> Subject: Re: policy attachment
>
> I figured it out but the documentation wasnt a lot of help. It appears that the
> EndpointReferenceDomainExpression is being compared to the address
> configured in the jaxrs-endpoint and not what is in the wsdl. This makes
> PERFECT sense but as all the example configuration contained the complete url
> (including protocol and port: e.g.
Correct, the service will be published under address configured into jaxws:endpoint and this address will be used for domain expression matching.
Perhaps it makes sense to explicitly write it into policy documentation.
Do you have wsp:URI running as well (using URIDomainExpressionBuilder)?
Regards,
Andrei.
> http://localhost:8080/user-servic/userService) i wrongly presumed that it was
> either reading the address from the actual request and comparing it to the
> expression or reading it from the configured wsdl address.
>
> So when a configuration looks like this:
>
> <jaxws:endpoint id="userService"
> implementor="com.healthmedia.ws.wsdl.user.v1.UserServiceImpl"
> address="/userService">
> <jaxws:properties>
> <entry key="ws-security.ut.validator" value-ref="validator" />
> </jaxws:properties> </jaxws:endpoint>
>
> The policy expression should reflect the address above like so:
>
> <?xml version="1.0" encoding="UTF-8" ?>
> <attachments
> xmlns:wsp="http://www.w3.org/ns/ws-policy"
> xmlns:wsa="http://www.w3.org/2005/08/addressing"
> xmlns:i18np="http://www.w3.org/2008/04/ws-i18np"
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:PolicyAttachment>
> <wsp:AppliesTo>
> <wsa:EndpointReference>
> <wsa:Address>/userService</wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wsp:Policy>
> <wsp:ExactlyOne>
> <wsp:All>
> <wsp:Policy>
> <i18np:i18n Optional="false" />
> </wsp:Policy>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> </wsp:PolicyAttachment>
> </attachments>
>
> Thanks for the help. This was tremendously frustrating to figure out. Thank god
> for debuggers!
>
> -Mike
>
>
>
> On Thu, Jul 3, 2014 at 7:37 AM, Lambert, Michael
> <michael@michaellambert.com
> > wrote:
>
> > Sorry Andrei,
> >
> > I didnt think you were going to respond so i moved forward with a
> > solution using another technique. I would like to solve this issue
> > however so i created a branch with the problem:
> >
> >
> > https://github.com/MacFlecknoe/service-repository-sample/blob/policy-a
> > ttachement-problem/schema/src/main/resources/policy/authentication-pol
> > icy.xml https://github.com/MacFlecknoe/service-repository-sample/blob/
> > policy-attachement-problem
> > /schema/src/main/resources/service/user-soap-v1.wsdl
> > <https://github.com/MacFlecknoe/service-repository-sample/blob/master/
> > schema/src/main/resources/service/user-soap-v1.wsdl>
> > https://github.com/MacFlecknoe/service-repository-sample/blob/
> > <https://github.com/MacFlecknoe/service-repository-sample/blob/master/
> > user/service/src/main/webapp/WEB-INF/beans.xml>
> > policy-attachement-problem
> > <https://github.com/MacFlecknoe/service-repository-sample/blob/master/
> > schema/src/main/resources/service/user-soap-v1.wsdl>
> > /user/service/src/main/webapp/WEB-INF/beans.xml
> >
> > Could you take another quick peek? Again, the problem is that the
> > policy is being completely ignored. The address i have it configured
> > for is both reflected in the wsdl and in reality when I start my server.
> >
> > Also, is there a way to configure the address in the policy so that is
> > dynamic? I am not sure what the end address of the service is going to
> > be once its deployed (e.g. its domain will likely change).
> >
> > Thanks,
> >
> > Mike
> >
> >
> > On Thu, Jul 3, 2014 at 4:38 AM, Andrei Shakirin <as...@talend.com>
> > wrote:
> >
> >> Hi,
> >>
> >> I am bit confused: don't see policy attachments in your
> >> configuration, you attach policies direct to endpoint:
> >>
> >> <jaxws:features>
> >> <bean class="org.apache.cxf.feature.LoggingFeature"/>
> >> <p:policies>
> >> <!-- we attach policies via spring as there are issues
> >> leveraging external policy attachments when using PolicyAttachement with
> cxf 2.*-->
> >> <wsp:PolicyReference
> >> URI="classpath:policy/authentication-policy.xml" />
> >> <wsp:PolicyReference URI="classpath:policy/i18n-policy.xml" />
> >> </p:policies>
> >> </jaxws:features>
> >>
> >> To use policy attachments you need something like:
> >>
> >> <cxf:bus>
> >> <cxf:features>
> >> <p:policies/>
> >> </cxf:features>
> >> </cxf:bus>
> >>
> >> <p:externalAttachment
> >> location="${temp.location}/addr-external.xml"/>
> >>
> >> Where addr-external.xml is policy attachment:
> >>
> >> <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
> >> http://www.w3.org/2005/08/addressing">
> >> <wsp:PolicyAttachment>
> >> <wsp:AppliesTo>
> >> <wsa:EndpointReference>
> >> <wsa:Address>
> >> http://localhost:9020/SoapContext/GreeterPort</wsa:Address>
> >> </wsa:EndpointReference>
> >> </wsp:AppliesTo>
> >> <wsp:Policy>
> >> <wsp:ExactlyOne>
> >> <wsp:All>
> >> <wsam:Addressing xmlns:wsam="
> >> http://www.w3.org/2007/02/addressing/metadata">
> >> <wsp:Policy/>
> >> </wsam:Addressing>
> >> </wsp:All>
> >> </wsp:ExactlyOne>
> >> </wsp:Policy>
> >> </wsp:PolicyAttachment>
> >> </attachments>
> >>
> >> I propose that you look into working policy attachments CXF system
> >> tests and find the difference with your code.
> >> If that doesn't help, please create a small distilled sample with
> >> simple policy (for example WS-Addressing) to illustrate your problem,
> >> I will look into it.
> >>
> >> Regards,
> >> Andrei.
> >>
> >> > -----Original Message-----
> >> > From: Lambert, Michael [mailto:michael@michaellambert.com]
> >> > Sent: Mittwoch, 2. Juli 2014 15:25
> >> > To: users@cxf.apache.org
> >> > Subject: Re: policy attachment
> >> >
> >> > Thats part of the problem Andrei. I have followed the examples and
> >> > its
> >> just not
> >> > working for me. Can you take a look at my policy file and wsdl and
> >> > see
> >> if
> >> > anything obvious sticks out as wrong?
> >> >
> >> > https://github.com/MacFlecknoe/service-repository-
> >> > sample/blob/master/schema/src/main/resources/policy/authentication-
> >> > policy.xml
> >> > https://github.com/MacFlecknoe/service-repository-
> >> > sample/blob/master/schema/src/main/resources/service/user-soap-v1.w
> >> > sdl
> >> >
> >> > Here is how I have it configured:
> >> > https://github.com/MacFlecknoe/service-repository-
> >> > sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.xml
> >> >
> >> > It only works when I embed the policy in the wsdl file itself. The
> >> external
> >> > attachment file loads but doesnt trigger the ws-security policy to fire.
> >> >
> >> > -Mike
> >> >
> >> >
> >> > On Wed, Jul 2, 2014 at 8:27 AM, Andrei Shakirin
> >> > <as...@talend.com>
> >> > wrote:
> >> >
> >> > > Hi,
> >> > >
> >> > > > -----Original Message-----
> >> > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> >> > > > Sent: Mittwoch, 2. Juli 2014 14:05
> >> > > > To: users@cxf.apache.org
> >> > > > Subject: RE: policy attachment
> >> > > >
> >> > > > Thanks Andrei! That helps a lot... I'll try your suggestion and
> >> > > > let you
> >> > > know how it
> >> > > > goes.
> >> > > >
> >> > >
> >> > > OK.
> >> > >
> >> > > > Any insight as to why I can't get end point references to work?
> >> > > > Is there
> >> > > a trick to
> >> > > > configuring it? I followed the example on the samples but can't
> >> > > > seem to
> >> > > get it
> >> > > > to work with my wsdl. Does the end point need to match what is
> >> > > > in the
> >> > > wsdl or
> >> > > > what cxf generates the address to be when it starts? Any
> >> > > > documentation surrounding this?
> >> > >
> >> > > This construction should work by default, if endpoint address
> >> > > matches to your service:
> >> > >
> >> > > <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
> >> > > http://www.w3.org/2005/08/addressing">
> >> > > <wsp:PolicyAttachment>
> >> > > <wsp:AppliesTo>
> >> > > <wsa:EndpointReference>
> >> > >
> >> > > <wsa:Address>http://localhost:9020/SoapContext/GreeterPort
> >> > > </wsa:Address>
> >> > > </wsa:EndpointReference>
> >> > > </wsp:AppliesTo>
> >> > > <wsp:Policy>
> >> > > <wsp:ExactlyOne>
> >> > > <wsp:All>
> >> > > <wsam:Addressing xmlns:wsam="
> >> > > http://www.w3.org/2007/02/addressing/metadata">
> >> > > <wsp:Policy/>
> >> > > </wsam:Addressing>
> >> > > </wsp:All>
> >> > > </wsp:ExactlyOne>
> >> > > </wsp:Policy>
> >> > > </wsp:PolicyAttachment>
> >> > > </attachments>
> >> > >
> >> > > For details, look into addr-external.xml and
> >> > > AddressingPolicyTest.java in
> >> > > systests/ws-specs:
> >> > >
> >> > >
> >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systests/w
> >> s
> >> > > -specs/src/test/java/org/apache/cxf/systest/ws/policy;h=5e6323442
> >> > > 952eb 619300582a2ced25cf861f6118;hb=HEAD
> >> > >
> >> > > Regards,
> >> > > Andrei.
> >> > >
> >> > >
> >> > > >
> >> > > > Thanks much!
> >> > > > On Jul 2, 2014 3:19 AM, "Andrei Shakirin"
> >> > > > <as...@talend.com>
> >> wrote:
> >> > > >
> >> > > > > Hi,
> >> > > > >
> >> > > > > If you use CXF >= 3.0.0, 2.7.12, you should register
> >> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpress
> >> > > > > ionBu
> >> > > > > ilde
> >> > > > > r as bus extension.
> >> > > > > It supports all policy attachment URL syntaxes (except extension).
> >> > > > >
> >> > > > > By default CXF registers the
> >> > > > > org.apache.cxf.ws.policy.attachment.external.EndpointReferenc
> >> > > > > eDoma inEx pressionBuilder supporting only
> >> > > > > wsa:EndpointReference.
> >> > > > >
> >> > > > > See https://issues.apache.org/jira/browse/CXF-5685 for details.
> >> > > > >
> >> > > > > Either add following string into META-INF/cxf/bus-extensions.txt:
> >> > > > >
> >> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpress
> >> > > > > ionBu ilde r::true or add bean in Spring/Blueprint context
> >> > > > > with URIDomainExpressionBuilder type.
> >> > > > >
> >> > > > > System test registering URIDomainExpressionBuilder:
> >> > > > >
> >> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systest
> >> > > > > s/ws
> >> > > > > -specs/src/test/java/org/apache/cxf/systest/ws/policy/Address
> >> > > > > ingPo
> >> > > > > licy
> >> > > > >
> >> > > >
> >> >
> ExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0
> >> > c
> >> > > > 00
> >> > > > > 42b649;hb=HEAD
> >> > > > > .
> >> > > > >
> >> > > > > If you use CXF version < 3.0.0, 2.7.12, just copy the classes
> >> > > > > URIDomainExpressionBuilder.java, URIDomainExpression.java and
> >> > > > > register URIDomainExpressionBuilder as bus extension.
> >> > > > >
> >> > > > > Let me know if it works as expected.
> >> > > > >
> >> > > > > Regards,
> >> > > > > Andrei.
> >> > > > >
> >> > > > > > -----Original Message-----
> >> > > > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> >> > > > > > Sent: Mittwoch, 2. Juli 2014 08:13
> >> > > > > > To: users@cxf.apache.org
> >> > > > > > Subject: policy attachment
> >> > > > > >
> >> > > > > > I feel awful for asking so many questions but googling
> >> > > > > > hasnt been
> >> > > > > helpful.
> >> > > > > >
> >> > > > > > I am attempting to attach an external security policy to an
> >> > > > > > endpoint
> >> > > > > with no
> >> > > > > > success. When I attempt to use a wsp:UI in the AppliesTo
> >> > > > > > element cxf
> >> > > > > blows up.
> >> > > > > > Here is the contents of the file:
> >> > > > > >
> >> > > > > > ----
> >> > > > > > <?xml version="1.0" encoding="UTF-8" ?> <attachments
> >> > > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> >> > > > > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> >> > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypol
> >> > > > > > icy
> >> ">
> >> > > > > > <wsp:PolicyAttachment>
> >> > > > > > <wsp:AppliesTo>
> >> > > > > > <wsp:URI>
> >> > > > > >
> >> > > > >
> >> http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.por
> >> > > > > t(Gr
> >> > > > > eeterSer
> >> > > > > > vice/GreeterPort)
> >> > > > > > </wsp:URI>
> >> > > > > > </wsp:AppliesTo>
> >> > > > > > <wsp:Policy>
> >> > > > > > <wsp:ExactlyOne>
> >> > > > > > <wsp:All>
> >> > > > > > <wsp:Policy>
> >> > > > > > <sp:UsernameToken sp:IncludeToken="
> >> > > > > >
> >> > > > >
> >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/
> >> > > > > Alwa
> >> > > > > ysTo
> >> > > > > > Recipient
> >> > > > > > ">
> >> > > > > > <wsp:Policy>
> >> > > > > > <sp:WssUsernameToken10 />
> >> > > > > > </wsp:Policy>
> >> > > > > > </sp:UsernameToken>
> >> > > > > > </wsp:Policy>
> >> > > > > > </wsp:All>
> >> > > > > > </wsp:ExactlyOne>
> >> > > > > > </wsp:Policy>
> >> > > > > > </wsp:PolicyAttachment>
> >> > > > > > </attachments>
> >> > > > > >
> >> > > > > > ----
> >> > > > > > And here is the error:
> >> > > > > > ----
> >> > > > > > Caused by: javax.xml.ws.WebServiceException:
> >> > > > > > org.apache.cxf.ws.policy.PolicyException:
> >> > > > > > NO_DOMAINEXPRESSIONBUILDER_EXC
> >> > > > > > ----
> >> > > > > > It appears that the wsp:URI element passed into
> >> > > > > > DomainExpressionBuilderRegistry.build(Element element) has
> >> > > > > > null contents
> >> > > > > for
> >> > > > > > a reason that I cannot figure out. I have tried different
> >> > > > > > syntaxes and
> >> > > > > URLs to try
> >> > > > > > to get it to work and its always null.
> >> > > > > >
> >> > > > > > Putting an EndpointReference in the AppliesTo element
> >> > > > > > doesnt
> >> error:
> >> > > > > >
> >> > > > > > <wsa:EndpointReference><wsa:Address>http://localhost:8080/u
> >> > > > > > ser- service/userService</wsa:Address>
> >> > > > > > </wsa:EndpointReference>
> >> > > > > >
> >> > > > > > But it doesnt work either. It never seems to intercept
> >> > > > > > calls to the
> >> > > > > service hosted
> >> > > > > > at the configured URL. The ONLY way I have able to get it
> >> > > > > > to work is by embedding the policy in the wsdl. I dont want
> >> > > > > > to do that however as I
> >> > > > > want a
> >> > > > > > mediator to handle the policy and would like the contract
> >> > > > > > policies to
> >> > > > > configured
> >> > > > > > differently in different environments.
> >> > > > > >
> >> > > > > >
> >> > > > > > Any help would be appreciated. I am tearing my hair out
> >> > > > > > over this. I
> >> > > > > cant be the
> >> > > > > > only one attempting to do this.
> >> > > > > >
> >> > > > > > The code is on github:
> >> > > > > >
> >> > > > > > https://github.com/MacFlecknoe/service-repository-
> >> > > > > > sample/blob/master/schema/src/main/resources/policy/authent
> >> > > > > > icati
> >> > > > > > on-
> >> > > > > > policy.xml
> >> > > > > >
> >> > > > > > Thanks.
> >> > > > > >
> >> > > > > > Mike
> >> > > > >
> >> > >
> >>
> >
> >
Re: policy attachment
Posted by "Lambert, Michael" <mi...@michaellambert.com>.
I figured it out but the documentation wasnt a lot of help. It appears that
the EndpointReferenceDomainExpression is being compared to the address
configured in the jaxrs-endpoint and not what is in the wsdl. This makes
PERFECT sense but as all the example configuration contained the complete
url (including protocol and port: e.g.
http://localhost:8080/user-servic/userService) i wrongly presumed that it
was either reading the address from the actual request and comparing it to
the expression or reading it from the configured wsdl address.
So when a configuration looks like this:
<jaxws:endpoint id="userService"
implementor="com.healthmedia.ws.wsdl.user.v1.UserServiceImpl"
address="/userService">
<jaxws:properties>
<entry key="ws-security.ut.validator" value-ref="validator" />
</jaxws:properties>
</jaxws:endpoint>
The policy expression should reflect the address above like so:
<?xml version="1.0" encoding="UTF-8" ?>
<attachments
xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:i18np="http://www.w3.org/2008/04/ws-i18np"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:PolicyAttachment>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>/userService</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<wsp:Policy>
<i18np:i18n Optional="false" />
</wsp:Policy>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsp:PolicyAttachment>
</attachments>
Thanks for the help. This was tremendously frustrating to figure out. Thank
god for debuggers!
-Mike
On Thu, Jul 3, 2014 at 7:37 AM, Lambert, Michael <michael@michaellambert.com
> wrote:
> Sorry Andrei,
>
> I didnt think you were going to respond so i moved forward with a solution
> using another technique. I would like to solve this issue however so i
> created a branch with the problem:
>
>
> https://github.com/MacFlecknoe/service-repository-sample/blob/policy-attachement-problem/schema/src/main/resources/policy/authentication-policy.xml
> https://github.com/MacFlecknoe/service-repository-sample/blob/
> policy-attachement-problem
> /schema/src/main/resources/service/user-soap-v1.wsdl
> <https://github.com/MacFlecknoe/service-repository-sample/blob/master/schema/src/main/resources/service/user-soap-v1.wsdl>
> https://github.com/MacFlecknoe/service-repository-sample/blob/
> <https://github.com/MacFlecknoe/service-repository-sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.xml>
> policy-attachement-problem
> <https://github.com/MacFlecknoe/service-repository-sample/blob/master/schema/src/main/resources/service/user-soap-v1.wsdl>
> /user/service/src/main/webapp/WEB-INF/beans.xml
>
> Could you take another quick peek? Again, the problem is that the policy
> is being completely ignored. The address i have it configured for is both
> reflected in the wsdl and in reality when I start my server.
>
> Also, is there a way to configure the address in the policy so that is
> dynamic? I am not sure what the end address of the service is going to be
> once its deployed (e.g. its domain will likely change).
>
> Thanks,
>
> Mike
>
>
> On Thu, Jul 3, 2014 at 4:38 AM, Andrei Shakirin <as...@talend.com>
> wrote:
>
>> Hi,
>>
>> I am bit confused: don't see policy attachments in your configuration,
>> you attach policies direct to endpoint:
>>
>> <jaxws:features>
>> <bean class="org.apache.cxf.feature.LoggingFeature"/>
>> <p:policies>
>> <!-- we attach policies via spring as there are issues leveraging
>> external policy attachments when using PolicyAttachement with cxf 2.*-->
>> <wsp:PolicyReference
>> URI="classpath:policy/authentication-policy.xml" />
>> <wsp:PolicyReference URI="classpath:policy/i18n-policy.xml" />
>> </p:policies>
>> </jaxws:features>
>>
>> To use policy attachments you need something like:
>>
>> <cxf:bus>
>> <cxf:features>
>> <p:policies/>
>> </cxf:features>
>> </cxf:bus>
>>
>> <p:externalAttachment location="${temp.location}/addr-external.xml"/>
>>
>> Where addr-external.xml is policy attachment:
>>
>> <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
>> http://www.w3.org/2005/08/addressing">
>> <wsp:PolicyAttachment>
>> <wsp:AppliesTo>
>> <wsa:EndpointReference>
>> <wsa:Address>
>> http://localhost:9020/SoapContext/GreeterPort</wsa:Address>
>> </wsa:EndpointReference>
>> </wsp:AppliesTo>
>> <wsp:Policy>
>> <wsp:ExactlyOne>
>> <wsp:All>
>> <wsam:Addressing xmlns:wsam="
>> http://www.w3.org/2007/02/addressing/metadata">
>> <wsp:Policy/>
>> </wsam:Addressing>
>> </wsp:All>
>> </wsp:ExactlyOne>
>> </wsp:Policy>
>> </wsp:PolicyAttachment>
>> </attachments>
>>
>> I propose that you look into working policy attachments CXF system tests
>> and find the difference with your code.
>> If that doesn't help, please create a small distilled sample with simple
>> policy (for example WS-Addressing) to illustrate your problem, I will look
>> into it.
>>
>> Regards,
>> Andrei.
>>
>> > -----Original Message-----
>> > From: Lambert, Michael [mailto:michael@michaellambert.com]
>> > Sent: Mittwoch, 2. Juli 2014 15:25
>> > To: users@cxf.apache.org
>> > Subject: Re: policy attachment
>> >
>> > Thats part of the problem Andrei. I have followed the examples and its
>> just not
>> > working for me. Can you take a look at my policy file and wsdl and see
>> if
>> > anything obvious sticks out as wrong?
>> >
>> > https://github.com/MacFlecknoe/service-repository-
>> > sample/blob/master/schema/src/main/resources/policy/authentication-
>> > policy.xml
>> > https://github.com/MacFlecknoe/service-repository-
>> > sample/blob/master/schema/src/main/resources/service/user-soap-v1.wsdl
>> >
>> > Here is how I have it configured:
>> > https://github.com/MacFlecknoe/service-repository-
>> > sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.xml
>> >
>> > It only works when I embed the policy in the wsdl file itself. The
>> external
>> > attachment file loads but doesnt trigger the ws-security policy to fire.
>> >
>> > -Mike
>> >
>> >
>> > On Wed, Jul 2, 2014 at 8:27 AM, Andrei Shakirin <as...@talend.com>
>> > wrote:
>> >
>> > > Hi,
>> > >
>> > > > -----Original Message-----
>> > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
>> > > > Sent: Mittwoch, 2. Juli 2014 14:05
>> > > > To: users@cxf.apache.org
>> > > > Subject: RE: policy attachment
>> > > >
>> > > > Thanks Andrei! That helps a lot... I'll try your suggestion and let
>> > > > you
>> > > know how it
>> > > > goes.
>> > > >
>> > >
>> > > OK.
>> > >
>> > > > Any insight as to why I can't get end point references to work? Is
>> > > > there
>> > > a trick to
>> > > > configuring it? I followed the example on the samples but can't seem
>> > > > to
>> > > get it
>> > > > to work with my wsdl. Does the end point need to match what is in
>> > > > the
>> > > wsdl or
>> > > > what cxf generates the address to be when it starts? Any
>> > > > documentation surrounding this?
>> > >
>> > > This construction should work by default, if endpoint address matches
>> > > to your service:
>> > >
>> > > <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
>> > > http://www.w3.org/2005/08/addressing">
>> > > <wsp:PolicyAttachment>
>> > > <wsp:AppliesTo>
>> > > <wsa:EndpointReference>
>> > >
>> > > <wsa:Address>http://localhost:9020/SoapContext/GreeterPort
>> > > </wsa:Address>
>> > > </wsa:EndpointReference>
>> > > </wsp:AppliesTo>
>> > > <wsp:Policy>
>> > > <wsp:ExactlyOne>
>> > > <wsp:All>
>> > > <wsam:Addressing xmlns:wsam="
>> > > http://www.w3.org/2007/02/addressing/metadata">
>> > > <wsp:Policy/>
>> > > </wsam:Addressing>
>> > > </wsp:All>
>> > > </wsp:ExactlyOne>
>> > > </wsp:Policy>
>> > > </wsp:PolicyAttachment>
>> > > </attachments>
>> > >
>> > > For details, look into addr-external.xml and AddressingPolicyTest.java
>> > > in
>> > > systests/ws-specs:
>> > >
>> > >
>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systests/ws
>> > > -specs/src/test/java/org/apache/cxf/systest/ws/policy;h=5e6323442952eb
>> > > 619300582a2ced25cf861f6118;hb=HEAD
>> > >
>> > > Regards,
>> > > Andrei.
>> > >
>> > >
>> > > >
>> > > > Thanks much!
>> > > > On Jul 2, 2014 3:19 AM, "Andrei Shakirin" <as...@talend.com>
>> wrote:
>> > > >
>> > > > > Hi,
>> > > > >
>> > > > > If you use CXF >= 3.0.0, 2.7.12,
>> > > > > you should register
>> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBu
>> > > > > ilde
>> > > > > r as bus extension.
>> > > > > It supports all policy attachment URL syntaxes (except extension).
>> > > > >
>> > > > > By default CXF registers the
>> > > > > org.apache.cxf.ws.policy.attachment.external.EndpointReferenceDoma
>> > > > > inEx pressionBuilder supporting only wsa:EndpointReference.
>> > > > >
>> > > > > See https://issues.apache.org/jira/browse/CXF-5685 for details.
>> > > > >
>> > > > > Either add following string into META-INF/cxf/bus-extensions.txt:
>> > > > >
>> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBu
>> > > > > ilde r::true or add bean in Spring/Blueprint context with
>> > > > > URIDomainExpressionBuilder type.
>> > > > >
>> > > > > System test registering URIDomainExpressionBuilder:
>> > > > >
>> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systest
>> > > > > s/ws
>> > > > > -specs/src/test/java/org/apache/cxf/systest/ws/policy/AddressingPo
>> > > > > licy
>> > > > >
>> > > >
>> > ExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0c
>> > > > 00
>> > > > > 42b649;hb=HEAD
>> > > > > .
>> > > > >
>> > > > > If you use CXF version < 3.0.0, 2.7.12, just copy the classes
>> > > > > URIDomainExpressionBuilder.java, URIDomainExpression.java and
>> > > > > register URIDomainExpressionBuilder as bus extension.
>> > > > >
>> > > > > Let me know if it works as expected.
>> > > > >
>> > > > > Regards,
>> > > > > Andrei.
>> > > > >
>> > > > > > -----Original Message-----
>> > > > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
>> > > > > > Sent: Mittwoch, 2. Juli 2014 08:13
>> > > > > > To: users@cxf.apache.org
>> > > > > > Subject: policy attachment
>> > > > > >
>> > > > > > I feel awful for asking so many questions but googling hasnt
>> > > > > > been
>> > > > > helpful.
>> > > > > >
>> > > > > > I am attempting to attach an external security policy to an
>> > > > > > endpoint
>> > > > > with no
>> > > > > > success. When I attempt to use a wsp:UI in the AppliesTo element
>> > > > > > cxf
>> > > > > blows up.
>> > > > > > Here is the contents of the file:
>> > > > > >
>> > > > > > ----
>> > > > > > <?xml version="1.0" encoding="UTF-8" ?> <attachments
>> > > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
>> > > > > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
>> > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
>> ">
>> > > > > > <wsp:PolicyAttachment>
>> > > > > > <wsp:AppliesTo>
>> > > > > > <wsp:URI>
>> > > > > >
>> > > > >
>> http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.por
>> > > > > t(Gr
>> > > > > eeterSer
>> > > > > > vice/GreeterPort)
>> > > > > > </wsp:URI>
>> > > > > > </wsp:AppliesTo>
>> > > > > > <wsp:Policy>
>> > > > > > <wsp:ExactlyOne>
>> > > > > > <wsp:All>
>> > > > > > <wsp:Policy>
>> > > > > > <sp:UsernameToken sp:IncludeToken="
>> > > > > >
>> > > > >
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/
>> > > > > Alwa
>> > > > > ysTo
>> > > > > > Recipient
>> > > > > > ">
>> > > > > > <wsp:Policy>
>> > > > > > <sp:WssUsernameToken10 />
>> > > > > > </wsp:Policy>
>> > > > > > </sp:UsernameToken>
>> > > > > > </wsp:Policy>
>> > > > > > </wsp:All>
>> > > > > > </wsp:ExactlyOne>
>> > > > > > </wsp:Policy>
>> > > > > > </wsp:PolicyAttachment>
>> > > > > > </attachments>
>> > > > > >
>> > > > > > ----
>> > > > > > And here is the error:
>> > > > > > ----
>> > > > > > Caused by: javax.xml.ws.WebServiceException:
>> > > > > > org.apache.cxf.ws.policy.PolicyException:
>> > > > > > NO_DOMAINEXPRESSIONBUILDER_EXC
>> > > > > > ----
>> > > > > > It appears that the wsp:URI element passed into
>> > > > > > DomainExpressionBuilderRegistry.build(Element element) has null
>> > > > > > contents
>> > > > > for
>> > > > > > a reason that I cannot figure out. I have tried different
>> > > > > > syntaxes and
>> > > > > URLs to try
>> > > > > > to get it to work and its always null.
>> > > > > >
>> > > > > > Putting an EndpointReference in the AppliesTo element doesnt
>> error:
>> > > > > >
>> > > > > > <wsa:EndpointReference><wsa:Address>http://localhost:8080/user-
>> > > > > > service/userService</wsa:Address>
>> > > > > > </wsa:EndpointReference>
>> > > > > >
>> > > > > > But it doesnt work either. It never seems to intercept calls to
>> > > > > > the
>> > > > > service hosted
>> > > > > > at the configured URL. The ONLY way I have able to get it to
>> > > > > > work is by embedding the policy in the wsdl. I dont want to do
>> > > > > > that however as I
>> > > > > want a
>> > > > > > mediator to handle the policy and would like the contract
>> > > > > > policies to
>> > > > > configured
>> > > > > > differently in different environments.
>> > > > > >
>> > > > > >
>> > > > > > Any help would be appreciated. I am tearing my hair out over
>> > > > > > this. I
>> > > > > cant be the
>> > > > > > only one attempting to do this.
>> > > > > >
>> > > > > > The code is on github:
>> > > > > >
>> > > > > > https://github.com/MacFlecknoe/service-repository-
>> > > > > > sample/blob/master/schema/src/main/resources/policy/authenticati
>> > > > > > on-
>> > > > > > policy.xml
>> > > > > >
>> > > > > > Thanks.
>> > > > > >
>> > > > > > Mike
>> > > > >
>> > >
>>
>
>
Re: policy attachment
Posted by "Lambert, Michael" <mi...@michaellambert.com>.
Sorry Andrei,
I didnt think you were going to respond so i moved forward with a solution
using another technique. I would like to solve this issue however so i
created a branch with the problem:
https://github.com/MacFlecknoe/service-repository-sample/blob/policy-attachement-problem/schema/src/main/resources/policy/authentication-policy.xml
https://github.com/MacFlecknoe/service-repository-sample/blob/
policy-attachement-problem
/schema/src/main/resources/service/user-soap-v1.wsdl
<https://github.com/MacFlecknoe/service-repository-sample/blob/master/schema/src/main/resources/service/user-soap-v1.wsdl>
https://github.com/MacFlecknoe/service-repository-sample/blob/
<https://github.com/MacFlecknoe/service-repository-sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.xml>
policy-attachement-problem
<https://github.com/MacFlecknoe/service-repository-sample/blob/master/schema/src/main/resources/service/user-soap-v1.wsdl>
/user/service/src/main/webapp/WEB-INF/beans.xml
Could you take another quick peek? Again, the problem is that the policy is
being completely ignored. The address i have it configured for is both
reflected in the wsdl and in reality when I start my server.
Also, is there a way to configure the address in the policy so that is
dynamic? I am not sure what the end address of the service is going to be
once its deployed (e.g. its domain will likely change).
Thanks,
Mike
On Thu, Jul 3, 2014 at 4:38 AM, Andrei Shakirin <as...@talend.com>
wrote:
> Hi,
>
> I am bit confused: don't see policy attachments in your configuration,
> you attach policies direct to endpoint:
>
> <jaxws:features>
> <bean class="org.apache.cxf.feature.LoggingFeature"/>
> <p:policies>
> <!-- we attach policies via spring as there are issues leveraging
> external policy attachments when using PolicyAttachement with cxf 2.*-->
> <wsp:PolicyReference
> URI="classpath:policy/authentication-policy.xml" />
> <wsp:PolicyReference URI="classpath:policy/i18n-policy.xml" />
> </p:policies>
> </jaxws:features>
>
> To use policy attachments you need something like:
>
> <cxf:bus>
> <cxf:features>
> <p:policies/>
> </cxf:features>
> </cxf:bus>
>
> <p:externalAttachment location="${temp.location}/addr-external.xml"/>
>
> Where addr-external.xml is policy attachment:
>
> <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
> http://www.w3.org/2005/08/addressing">
> <wsp:PolicyAttachment>
> <wsp:AppliesTo>
> <wsa:EndpointReference>
> <wsa:Address>http://localhost:9020/SoapContext/GreeterPort
> </wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wsp:Policy>
> <wsp:ExactlyOne>
> <wsp:All>
> <wsam:Addressing xmlns:wsam="
> http://www.w3.org/2007/02/addressing/metadata">
> <wsp:Policy/>
> </wsam:Addressing>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> </wsp:PolicyAttachment>
> </attachments>
>
> I propose that you look into working policy attachments CXF system tests
> and find the difference with your code.
> If that doesn't help, please create a small distilled sample with simple
> policy (for example WS-Addressing) to illustrate your problem, I will look
> into it.
>
> Regards,
> Andrei.
>
> > -----Original Message-----
> > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > Sent: Mittwoch, 2. Juli 2014 15:25
> > To: users@cxf.apache.org
> > Subject: Re: policy attachment
> >
> > Thats part of the problem Andrei. I have followed the examples and its
> just not
> > working for me. Can you take a look at my policy file and wsdl and see if
> > anything obvious sticks out as wrong?
> >
> > https://github.com/MacFlecknoe/service-repository-
> > sample/blob/master/schema/src/main/resources/policy/authentication-
> > policy.xml
> > https://github.com/MacFlecknoe/service-repository-
> > sample/blob/master/schema/src/main/resources/service/user-soap-v1.wsdl
> >
> > Here is how I have it configured:
> > https://github.com/MacFlecknoe/service-repository-
> > sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.xml
> >
> > It only works when I embed the policy in the wsdl file itself. The
> external
> > attachment file loads but doesnt trigger the ws-security policy to fire.
> >
> > -Mike
> >
> >
> > On Wed, Jul 2, 2014 at 8:27 AM, Andrei Shakirin <as...@talend.com>
> > wrote:
> >
> > > Hi,
> > >
> > > > -----Original Message-----
> > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > > Sent: Mittwoch, 2. Juli 2014 14:05
> > > > To: users@cxf.apache.org
> > > > Subject: RE: policy attachment
> > > >
> > > > Thanks Andrei! That helps a lot... I'll try your suggestion and let
> > > > you
> > > know how it
> > > > goes.
> > > >
> > >
> > > OK.
> > >
> > > > Any insight as to why I can't get end point references to work? Is
> > > > there
> > > a trick to
> > > > configuring it? I followed the example on the samples but can't seem
> > > > to
> > > get it
> > > > to work with my wsdl. Does the end point need to match what is in
> > > > the
> > > wsdl or
> > > > what cxf generates the address to be when it starts? Any
> > > > documentation surrounding this?
> > >
> > > This construction should work by default, if endpoint address matches
> > > to your service:
> > >
> > > <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
> > > http://www.w3.org/2005/08/addressing">
> > > <wsp:PolicyAttachment>
> > > <wsp:AppliesTo>
> > > <wsa:EndpointReference>
> > >
> > > <wsa:Address>http://localhost:9020/SoapContext/GreeterPort
> > > </wsa:Address>
> > > </wsa:EndpointReference>
> > > </wsp:AppliesTo>
> > > <wsp:Policy>
> > > <wsp:ExactlyOne>
> > > <wsp:All>
> > > <wsam:Addressing xmlns:wsam="
> > > http://www.w3.org/2007/02/addressing/metadata">
> > > <wsp:Policy/>
> > > </wsam:Addressing>
> > > </wsp:All>
> > > </wsp:ExactlyOne>
> > > </wsp:Policy>
> > > </wsp:PolicyAttachment>
> > > </attachments>
> > >
> > > For details, look into addr-external.xml and AddressingPolicyTest.java
> > > in
> > > systests/ws-specs:
> > >
> > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systests/ws
> > > -specs/src/test/java/org/apache/cxf/systest/ws/policy;h=5e6323442952eb
> > > 619300582a2ced25cf861f6118;hb=HEAD
> > >
> > > Regards,
> > > Andrei.
> > >
> > >
> > > >
> > > > Thanks much!
> > > > On Jul 2, 2014 3:19 AM, "Andrei Shakirin" <as...@talend.com>
> wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > If you use CXF >= 3.0.0, 2.7.12,
> > > > > you should register
> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBu
> > > > > ilde
> > > > > r as bus extension.
> > > > > It supports all policy attachment URL syntaxes (except extension).
> > > > >
> > > > > By default CXF registers the
> > > > > org.apache.cxf.ws.policy.attachment.external.EndpointReferenceDoma
> > > > > inEx pressionBuilder supporting only wsa:EndpointReference.
> > > > >
> > > > > See https://issues.apache.org/jira/browse/CXF-5685 for details.
> > > > >
> > > > > Either add following string into META-INF/cxf/bus-extensions.txt:
> > > > >
> > > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBu
> > > > > ilde r::true or add bean in Spring/Blueprint context with
> > > > > URIDomainExpressionBuilder type.
> > > > >
> > > > > System test registering URIDomainExpressionBuilder:
> > > > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systest
> > > > > s/ws
> > > > > -specs/src/test/java/org/apache/cxf/systest/ws/policy/AddressingPo
> > > > > licy
> > > > >
> > > >
> > ExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0c
> > > > 00
> > > > > 42b649;hb=HEAD
> > > > > .
> > > > >
> > > > > If you use CXF version < 3.0.0, 2.7.12, just copy the classes
> > > > > URIDomainExpressionBuilder.java, URIDomainExpression.java and
> > > > > register URIDomainExpressionBuilder as bus extension.
> > > > >
> > > > > Let me know if it works as expected.
> > > > >
> > > > > Regards,
> > > > > Andrei.
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > > > > Sent: Mittwoch, 2. Juli 2014 08:13
> > > > > > To: users@cxf.apache.org
> > > > > > Subject: policy attachment
> > > > > >
> > > > > > I feel awful for asking so many questions but googling hasnt
> > > > > > been
> > > > > helpful.
> > > > > >
> > > > > > I am attempting to attach an external security policy to an
> > > > > > endpoint
> > > > > with no
> > > > > > success. When I attempt to use a wsp:UI in the AppliesTo element
> > > > > > cxf
> > > > > blows up.
> > > > > > Here is the contents of the file:
> > > > > >
> > > > > > ----
> > > > > > <?xml version="1.0" encoding="UTF-8" ?> <attachments
> > > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > > > > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > > > > > <wsp:PolicyAttachment>
> > > > > > <wsp:AppliesTo>
> > > > > > <wsp:URI>
> > > > > >
> > > > > http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.por
> > > > > t(Gr
> > > > > eeterSer
> > > > > > vice/GreeterPort)
> > > > > > </wsp:URI>
> > > > > > </wsp:AppliesTo>
> > > > > > <wsp:Policy>
> > > > > > <wsp:ExactlyOne>
> > > > > > <wsp:All>
> > > > > > <wsp:Policy>
> > > > > > <sp:UsernameToken sp:IncludeToken="
> > > > > >
> > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/
> > > > > Alwa
> > > > > ysTo
> > > > > > Recipient
> > > > > > ">
> > > > > > <wsp:Policy>
> > > > > > <sp:WssUsernameToken10 />
> > > > > > </wsp:Policy>
> > > > > > </sp:UsernameToken>
> > > > > > </wsp:Policy>
> > > > > > </wsp:All>
> > > > > > </wsp:ExactlyOne>
> > > > > > </wsp:Policy>
> > > > > > </wsp:PolicyAttachment>
> > > > > > </attachments>
> > > > > >
> > > > > > ----
> > > > > > And here is the error:
> > > > > > ----
> > > > > > Caused by: javax.xml.ws.WebServiceException:
> > > > > > org.apache.cxf.ws.policy.PolicyException:
> > > > > > NO_DOMAINEXPRESSIONBUILDER_EXC
> > > > > > ----
> > > > > > It appears that the wsp:URI element passed into
> > > > > > DomainExpressionBuilderRegistry.build(Element element) has null
> > > > > > contents
> > > > > for
> > > > > > a reason that I cannot figure out. I have tried different
> > > > > > syntaxes and
> > > > > URLs to try
> > > > > > to get it to work and its always null.
> > > > > >
> > > > > > Putting an EndpointReference in the AppliesTo element doesnt
> error:
> > > > > >
> > > > > > <wsa:EndpointReference><wsa:Address>http://localhost:8080/user-
> > > > > > service/userService</wsa:Address>
> > > > > > </wsa:EndpointReference>
> > > > > >
> > > > > > But it doesnt work either. It never seems to intercept calls to
> > > > > > the
> > > > > service hosted
> > > > > > at the configured URL. The ONLY way I have able to get it to
> > > > > > work is by embedding the policy in the wsdl. I dont want to do
> > > > > > that however as I
> > > > > want a
> > > > > > mediator to handle the policy and would like the contract
> > > > > > policies to
> > > > > configured
> > > > > > differently in different environments.
> > > > > >
> > > > > >
> > > > > > Any help would be appreciated. I am tearing my hair out over
> > > > > > this. I
> > > > > cant be the
> > > > > > only one attempting to do this.
> > > > > >
> > > > > > The code is on github:
> > > > > >
> > > > > > https://github.com/MacFlecknoe/service-repository-
> > > > > > sample/blob/master/schema/src/main/resources/policy/authenticati
> > > > > > on-
> > > > > > policy.xml
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > Mike
> > > > >
> > >
>
RE: policy attachment
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
I am bit confused: don't see policy attachments in your configuration, you attach policies direct to endpoint:
<jaxws:features>
<bean class="org.apache.cxf.feature.LoggingFeature"/>
<p:policies>
<!-- we attach policies via spring as there are issues leveraging external policy attachments when using PolicyAttachement with cxf 2.*-->
<wsp:PolicyReference URI="classpath:policy/authentication-policy.xml" />
<wsp:PolicyReference URI="classpath:policy/i18n-policy.xml" />
</p:policies>
</jaxws:features>
To use policy attachments you need something like:
<cxf:bus>
<cxf:features>
<p:policies/>
</cxf:features>
</cxf:bus>
<p:externalAttachment location="${temp.location}/addr-external.xml"/>
Where addr-external.xml is policy attachment:
<attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsp:PolicyAttachment>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://localhost:9020/SoapContext/GreeterPort</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<wsam:Addressing xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata">
<wsp:Policy/>
</wsam:Addressing>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsp:PolicyAttachment>
</attachments>
I propose that you look into working policy attachments CXF system tests and find the difference with your code.
If that doesn't help, please create a small distilled sample with simple policy (for example WS-Addressing) to illustrate your problem, I will look into it.
Regards,
Andrei.
> -----Original Message-----
> From: Lambert, Michael [mailto:michael@michaellambert.com]
> Sent: Mittwoch, 2. Juli 2014 15:25
> To: users@cxf.apache.org
> Subject: Re: policy attachment
>
> Thats part of the problem Andrei. I have followed the examples and its just not
> working for me. Can you take a look at my policy file and wsdl and see if
> anything obvious sticks out as wrong?
>
> https://github.com/MacFlecknoe/service-repository-
> sample/blob/master/schema/src/main/resources/policy/authentication-
> policy.xml
> https://github.com/MacFlecknoe/service-repository-
> sample/blob/master/schema/src/main/resources/service/user-soap-v1.wsdl
>
> Here is how I have it configured:
> https://github.com/MacFlecknoe/service-repository-
> sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.xml
>
> It only works when I embed the policy in the wsdl file itself. The external
> attachment file loads but doesnt trigger the ws-security policy to fire.
>
> -Mike
>
>
> On Wed, Jul 2, 2014 at 8:27 AM, Andrei Shakirin <as...@talend.com>
> wrote:
>
> > Hi,
> >
> > > -----Original Message-----
> > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > Sent: Mittwoch, 2. Juli 2014 14:05
> > > To: users@cxf.apache.org
> > > Subject: RE: policy attachment
> > >
> > > Thanks Andrei! That helps a lot... I'll try your suggestion and let
> > > you
> > know how it
> > > goes.
> > >
> >
> > OK.
> >
> > > Any insight as to why I can't get end point references to work? Is
> > > there
> > a trick to
> > > configuring it? I followed the example on the samples but can't seem
> > > to
> > get it
> > > to work with my wsdl. Does the end point need to match what is in
> > > the
> > wsdl or
> > > what cxf generates the address to be when it starts? Any
> > > documentation surrounding this?
> >
> > This construction should work by default, if endpoint address matches
> > to your service:
> >
> > <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
> > http://www.w3.org/2005/08/addressing">
> > <wsp:PolicyAttachment>
> > <wsp:AppliesTo>
> > <wsa:EndpointReference>
> >
> > <wsa:Address>http://localhost:9020/SoapContext/GreeterPort
> > </wsa:Address>
> > </wsa:EndpointReference>
> > </wsp:AppliesTo>
> > <wsp:Policy>
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <wsam:Addressing xmlns:wsam="
> > http://www.w3.org/2007/02/addressing/metadata">
> > <wsp:Policy/>
> > </wsam:Addressing>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > </wsp:PolicyAttachment>
> > </attachments>
> >
> > For details, look into addr-external.xml and AddressingPolicyTest.java
> > in
> > systests/ws-specs:
> >
> > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systests/ws
> > -specs/src/test/java/org/apache/cxf/systest/ws/policy;h=5e6323442952eb
> > 619300582a2ced25cf861f6118;hb=HEAD
> >
> > Regards,
> > Andrei.
> >
> >
> > >
> > > Thanks much!
> > > On Jul 2, 2014 3:19 AM, "Andrei Shakirin" <as...@talend.com> wrote:
> > >
> > > > Hi,
> > > >
> > > > If you use CXF >= 3.0.0, 2.7.12,
> > > > you should register
> > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBu
> > > > ilde
> > > > r as bus extension.
> > > > It supports all policy attachment URL syntaxes (except extension).
> > > >
> > > > By default CXF registers the
> > > > org.apache.cxf.ws.policy.attachment.external.EndpointReferenceDoma
> > > > inEx pressionBuilder supporting only wsa:EndpointReference.
> > > >
> > > > See https://issues.apache.org/jira/browse/CXF-5685 for details.
> > > >
> > > > Either add following string into META-INF/cxf/bus-extensions.txt:
> > > >
> > > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBu
> > > > ilde r::true or add bean in Spring/Blueprint context with
> > > > URIDomainExpressionBuilder type.
> > > >
> > > > System test registering URIDomainExpressionBuilder:
> > > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systest
> > > > s/ws
> > > > -specs/src/test/java/org/apache/cxf/systest/ws/policy/AddressingPo
> > > > licy
> > > >
> > >
> ExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0c
> > > 00
> > > > 42b649;hb=HEAD
> > > > .
> > > >
> > > > If you use CXF version < 3.0.0, 2.7.12, just copy the classes
> > > > URIDomainExpressionBuilder.java, URIDomainExpression.java and
> > > > register URIDomainExpressionBuilder as bus extension.
> > > >
> > > > Let me know if it works as expected.
> > > >
> > > > Regards,
> > > > Andrei.
> > > >
> > > > > -----Original Message-----
> > > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > > > Sent: Mittwoch, 2. Juli 2014 08:13
> > > > > To: users@cxf.apache.org
> > > > > Subject: policy attachment
> > > > >
> > > > > I feel awful for asking so many questions but googling hasnt
> > > > > been
> > > > helpful.
> > > > >
> > > > > I am attempting to attach an external security policy to an
> > > > > endpoint
> > > > with no
> > > > > success. When I attempt to use a wsp:UI in the AppliesTo element
> > > > > cxf
> > > > blows up.
> > > > > Here is the contents of the file:
> > > > >
> > > > > ----
> > > > > <?xml version="1.0" encoding="UTF-8" ?> <attachments
> > > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > > > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > > > > <wsp:PolicyAttachment>
> > > > > <wsp:AppliesTo>
> > > > > <wsp:URI>
> > > > >
> > > > http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.por
> > > > t(Gr
> > > > eeterSer
> > > > > vice/GreeterPort)
> > > > > </wsp:URI>
> > > > > </wsp:AppliesTo>
> > > > > <wsp:Policy>
> > > > > <wsp:ExactlyOne>
> > > > > <wsp:All>
> > > > > <wsp:Policy>
> > > > > <sp:UsernameToken sp:IncludeToken="
> > > > >
> > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/
> > > > Alwa
> > > > ysTo
> > > > > Recipient
> > > > > ">
> > > > > <wsp:Policy>
> > > > > <sp:WssUsernameToken10 />
> > > > > </wsp:Policy>
> > > > > </sp:UsernameToken>
> > > > > </wsp:Policy>
> > > > > </wsp:All>
> > > > > </wsp:ExactlyOne>
> > > > > </wsp:Policy>
> > > > > </wsp:PolicyAttachment>
> > > > > </attachments>
> > > > >
> > > > > ----
> > > > > And here is the error:
> > > > > ----
> > > > > Caused by: javax.xml.ws.WebServiceException:
> > > > > org.apache.cxf.ws.policy.PolicyException:
> > > > > NO_DOMAINEXPRESSIONBUILDER_EXC
> > > > > ----
> > > > > It appears that the wsp:URI element passed into
> > > > > DomainExpressionBuilderRegistry.build(Element element) has null
> > > > > contents
> > > > for
> > > > > a reason that I cannot figure out. I have tried different
> > > > > syntaxes and
> > > > URLs to try
> > > > > to get it to work and its always null.
> > > > >
> > > > > Putting an EndpointReference in the AppliesTo element doesnt error:
> > > > >
> > > > > <wsa:EndpointReference><wsa:Address>http://localhost:8080/user-
> > > > > service/userService</wsa:Address>
> > > > > </wsa:EndpointReference>
> > > > >
> > > > > But it doesnt work either. It never seems to intercept calls to
> > > > > the
> > > > service hosted
> > > > > at the configured URL. The ONLY way I have able to get it to
> > > > > work is by embedding the policy in the wsdl. I dont want to do
> > > > > that however as I
> > > > want a
> > > > > mediator to handle the policy and would like the contract
> > > > > policies to
> > > > configured
> > > > > differently in different environments.
> > > > >
> > > > >
> > > > > Any help would be appreciated. I am tearing my hair out over
> > > > > this. I
> > > > cant be the
> > > > > only one attempting to do this.
> > > > >
> > > > > The code is on github:
> > > > >
> > > > > https://github.com/MacFlecknoe/service-repository-
> > > > > sample/blob/master/schema/src/main/resources/policy/authenticati
> > > > > on-
> > > > > policy.xml
> > > > >
> > > > > Thanks.
> > > > >
> > > > > Mike
> > > >
> >
Re: policy attachment
Posted by "Lambert, Michael" <mi...@michaellambert.com>.
Thats part of the problem Andrei. I have followed the examples and its just
not working for me. Can you take a look at my policy file and wsdl and see
if anything obvious sticks out as wrong?
https://github.com/MacFlecknoe/service-repository-sample/blob/master/schema/src/main/resources/policy/authentication-policy.xml
https://github.com/MacFlecknoe/service-repository-sample/blob/master/schema/src/main/resources/service/user-soap-v1.wsdl
Here is how I have it configured:
https://github.com/MacFlecknoe/service-repository-sample/blob/master/user/service/src/main/webapp/WEB-INF/beans.xml
It only works when I embed the policy in the wsdl file itself. The external
attachment file loads but doesnt trigger the ws-security policy to fire.
-Mike
On Wed, Jul 2, 2014 at 8:27 AM, Andrei Shakirin <as...@talend.com>
wrote:
> Hi,
>
> > -----Original Message-----
> > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > Sent: Mittwoch, 2. Juli 2014 14:05
> > To: users@cxf.apache.org
> > Subject: RE: policy attachment
> >
> > Thanks Andrei! That helps a lot... I'll try your suggestion and let you
> know how it
> > goes.
> >
>
> OK.
>
> > Any insight as to why I can't get end point references to work? Is there
> a trick to
> > configuring it? I followed the example on the samples but can't seem to
> get it
> > to work with my wsdl. Does the end point need to match what is in the
> wsdl or
> > what cxf generates the address to be when it starts? Any documentation
> > surrounding this?
>
> This construction should work by default, if endpoint address matches to
> your service:
>
> <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="
> http://www.w3.org/2005/08/addressing">
> <wsp:PolicyAttachment>
> <wsp:AppliesTo>
> <wsa:EndpointReference>
> <wsa:Address>http://localhost:9020/SoapContext/GreeterPort
> </wsa:Address>
> </wsa:EndpointReference>
> </wsp:AppliesTo>
> <wsp:Policy>
> <wsp:ExactlyOne>
> <wsp:All>
> <wsam:Addressing xmlns:wsam="
> http://www.w3.org/2007/02/addressing/metadata">
> <wsp:Policy/>
> </wsam:Addressing>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> </wsp:PolicyAttachment>
> </attachments>
>
> For details, look into addr-external.xml and AddressingPolicyTest.java in
> systests/ws-specs:
>
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy;h=5e6323442952eb619300582a2ced25cf861f6118;hb=HEAD
>
> Regards,
> Andrei.
>
>
> >
> > Thanks much!
> > On Jul 2, 2014 3:19 AM, "Andrei Shakirin" <as...@talend.com> wrote:
> >
> > > Hi,
> > >
> > > If you use CXF >= 3.0.0, 2.7.12,
> > > you should register
> > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBuilde
> > > r as bus extension.
> > > It supports all policy attachment URL syntaxes (except extension).
> > >
> > > By default CXF registers the
> > > org.apache.cxf.ws.policy.attachment.external.EndpointReferenceDomainEx
> > > pressionBuilder supporting only wsa:EndpointReference.
> > >
> > > See https://issues.apache.org/jira/browse/CXF-5685 for details.
> > >
> > > Either add following string into META-INF/cxf/bus-extensions.txt:
> > >
> > > org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBuilde
> > > r::true or add bean in Spring/Blueprint context with
> > > URIDomainExpressionBuilder type.
> > >
> > > System test registering URIDomainExpressionBuilder:
> > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws
> > > -specs/src/test/java/org/apache/cxf/systest/ws/policy/AddressingPolicy
> > >
> > ExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0c00
> > > 42b649;hb=HEAD
> > > .
> > >
> > > If you use CXF version < 3.0.0, 2.7.12, just copy the classes
> > > URIDomainExpressionBuilder.java, URIDomainExpression.java and register
> > > URIDomainExpressionBuilder as bus extension.
> > >
> > > Let me know if it works as expected.
> > >
> > > Regards,
> > > Andrei.
> > >
> > > > -----Original Message-----
> > > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > > Sent: Mittwoch, 2. Juli 2014 08:13
> > > > To: users@cxf.apache.org
> > > > Subject: policy attachment
> > > >
> > > > I feel awful for asking so many questions but googling hasnt been
> > > helpful.
> > > >
> > > > I am attempting to attach an external security policy to an endpoint
> > > with no
> > > > success. When I attempt to use a wsp:UI in the AppliesTo element cxf
> > > blows up.
> > > > Here is the contents of the file:
> > > >
> > > > ----
> > > > <?xml version="1.0" encoding="UTF-8" ?> <attachments
> > > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > > > <wsp:PolicyAttachment>
> > > > <wsp:AppliesTo>
> > > > <wsp:URI>
> > > >
> > > http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.port(Gr
> > > eeterSer
> > > > vice/GreeterPort)
> > > > </wsp:URI>
> > > > </wsp:AppliesTo>
> > > > <wsp:Policy>
> > > > <wsp:ExactlyOne>
> > > > <wsp:All>
> > > > <wsp:Policy>
> > > > <sp:UsernameToken sp:IncludeToken="
> > > >
> > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Alwa
> > > ysTo
> > > > Recipient
> > > > ">
> > > > <wsp:Policy>
> > > > <sp:WssUsernameToken10 />
> > > > </wsp:Policy>
> > > > </sp:UsernameToken>
> > > > </wsp:Policy>
> > > > </wsp:All>
> > > > </wsp:ExactlyOne>
> > > > </wsp:Policy>
> > > > </wsp:PolicyAttachment>
> > > > </attachments>
> > > >
> > > > ----
> > > > And here is the error:
> > > > ----
> > > > Caused by: javax.xml.ws.WebServiceException:
> > > > org.apache.cxf.ws.policy.PolicyException:
> > > > NO_DOMAINEXPRESSIONBUILDER_EXC
> > > > ----
> > > > It appears that the wsp:URI element passed into
> > > > DomainExpressionBuilderRegistry.build(Element element) has null
> > > > contents
> > > for
> > > > a reason that I cannot figure out. I have tried different syntaxes
> > > > and
> > > URLs to try
> > > > to get it to work and its always null.
> > > >
> > > > Putting an EndpointReference in the AppliesTo element doesnt error:
> > > >
> > > > <wsa:EndpointReference><wsa:Address>http://localhost:8080/user-
> > > > service/userService</wsa:Address>
> > > > </wsa:EndpointReference>
> > > >
> > > > But it doesnt work either. It never seems to intercept calls to the
> > > service hosted
> > > > at the configured URL. The ONLY way I have able to get it to work is
> > > > by embedding the policy in the wsdl. I dont want to do that however
> > > > as I
> > > want a
> > > > mediator to handle the policy and would like the contract policies
> > > > to
> > > configured
> > > > differently in different environments.
> > > >
> > > >
> > > > Any help would be appreciated. I am tearing my hair out over this. I
> > > cant be the
> > > > only one attempting to do this.
> > > >
> > > > The code is on github:
> > > >
> > > > https://github.com/MacFlecknoe/service-repository-
> > > > sample/blob/master/schema/src/main/resources/policy/authentication-
> > > > policy.xml
> > > >
> > > > Thanks.
> > > >
> > > > Mike
> > >
>
RE: policy attachment
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
> -----Original Message-----
> From: Lambert, Michael [mailto:michael@michaellambert.com]
> Sent: Mittwoch, 2. Juli 2014 14:05
> To: users@cxf.apache.org
> Subject: RE: policy attachment
>
> Thanks Andrei! That helps a lot... I'll try your suggestion and let you know how it
> goes.
>
OK.
> Any insight as to why I can't get end point references to work? Is there a trick to
> configuring it? I followed the example on the samples but can't seem to get it
> to work with my wsdl. Does the end point need to match what is in the wsdl or
> what cxf generates the address to be when it starts? Any documentation
> surrounding this?
This construction should work by default, if endpoint address matches to your service:
<attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsp:PolicyAttachment>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://localhost:9020/SoapContext/GreeterPort</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<wsam:Addressing xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata">
<wsp:Policy/>
</wsam:Addressing>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsp:PolicyAttachment>
</attachments>
For details, look into addr-external.xml and AddressingPolicyTest.java in systests/ws-specs:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy;h=5e6323442952eb619300582a2ced25cf861f6118;hb=HEAD
Regards,
Andrei.
>
> Thanks much!
> On Jul 2, 2014 3:19 AM, "Andrei Shakirin" <as...@talend.com> wrote:
>
> > Hi,
> >
> > If you use CXF >= 3.0.0, 2.7.12,
> > you should register
> > org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBuilde
> > r as bus extension.
> > It supports all policy attachment URL syntaxes (except extension).
> >
> > By default CXF registers the
> > org.apache.cxf.ws.policy.attachment.external.EndpointReferenceDomainEx
> > pressionBuilder supporting only wsa:EndpointReference.
> >
> > See https://issues.apache.org/jira/browse/CXF-5685 for details.
> >
> > Either add following string into META-INF/cxf/bus-extensions.txt:
> >
> > org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBuilde
> > r::true or add bean in Spring/Blueprint context with
> > URIDomainExpressionBuilder type.
> >
> > System test registering URIDomainExpressionBuilder:
> > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws
> > -specs/src/test/java/org/apache/cxf/systest/ws/policy/AddressingPolicy
> >
> ExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0c00
> > 42b649;hb=HEAD
> > .
> >
> > If you use CXF version < 3.0.0, 2.7.12, just copy the classes
> > URIDomainExpressionBuilder.java, URIDomainExpression.java and register
> > URIDomainExpressionBuilder as bus extension.
> >
> > Let me know if it works as expected.
> >
> > Regards,
> > Andrei.
> >
> > > -----Original Message-----
> > > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > > Sent: Mittwoch, 2. Juli 2014 08:13
> > > To: users@cxf.apache.org
> > > Subject: policy attachment
> > >
> > > I feel awful for asking so many questions but googling hasnt been
> > helpful.
> > >
> > > I am attempting to attach an external security policy to an endpoint
> > with no
> > > success. When I attempt to use a wsp:UI in the AppliesTo element cxf
> > blows up.
> > > Here is the contents of the file:
> > >
> > > ----
> > > <?xml version="1.0" encoding="UTF-8" ?> <attachments
> > > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > > <wsp:PolicyAttachment>
> > > <wsp:AppliesTo>
> > > <wsp:URI>
> > >
> > http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.port(Gr
> > eeterSer
> > > vice/GreeterPort)
> > > </wsp:URI>
> > > </wsp:AppliesTo>
> > > <wsp:Policy>
> > > <wsp:ExactlyOne>
> > > <wsp:All>
> > > <wsp:Policy>
> > > <sp:UsernameToken sp:IncludeToken="
> > >
> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Alwa
> > ysTo
> > > Recipient
> > > ">
> > > <wsp:Policy>
> > > <sp:WssUsernameToken10 />
> > > </wsp:Policy>
> > > </sp:UsernameToken>
> > > </wsp:Policy>
> > > </wsp:All>
> > > </wsp:ExactlyOne>
> > > </wsp:Policy>
> > > </wsp:PolicyAttachment>
> > > </attachments>
> > >
> > > ----
> > > And here is the error:
> > > ----
> > > Caused by: javax.xml.ws.WebServiceException:
> > > org.apache.cxf.ws.policy.PolicyException:
> > > NO_DOMAINEXPRESSIONBUILDER_EXC
> > > ----
> > > It appears that the wsp:URI element passed into
> > > DomainExpressionBuilderRegistry.build(Element element) has null
> > > contents
> > for
> > > a reason that I cannot figure out. I have tried different syntaxes
> > > and
> > URLs to try
> > > to get it to work and its always null.
> > >
> > > Putting an EndpointReference in the AppliesTo element doesnt error:
> > >
> > > <wsa:EndpointReference><wsa:Address>http://localhost:8080/user-
> > > service/userService</wsa:Address>
> > > </wsa:EndpointReference>
> > >
> > > But it doesnt work either. It never seems to intercept calls to the
> > service hosted
> > > at the configured URL. The ONLY way I have able to get it to work is
> > > by embedding the policy in the wsdl. I dont want to do that however
> > > as I
> > want a
> > > mediator to handle the policy and would like the contract policies
> > > to
> > configured
> > > differently in different environments.
> > >
> > >
> > > Any help would be appreciated. I am tearing my hair out over this. I
> > cant be the
> > > only one attempting to do this.
> > >
> > > The code is on github:
> > >
> > > https://github.com/MacFlecknoe/service-repository-
> > > sample/blob/master/schema/src/main/resources/policy/authentication-
> > > policy.xml
> > >
> > > Thanks.
> > >
> > > Mike
> >
RE: policy attachment
Posted by "Lambert, Michael" <mi...@michaellambert.com>.
Thanks Andrei! That helps a lot... I'll try your suggestion and let you
know how it goes.
Any insight as to why I can't get end point references to work? Is there a
trick to configuring it? I followed the example on the samples but can't
seem to get it to work with my wsdl. Does the end point need to match what
is in the wsdl or what cxf generates the address to be when it starts? Any
documentation surrounding this?
Thanks much!
On Jul 2, 2014 3:19 AM, "Andrei Shakirin" <as...@talend.com> wrote:
> Hi,
>
> If you use CXF >= 3.0.0, 2.7.12,
> you should register
> org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBuilder as
> bus extension.
> It supports all policy attachment URL syntaxes (except extension).
>
> By default CXF registers the
> org.apache.cxf.ws.policy.attachment.external.EndpointReferenceDomainExpressionBuilder
> supporting only wsa:EndpointReference.
>
> See https://issues.apache.org/jira/browse/CXF-5685 for details.
>
> Either add following string into META-INF/cxf/bus-extensions.txt:
>
> org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBuilder::true
> or add bean in Spring/Blueprint context with URIDomainExpressionBuilder
> type.
>
> System test registering URIDomainExpressionBuilder:
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/AddressingPolicyExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0c0042b649;hb=HEAD
> .
>
> If you use CXF version < 3.0.0, 2.7.12, just copy the classes
> URIDomainExpressionBuilder.java, URIDomainExpression.java and register
> URIDomainExpressionBuilder as bus extension.
>
> Let me know if it works as expected.
>
> Regards,
> Andrei.
>
> > -----Original Message-----
> > From: Lambert, Michael [mailto:michael@michaellambert.com]
> > Sent: Mittwoch, 2. Juli 2014 08:13
> > To: users@cxf.apache.org
> > Subject: policy attachment
> >
> > I feel awful for asking so many questions but googling hasnt been
> helpful.
> >
> > I am attempting to attach an external security policy to an endpoint
> with no
> > success. When I attempt to use a wsp:UI in the AppliesTo element cxf
> blows up.
> > Here is the contents of the file:
> >
> > ----
> > <?xml version="1.0" encoding="UTF-8" ?>
> > <attachments
> > xmlns:wsp="http://www.w3.org/ns/ws-policy"
> > xmlns:wsa="http://www.w3.org/2005/08/addressing"
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:PolicyAttachment>
> > <wsp:AppliesTo>
> > <wsp:URI>
> >
> http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.port(GreeterSer
> > vice/GreeterPort)
> > </wsp:URI>
> > </wsp:AppliesTo>
> > <wsp:Policy>
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <wsp:Policy>
> > <sp:UsernameToken sp:IncludeToken="
> >
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysTo
> > Recipient
> > ">
> > <wsp:Policy>
> > <sp:WssUsernameToken10 />
> > </wsp:Policy>
> > </sp:UsernameToken>
> > </wsp:Policy>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > </wsp:PolicyAttachment>
> > </attachments>
> >
> > ----
> > And here is the error:
> > ----
> > Caused by: javax.xml.ws.WebServiceException:
> > org.apache.cxf.ws.policy.PolicyException:
> > NO_DOMAINEXPRESSIONBUILDER_EXC
> > ----
> > It appears that the wsp:URI element passed into
> > DomainExpressionBuilderRegistry.build(Element element) has null contents
> for
> > a reason that I cannot figure out. I have tried different syntaxes and
> URLs to try
> > to get it to work and its always null.
> >
> > Putting an EndpointReference in the AppliesTo element doesnt error:
> >
> > <wsa:EndpointReference><wsa:Address>http://localhost:8080/user-
> > service/userService</wsa:Address>
> > </wsa:EndpointReference>
> >
> > But it doesnt work either. It never seems to intercept calls to the
> service hosted
> > at the configured URL. The ONLY way I have able to get it to work is by
> > embedding the policy in the wsdl. I dont want to do that however as I
> want a
> > mediator to handle the policy and would like the contract policies to
> configured
> > differently in different environments.
> >
> >
> > Any help would be appreciated. I am tearing my hair out over this. I
> cant be the
> > only one attempting to do this.
> >
> > The code is on github:
> >
> > https://github.com/MacFlecknoe/service-repository-
> > sample/blob/master/schema/src/main/resources/policy/authentication-
> > policy.xml
> >
> > Thanks.
> >
> > Mike
>
RE: policy attachment
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
If you use CXF >= 3.0.0, 2.7.12,
you should register org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBuilder as bus extension.
It supports all policy attachment URL syntaxes (except extension).
By default CXF registers the org.apache.cxf.ws.policy.attachment.external.EndpointReferenceDomainExpressionBuilder supporting only wsa:EndpointReference.
See https://issues.apache.org/jira/browse/CXF-5685 for details.
Either add following string into META-INF/cxf/bus-extensions.txt:
org.apache.cxf.ws.policy.attachment.external.URIDomainExpressionBuilder::true
or add bean in Spring/Blueprint context with URIDomainExpressionBuilder type.
System test registering URIDomainExpressionBuilder: https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/AddressingPolicyExternalAttachmentWsdl11Test.java;h=d44ee8decf628a57edbf402bc6d8ff0c0042b649;hb=HEAD .
If you use CXF version < 3.0.0, 2.7.12, just copy the classes URIDomainExpressionBuilder.java, URIDomainExpression.java and register URIDomainExpressionBuilder as bus extension.
Let me know if it works as expected.
Regards,
Andrei.
> -----Original Message-----
> From: Lambert, Michael [mailto:michael@michaellambert.com]
> Sent: Mittwoch, 2. Juli 2014 08:13
> To: users@cxf.apache.org
> Subject: policy attachment
>
> I feel awful for asking so many questions but googling hasnt been helpful.
>
> I am attempting to attach an external security policy to an endpoint with no
> success. When I attempt to use a wsp:UI in the AppliesTo element cxf blows up.
> Here is the contents of the file:
>
> ----
> <?xml version="1.0" encoding="UTF-8" ?>
> <attachments
> xmlns:wsp="http://www.w3.org/ns/ws-policy"
> xmlns:wsa="http://www.w3.org/2005/08/addressing"
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:PolicyAttachment>
> <wsp:AppliesTo>
> <wsp:URI>
> http://cxf.apache.org/testutils/wsdl/greeter_control.wsdl#wsdl.port(GreeterSer
> vice/GreeterPort)
> </wsp:URI>
> </wsp:AppliesTo>
> <wsp:Policy>
> <wsp:ExactlyOne>
> <wsp:All>
> <wsp:Policy>
> <sp:UsernameToken sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysTo
> Recipient
> ">
> <wsp:Policy>
> <sp:WssUsernameToken10 />
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> </wsp:PolicyAttachment>
> </attachments>
>
> ----
> And here is the error:
> ----
> Caused by: javax.xml.ws.WebServiceException:
> org.apache.cxf.ws.policy.PolicyException:
> NO_DOMAINEXPRESSIONBUILDER_EXC
> ----
> It appears that the wsp:URI element passed into
> DomainExpressionBuilderRegistry.build(Element element) has null contents for
> a reason that I cannot figure out. I have tried different syntaxes and URLs to try
> to get it to work and its always null.
>
> Putting an EndpointReference in the AppliesTo element doesnt error:
>
> <wsa:EndpointReference><wsa:Address>http://localhost:8080/user-
> service/userService</wsa:Address>
> </wsa:EndpointReference>
>
> But it doesnt work either. It never seems to intercept calls to the service hosted
> at the configured URL. The ONLY way I have able to get it to work is by
> embedding the policy in the wsdl. I dont want to do that however as I want a
> mediator to handle the policy and would like the contract policies to configured
> differently in different environments.
>
>
> Any help would be appreciated. I am tearing my hair out over this. I cant be the
> only one attempting to do this.
>
> The code is on github:
>
> https://github.com/MacFlecknoe/service-repository-
> sample/blob/master/schema/src/main/resources/policy/authentication-
> policy.xml
>
> Thanks.
>
> Mike