You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by pep25abril <pe...@gmail.com> on 2011/11/22 18:35:14 UTC
Getting error 'None of the policy alternatives can be satisfied.'
and no possibilities to solve it
Hi guys,
I've generated with wsdl2java, a client to invoke a webservice placed in an
Oracle OSB. The WSDL definition, has ws-security properties, and it uses
standard assertions (<wsp:Policy>, <wsp:UsingPolicy>, ...) and others that
are generated automatically like <WL5G3N0:binding>.
Once I execute my client in order to invoke the server, I always get the
error:
Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy
alternatives can be satisfied.
I've been seeing forums and others, and finally I've included a
policyinterceptor in order to assert the policies, as it's said in
http://cxf.547215.n5.nabble.com/Adding-custom-ws-policy-assertions-td558439.html
.
The problem is that when I get the message in handler method, when I execute
'aim = message.get(AssertionInfoMap.class);', aim always gets null value...
so I can't assert any policy later.
I think I have used almost all the alternatives I have seen in docs, apache
CXF website, other forums, etc. without succes. Would you have any idea or
suggestion about this?
Thanks,
Pep
--
View this message in context: http://cxf.547215.n5.nabble.com/Getting-error-None-of-the-policy-alternatives-can-be-satisfied-and-no-possibilities-to-solve-it-tp5014166p5014166.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Getting error 'None of the policy alternatives can be satisfied.'
and no possibilities to solve it
Posted by Aki Yoshida <el...@googlemail.com>.
2011/11/24 pep25abril <pe...@gmail.com>:
> Hi Dan,
>
> Finally I have seen that my problem wasn't related with node names, but
> with policies. My Soap request, needs a policy that I see it's not
> implemented in CXF, concretely, policy '
> http://www.bea.com/wls90/security/policy'. I use the Weblogic policy as
> explained in:
>
> http://docs.oracle.com/cd/E11035_01/wls100/webserv_ref/sec_assert.html
>
> <wsp:Policy WL5G3N1:Id="SignBody"><wsp:ExactlyOne><wsp:All><wssp:Integrity
> SignToken="false"><wssp:SignatureAlgorithm URI="
> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><wssp:CanonicalizationAlgorithm
> URI="http://www.w3.org/2001/10/xml-exc-c14n#"/><wssp:Target><wssp:DigestAlgorithm
> URI="http://www.w3.org/2000/09/xmldsig#sha1"/><wssp:MessageParts Dialect="
> http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts></wssp:Target><wssp:SupportedTokens><wssp:SecurityToken
> IncludeInMessage="true" TokenType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> "><wssp:TokenIssuer>
> ...
>
> In order to be able to handler that policy, should I define this policy in
> CXF source code? In that case, is there some how-to, doc, etc. explaining
> how to implement it? Or am I wrong and there is some other easy solution?
>
Hi,
One approach is that you implement your policy provider to process
those BEA policy assertions. You can find some documentation in
http://cxf.apache.org/docs/ws-policy.html.
Alternatively, if you know what those assertions are and if you can
appropriately configure the interceptors directly, you can use the
IgnorablePolicyInterceptorProvider (See the example in Dan's previous
reply) to assert them so that you can omit the validation phase. In
this case, you need to set each of the BEA policy assertion's QNames
in this bean's constructor argument (that bean example is ignoring
OneWay and Duplex of namespace http://tempuri.org/policy).
regards, aki
> Thanks,
>
> Pep
>
>
> 2011/11/22 Daniel Kulp [via CXF] <ml...@n5.nabble.com>
>
>>
>>
>> If using CXF 2.5.0, you can handle this a LOT easier if you just want to
>> ignore those policies. You can add a bean in the configuration somewhat
>> like:
>>
>> <bean
>> class="org.apache.cxf.ws.policy.IgnorablePolicyInterceptorProvider">
>> <constructor-arg>
>> <!-- the list of assertion types that can be ignored -->
>> <list>
>> <bean class="javax.xml.namespace.QName">
>> <constructor-arg value="http://tempuri.org/policy"/>
>> <constructor-arg value="Duplex"/>
>> </bean>
>> <bean class="javax.xml.namespace.QName">
>> <constructor-arg value="http://tempuri.org/policy"/>
>> <constructor-arg value="OneWay"/>
>> </bean>
>> </list>
>> </constructor-arg>
>> </bean>
>>
>> which will tell the runtime to automatically assert those assertions.
>>
>>
>> Dan
>>
>>
>>
>>
>>
>> On Tuesday, November 22, 2011 9:35:14 AM pep25abril wrote:
>>
>> > Hi guys,
>> >
>> > I've generated with wsdl2java, a client to invoke a webservice placed in
>> an
>> > Oracle OSB. The WSDL definition, has ws-security properties, and it uses
>> > standard assertions (<wsp:Policy>, <wsp:UsingPolicy>, ...) and others
>> that
>> > are generated automatically like <WL5G3N0:binding>.
>> >
>> > Once I execute my client in order to invoke the server, I always get the
>> > error:
>> > Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy
>> > alternatives can be satisfied.
>> >
>> > I've been seeing forums and others, and finally I've included a
>> > policyinterceptor in order to assert the policies, as it's said in
>> >
>> http://cxf.547215.n5.nabble.com/Adding-custom-ws-policy-assertions-td558439.
>>
>> > html .
>> >
>> > The problem is that when I get the message in handler method, when I
>> execute
>> > 'aim = message.get(AssertionInfoMap.class);', aim always gets null
>> value...
>> > so I can't assert any policy later.
>> >
>> > I think I have used almost all the alternatives I have seen in docs,
>> apache
>> > CXF website, other forums, etc. without succes. Would you have any idea
>> or
>> > suggestion about this?
>> >
>> > Thanks,
>> >
>> > Pep
>> >
>> >
>> >
>> > --
>> > View this message in context:
>> >
>> http://cxf.547215.n5.nabble.com/Getting-error-None-of-the-policy-alternativ
>> >
>> es-can-be-satisfied-and-no-possibilities-to-solve-it-tp5014166p5014166.html
>> > Sent from the cxf-user mailing list archive at Nabble.com.
>> --
>> Daniel Kulp
>> [hidden email] <http://user/SendEmail.jtp?type=node&node=5014931&i=0> -
>> http://dankulp.com/blog
>>
>> Talend Community Coder - http://coders.talend.com
>>
>>
>> ------------------------------
>> If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://cxf.547215.n5.nabble.com/Getting-error-None-of-the-policy-alternatives-can-be-satisfied-and-no-possibilities-to-solve-it-tp5014166p5014931.html
>> To unsubscribe from Getting error 'None of the policy alternatives can be
>> satisfied.' and no possibilities to solve it, click here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5014166&code=cGVwMjVhYnJpbEBnbWFpbC5jb218NTAxNDE2NnwxMzc1MjMzMjA1>
>> .
>> NAML<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Getting-error-None-of-the-policy-alternatives-can-be-satisfied-and-no-possibilities-to-solve-it-tp5014166p5020741.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: Getting error 'None of the policy alternatives can be
satisfied.' and no possibilities to solve it
Posted by pep25abril <pe...@gmail.com>.
Hi Dan,
Finally I have seen that my problem wasn't related with node names, but
with policies. My Soap request, needs a policy that I see it's not
implemented in CXF, concretely, policy '
http://www.bea.com/wls90/security/policy'. I use the Weblogic policy as
explained in:
http://docs.oracle.com/cd/E11035_01/wls100/webserv_ref/sec_assert.html
<wsp:Policy WL5G3N1:Id="SignBody"><wsp:ExactlyOne><wsp:All><wssp:Integrity
SignToken="false"><wssp:SignatureAlgorithm URI="
http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><wssp:CanonicalizationAlgorithm
URI="http://www.w3.org/2001/10/xml-exc-c14n#"/><wssp:Target><wssp:DigestAlgorithm
URI="http://www.w3.org/2000/09/xmldsig#sha1"/><wssp:MessageParts Dialect="
http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts></wssp:Target><wssp:SupportedTokens><wssp:SecurityToken
IncludeInMessage="true" TokenType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
"><wssp:TokenIssuer>
...
In order to be able to handler that policy, should I define this policy in
CXF source code? In that case, is there some how-to, doc, etc. explaining
how to implement it? Or am I wrong and there is some other easy solution?
Thanks,
Pep
2011/11/22 Daniel Kulp [via CXF] <ml...@n5.nabble.com>
>
>
> If using CXF 2.5.0, you can handle this a LOT easier if you just want to
> ignore those policies. You can add a bean in the configuration somewhat
> like:
>
> <bean
> class="org.apache.cxf.ws.policy.IgnorablePolicyInterceptorProvider">
> <constructor-arg>
> <!-- the list of assertion types that can be ignored -->
> <list>
> <bean class="javax.xml.namespace.QName">
> <constructor-arg value="http://tempuri.org/policy"/>
> <constructor-arg value="Duplex"/>
> </bean>
> <bean class="javax.xml.namespace.QName">
> <constructor-arg value="http://tempuri.org/policy"/>
> <constructor-arg value="OneWay"/>
> </bean>
> </list>
> </constructor-arg>
> </bean>
>
> which will tell the runtime to automatically assert those assertions.
>
>
> Dan
>
>
>
>
>
> On Tuesday, November 22, 2011 9:35:14 AM pep25abril wrote:
>
> > Hi guys,
> >
> > I've generated with wsdl2java, a client to invoke a webservice placed in
> an
> > Oracle OSB. The WSDL definition, has ws-security properties, and it uses
> > standard assertions (<wsp:Policy>, <wsp:UsingPolicy>, ...) and others
> that
> > are generated automatically like <WL5G3N0:binding>.
> >
> > Once I execute my client in order to invoke the server, I always get the
> > error:
> > Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy
> > alternatives can be satisfied.
> >
> > I've been seeing forums and others, and finally I've included a
> > policyinterceptor in order to assert the policies, as it's said in
> >
> http://cxf.547215.n5.nabble.com/Adding-custom-ws-policy-assertions-td558439.
>
> > html .
> >
> > The problem is that when I get the message in handler method, when I
> execute
> > 'aim = message.get(AssertionInfoMap.class);', aim always gets null
> value...
> > so I can't assert any policy later.
> >
> > I think I have used almost all the alternatives I have seen in docs,
> apache
> > CXF website, other forums, etc. without succes. Would you have any idea
> or
> > suggestion about this?
> >
> > Thanks,
> >
> > Pep
> >
> >
> >
> > --
> > View this message in context:
> >
> http://cxf.547215.n5.nabble.com/Getting-error-None-of-the-policy-alternativ
> >
> es-can-be-satisfied-and-no-possibilities-to-solve-it-tp5014166p5014166.html
> > Sent from the cxf-user mailing list archive at Nabble.com.
> --
> Daniel Kulp
> [hidden email] <http://user/SendEmail.jtp?type=node&node=5014931&i=0> -
> http://dankulp.com/blog
>
> Talend Community Coder - http://coders.talend.com
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://cxf.547215.n5.nabble.com/Getting-error-None-of-the-policy-alternatives-can-be-satisfied-and-no-possibilities-to-solve-it-tp5014166p5014931.html
> To unsubscribe from Getting error 'None of the policy alternatives can be
> satisfied.' and no possibilities to solve it, click here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5014166&code=cGVwMjVhYnJpbEBnbWFpbC5jb218NTAxNDE2NnwxMzc1MjMzMjA1>
> .
> NAML<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context: http://cxf.547215.n5.nabble.com/Getting-error-None-of-the-policy-alternatives-can-be-satisfied-and-no-possibilities-to-solve-it-tp5014166p5020741.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Getting error 'None of the policy alternatives can be satisfied.' and no possibilities to solve it
Posted by Daniel Kulp <dk...@apache.org>.
If using CXF 2.5.0, you can handle this a LOT easier if you just want to
ignore those policies. You can add a bean in the configuration somewhat
like:
<bean class="org.apache.cxf.ws.policy.IgnorablePolicyInterceptorProvider">
<constructor-arg>
<!-- the list of assertion types that can be ignored -->
<list>
<bean class="javax.xml.namespace.QName">
<constructor-arg value="http://tempuri.org/policy"/>
<constructor-arg value="Duplex"/>
</bean>
<bean class="javax.xml.namespace.QName">
<constructor-arg value="http://tempuri.org/policy"/>
<constructor-arg value="OneWay"/>
</bean>
</list>
</constructor-arg>
</bean>
which will tell the runtime to automatically assert those assertions.
Dan
On Tuesday, November 22, 2011 9:35:14 AM pep25abril wrote:
> Hi guys,
>
> I've generated with wsdl2java, a client to invoke a webservice placed in an
> Oracle OSB. The WSDL definition, has ws-security properties, and it uses
> standard assertions (<wsp:Policy>, <wsp:UsingPolicy>, ...) and others that
> are generated automatically like <WL5G3N0:binding>.
>
> Once I execute my client in order to invoke the server, I always get the
> error:
> Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy
> alternatives can be satisfied.
>
> I've been seeing forums and others, and finally I've included a
> policyinterceptor in order to assert the policies, as it's said in
> http://cxf.547215.n5.nabble.com/Adding-custom-ws-policy-assertions-td558439.
> html .
>
> The problem is that when I get the message in handler method, when I execute
> 'aim = message.get(AssertionInfoMap.class);', aim always gets null value...
> so I can't assert any policy later.
>
> I think I have used almost all the alternatives I have seen in docs, apache
> CXF website, other forums, etc. without succes. Would you have any idea or
> suggestion about this?
>
> Thanks,
>
> Pep
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Getting-error-None-of-the-policy-alternativ
> es-can-be-satisfied-and-no-possibilities-to-solve-it-tp5014166p5014166.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
Re: Getting error 'None of the policy alternatives can be
satisfied.' and no possibilities to solve it
Posted by schitale <sa...@yahoo.com>.
This post is slightly old, but still. I ran into this issue and had hard
time. Finally I was able to get this sucker working by removing cxf-bundle
jar and replacing it with cxf-bundle-jaxrs along with cxf wss4j security
jar.
I'm not sure why cxf bundle jar is throwing this exception but combination
of other 2 jars is not.
--
View this message in context: http://cxf.547215.n5.nabble.com/Getting-error-None-of-the-policy-alternatives-can-be-satisfied-and-no-possibilities-to-solve-it-tp5014166p5709846.html
Sent from the cxf-user mailing list archive at Nabble.com.