You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by semecxf <di...@gmail.com> on 2012/04/04 17:36:32 UTC
UserToken policy not working (Help very urgent)
Here is my use case, I don't want sign, encrypt messages and send user name
and password with my web service calls. Signing and encryption work fine
but, user token is not being included in soap message.
Any idea what is wrong my policy?
Does any body can provide a sample policy and code to that?
<wsp:Policy wsu:Id="SignEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="UsernameToken_Policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<sp:SupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:WssUsernameToken11/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:Policy>
--
View this message in context: http://cxf.547215.n5.nabble.com/UserToken-policy-not-working-Help-very-urgent-tp5618115p5618115.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: UserToken policy not working (Help very urgent)
Posted by semecxf <di...@gmail.com>.
It is working now.
--
View this message in context: http://cxf.547215.n5.nabble.com/UserToken-policy-not-working-Help-very-urgent-tp5618115p5622662.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: UserToken policy not working (Help very urgent)
Posted by Colm O hEigeartaigh <co...@apache.org>.
Could you attach your full WSDL? Is there any reason why you need to
specify two separate policies? Check out the policies defined in this
systest:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?view=markup
Colm.
On Wed, Apr 4, 2012 at 6:14 PM, semecxf <di...@gmail.com> wrote:
> That did not help me.
>
> Can I send user token with additional policy?
> I have two policies in my wsdl. First policy does signing and encryption,
> and it works.
> The second policy needs to provide user token, but it not work.
> I tried every scenario and it did not work meaning no user token in my soap
> header.
>
> I tried below and it did not work for user token.
>
> <wsp:Policy wsu:Id="SignEncr"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SupportingTokens
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:UsernameToken
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssUsernameToken11/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> <sp:SignedParts
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body/>
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body/>
> </sp:EncryptedParts>
>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> <wsp:Policy wsu:Id="UsernameToken_Policy"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsp:All>
> <sp:SupportingTokens
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:UsernameToken
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssUsernameToken11/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> </wsp:All>
> </wsp:Policy>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/UserToken-policy-not-working-Help-very-urgent-tp5618115p5618453.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: UserToken policy not working (Help very urgent)
Posted by semecxf <di...@gmail.com>.
That did not help me.
Can I send user token with additional policy?
I have two policies in my wsdl. First policy does signing and encryption,
and it works.
The second policy needs to provide user token, but it not work.
I tried every scenario and it did not work meaning no user token in my soap
header.
I tried below and it did not work for user token.
<wsp:Policy wsu:Id="SignEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken11/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="UsernameToken_Policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken11/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:Policy>
--
View this message in context: http://cxf.547215.n5.nabble.com/UserToken-policy-not-working-Help-very-urgent-tp5618115p5618453.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: UserToken policy not working (Help very urgent)
Posted by Glen Mazza <gm...@talend.com>.
http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile might help
you.
Glen
On 04/04/2012 11:36 AM, semecxf wrote:
> Here is my use case, I don't want sign, encrypt messages and send user name
> and password with my web service calls. Signing and encryption work fine
> but, user token is not being included in soap message.
> Any idea what is wrong my policy?
> Does any body can provide a sample policy and code to that?
>
>
>
> <wsp:Policy wsu:Id="SignEncr"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference/>
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> <sp:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body/>
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body/>
> </sp:EncryptedParts>
>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> <wsp:Policy wsu:Id="UsernameToken_Policy"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>
> <sp:SupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:UsernameToken
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
> <wsp:Policy>
> <sp:WssUsernameToken11/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> </wsp:Policy>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/UserToken-policy-not-working-Help-very-urgent-tp5618115p5618115.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza