You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Christophe Domas <ch...@gmail.com> on 2014/03/03 15:56:06 UTC
Re: dynamic ws-policy in message context -> java.lang.ClassCastException:
org.apache.neethi.builders.PrimitiveAssertion cannot be cast to org.apache.cxf.ws.security.policy.model.UsernameToken
Hi,
Thanks for your response and sorry for delay, I was in holidays.
> As far as I remember, POLICY_OVERRIDE is completely supported only in
2.5.2.
I've just test with JBoss EAP 6.1 (that use CXF 2.6.6) and got same
ClassCastException.
> Your error message says that UsernameToken assertion was not created by
CXF UsernameTokenBuilder.
> Could you set breakpoint in PolicyInInterceptor and PolicyOutInterceptor
and check is your policy really applied?
I'm on client side, so I've put a beakpoint in handle(message) method of
PolicyOutInterceptor.
The neethi policy is retrieved from POLICY_OVERRIDE context property and
interceptors seems to be corrects (btw I don't understand why
UserNameTokenInterceptor appears twice):
org.apache.cxf.ws.security.policy.interceptors.SecurityVerificationOutInterceptor@414b33
org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor@1f9f6a4
org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor@1afc999
but assertions list contains only the one of neethi policy:
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens->
org.apache.neethi.builders.PolicyContainingPrimitiveAssertion
It is this assertion that cannot be casted to Token.
I attached the log file with FINEST level.
Thanks
2014-02-22 17:06 GMT+01:00 Andrei Shakirin <as...@talend.com>:
> Hi,
>
> As far as I remember, POLICY_OVERRIDE is completely supported only in
> 2.5.2. Before this version the property was not checked for some of chains
> (server in).
> Your error message says that UsernameToken assertion was not created by
> CXF UsernameTokenBuilder.
> Could you set breakpoint in PolicyInInterceptor and PolicyOutInterceptor
> and check is your policy really applied?
>
> Regards,
> Andrei.
>
> > -----Original Message-----
> > From: Christophe Domas [mailto:christophe.domas@gmail.com]
> > Sent: Freitag, 21. Februar 2014 16:41
> > To: users@cxf.apache.org
> > Subject: dynamic ws-policy in message context ->
> java.lang.ClassCastException:
> > org.apache.neethi.builders.PrimitiveAssertion cannot be cast to
> > org.apache.cxf.ws.security.policy.model.UsernameToken
> >
> > Hi,
> >
> > I'm developing a SOAP web service *client* hosted in jboss EAP 6.0.1 (CXF
> > 2.4.6).
> >
> > The service side needs a UserNameToken header but no policy have been
> > declared in wsdl.
> >
> > I played with WSS4JOutInterceptor but it is a little bit intrusive.
> > I didn't found any cxf jax-ws handler for wss4j so I started to try to
> add this
> > header with ws-policy.
> >
> > If I modify the wsdl to add the policy, it works:
> >
> > - declare the policy in wsdl:
> >
> > <wsp:Policy wsu:Id="UsernameToken" xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
> > 1.0.xsd
> > "
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:sp="
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SupportingTokens>
> > <wsp:Policy>
> > <sp:UsernameToken
> > sp:IncludeToken="
> > http://docs.oasis-open.org/ws-sx/ws-
> > securitypolicy/200702/IncludeToken/AlwaysToRecipient"
> > />
> > </wsp:Policy>
> > </sp:SupportingTokens>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> >
> >
> > - use the policy in the same wsdl:
> >
> > <wsdl:binding name="TestServiceSOAP" type="tns:TestService">
> > <wsp:PolicyReference xmlns:wsp="
> > http://schemas.xmlsoap.org/ws/2004/09/policy" URI="#UsernameToken" />
> > <soap:binding style="document" transport="
> > http://schemas.xmlsoap.org/soap/http" />
> > <wsdl:operation name="sayHello">
> >
> >
> > - result is what I expect:
> >
> > <soap:Envelope
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wss
> > e:Security
> > soap:mustUnderstand="1" xmlns:wsse="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-
> > 1.0.xsd"><wsse:UsernameToken
> > xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
> > 1.0.xsd"
> > wsu:Id="UsernameToken-
> > 1"><wsse:Username>testUserName</wsse:Username><wsse:Password
> > Type="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-
> > profile-
> > 1.0#PasswordText">testPassword</wsse:Password></wsse:UsernameToken></
> > wsse:Security></soap:Header><soap:Body><ns2:sayHello
> > xmlns:ns2="http://www.natixis.com/midsav/wsdl/TestService/
> > "><message>hello</message></ns2:sayHello></soap:Body></soap:Envelope>
> >
> >
> > But in real life, I cannot modify the wsdl because I'm on client side.
> > So I tried to dynamically add the the policy as shortly described in
> > http://cxf.apache.org/using-ws-policy-in-cxf-projects.html
> >
> > I put the xml ws-policy in a file, load it with neethi and passed the
> policy to CXF
> > stack with PolicyConstants.POLICY_OVERRIDE:
> >
> > @WebServiceRef
> > private TestServiceClient testService;
> >
> > public String testWs() {
> >
> > TestService port = testService.getTestServiceSOAP();
> >
> > // load token policy
> > InputStream inputStream =
> >
> >
> Thread.currentThread().getContextClassLoader().getResourceAsStream("userna
> > me-token-ws-policy.xml");
> > Policy wsSecuritypolicy = new
> > PolicyBuilder().getPolicy(inputStream);
> >
> > Map<String, Object> requestContext = ((BindingProvider)
> > port).getRequestContext();
> > requestContext.put(SecurityConstants.USERNAME, "testUserName");
> > requestContext.put(SecurityConstants.PASSWORD, "testPassword");
> > requestContext.put(PolicyConstants.POLICY_OVERRIDE,
> > wsSecuritypolicy);
> >
> > return port.sayHello("hello");
> >
> > The policy seems to be well charged by the policy interceptor but it
> generate a
> > ClassCastException:
> >
> > Caused by: java.lang.ClassCastException:
> > org.apache.neethi.builders.PrimitiveAssertion cannot be cast to
> > org.apache.cxf.ws.security.policy.model.UsernameToken
> > at
> > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.assertUsernameT
> > okens(UsernameTokenInterceptor.java:245)
> > [cxf-rt-ws-security-2.4.9-redhat-2.jar:2.4.9-redhat-2]
> > at
> > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addUsernameTok
> > en(UsernameTokenInterceptor.java:264)
> > [cxf-rt-ws-security-2.4.9-redhat-2.jar:2.4.9-redhat-2]
> > at
> > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(U
> > sernameTokenInterceptor.java:112)
> > [cxf-rt-ws-security-2.4.9-redhat-2.jar:2.4.9-redhat-2]
> > at
> > org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(U
> > sernameTokenInterceptor.java:76)
> > [cxf-rt-ws-security-2.4.9-redhat-2.jar:2.4.9-redhat-2]
> > at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> > n.java:263)
> > [cxf-api-2.4.9-redhat-2.jar:2.4.9-redhat-2]
> > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> > [cxf-rt-core-2.4.9-redhat-2.jar:2.4.9-redhat-2]
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:461)
> > [cxf-rt-core-2.4.9-redhat-2.jar:2.4.9-redhat-2]
> >
> >
> > The cast is made on made on UsernameTokenInterceptor:
> >
> > private UsernameToken assertUsernameTokens(SoapMessage message,
> > WSUsernameTokenPrincipal princ) {
> > AssertionInfoMap aim = message.get(AssertionInfoMap.class);
> > Collection<AssertionInfo> ais =
> > aim.getAssertionInfo(SP12Constants.USERNAME_TOKEN);
> > UsernameToken tok = null;
> > for (AssertionInfo ai : ais) {
> > *tok = (UsernameToken)ai.getAssertion(); <- cast*
> >
> > The ai.getAssesrtion() returns a
> > org.apache.neethi.builders.PrimitiveAssertion instead of
> > org.apache.cxf.ws.security.policy.model.UsernameToken.
> >
> > What I have done wrong? I search a lot for samples with
> > PolicyConstants.POLICY_OVERRIDE but did not find anything.
> >
> > Best regards,
> >
> > Christophe
>