You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Kirill Sokolov (JIRA)" <ji...@apache.org> on 2013/10/14 17:07:42 UTC
[jira] [Updated] (CXF-5335) Incorrect handle of ws-policy 1.1
(Incorrect inclusion value: null)
[ https://issues.apache.org/jira/browse/CXF-5335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kirill Sokolov updated CXF-5335:
--------------------------------
Description:
I created of JAX-WS client for working with "third-party" web service.
Web service provides the WSDL with ws-policy settings:
{code:xml}
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
{code}
During of the client execution I got next exception:
{code:java}
org.apache.cxf.binding.soap.SoapFault: Incorrect inclusion value: null
Caused by: java.lang.RuntimeException: Incorrect inclusion value: null
at org.apache.cxf.ws.security.policy.model.Token.setInclusion(Token.java:70)
at org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:69)
at org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:40)
at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
. . .
{code}
After examining the documentation for WS-Policy specification v.1.1, I found a difference in the list of X.509 token inclusions. Specification Errata contains token inclusion as in WSDL: <...>/AlwaysToInitiator. "Base" specification is not contains of that inclusion.
CXF implementation of ws-policy 1.1 is not contains the constant for "Errata" version of the specification (i.e. not contains constant for http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator) and as result the code throw RuntimeException.
In runtime after executing the method from class org.apache.cxf.ws.security.policy.SP11Constants:
{code:java}
public IncludeTokenType getInclusionFromAttributeValue(String value) {
if (INCLUDE_ALWAYS.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_ALWAYS;
} else if (INCLUDE_ALWAYS_TO_RECIPIENT.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT;
} else if (INCLUDE_NEVER.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_NEVER;
} else if (INCLUDE_ONCE.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_ONCE;
}
return StringUtils.isEmpty(value) ? IncludeTokenType.INCLUDE_TOKEN_ALWAYS : null;
}
{code}
return result is NULL and next code from class org.apache.cxf.ws.security.policy.model.Token:
{code:java}
public void setInclusion(IncludeTokenType inclusion) {
if (IncludeTokenType.INCLUDE_TOKEN_ALWAYS == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_NEVER == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_ONCE == inclusion) {
this.inclusion = inclusion;
} else {
// TODO replace this with a proper (WSSPolicyException) exception
throw new RuntimeException("Incorrect inclusion value: " + inclusion);
}
}
{code}
throws of RuntimeException...
Please help me solve this problem!
was:
I created of JAX-WS client for working with "third-party" web service.
Web service provides the WSDL with ws-policy settings:
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
During of the client execution I got next exception:
org.apache.cxf.binding.soap.SoapFault: Incorrect inclusion value: null
Caused by: java.lang.RuntimeException: Incorrect inclusion value: null
at org.apache.cxf.ws.security.policy.model.Token.setInclusion(Token.java:70)
at org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:69)
at org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:40)
at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
. . .
After examining the documentation for WS-Policy specification v.1.1, I found a difference in the list of X.509 token inclusions. Specification Errata contains token inclusion as in WSDL: <...>/AlwaysToInitiator. "Base" specification is not contains of that inclusion.
CXF implementation of ws-policy 1.1 is not contains the constant for "Errata" version of the specification (i.e. not contains constant for http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator) and as result the code throw RuntimeException.
In runtime after executing the method from class org.apache.cxf.ws.security.policy.SP11Constants:
public IncludeTokenType getInclusionFromAttributeValue(String value) {
if (INCLUDE_ALWAYS.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_ALWAYS;
} else if (INCLUDE_ALWAYS_TO_RECIPIENT.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT;
} else if (INCLUDE_NEVER.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_NEVER;
} else if (INCLUDE_ONCE.equals(value)) {
return IncludeTokenType.INCLUDE_TOKEN_ONCE;
}
return StringUtils.isEmpty(value) ? IncludeTokenType.INCLUDE_TOKEN_ALWAYS : null;
}
return result is NULL and next code from class org.apache.cxf.ws.security.policy.model.Token:
public void setInclusion(IncludeTokenType inclusion) {
if (IncludeTokenType.INCLUDE_TOKEN_ALWAYS == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_NEVER == inclusion
|| IncludeTokenType.INCLUDE_TOKEN_ONCE == inclusion) {
this.inclusion = inclusion;
} else {
// TODO replace this with a proper (WSSPolicyException) exception
throw new RuntimeException("Incorrect inclusion value: " + inclusion);
}
}
throws of RuntimeException...
Please help me solve this problem!
> Incorrect handle of ws-policy 1.1 (Incorrect inclusion value: null)
> -------------------------------------------------------------------
>
> Key: CXF-5335
> URL: https://issues.apache.org/jira/browse/CXF-5335
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.7.6
> Reporter: Kirill Sokolov
>
> I created of JAX-WS client for working with "third-party" web service.
> Web service provides the WSDL with ws-policy settings:
> {code:xml}
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> {code}
> During of the client execution I got next exception:
> {code:java}
> org.apache.cxf.binding.soap.SoapFault: Incorrect inclusion value: null
> Caused by: java.lang.RuntimeException: Incorrect inclusion value: null
> at org.apache.cxf.ws.security.policy.model.Token.setInclusion(Token.java:70)
> at org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:69)
> at org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:40)
> at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
> at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
> at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
> at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
> at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
> . . .
> {code}
> After examining the documentation for WS-Policy specification v.1.1, I found a difference in the list of X.509 token inclusions. Specification Errata contains token inclusion as in WSDL: <...>/AlwaysToInitiator. "Base" specification is not contains of that inclusion.
> CXF implementation of ws-policy 1.1 is not contains the constant for "Errata" version of the specification (i.e. not contains constant for http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator) and as result the code throw RuntimeException.
> In runtime after executing the method from class org.apache.cxf.ws.security.policy.SP11Constants:
> {code:java}
> public IncludeTokenType getInclusionFromAttributeValue(String value) {
>
> if (INCLUDE_ALWAYS.equals(value)) {
> return IncludeTokenType.INCLUDE_TOKEN_ALWAYS;
> } else if (INCLUDE_ALWAYS_TO_RECIPIENT.equals(value)) {
> return IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT;
> } else if (INCLUDE_NEVER.equals(value)) {
> return IncludeTokenType.INCLUDE_TOKEN_NEVER;
> } else if (INCLUDE_ONCE.equals(value)) {
> return IncludeTokenType.INCLUDE_TOKEN_ONCE;
> }
> return StringUtils.isEmpty(value) ? IncludeTokenType.INCLUDE_TOKEN_ALWAYS : null;
> }
> {code}
> return result is NULL and next code from class org.apache.cxf.ws.security.policy.model.Token:
> {code:java}
> public void setInclusion(IncludeTokenType inclusion) {
> if (IncludeTokenType.INCLUDE_TOKEN_ALWAYS == inclusion
> || IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == inclusion
> || IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR == inclusion
> || IncludeTokenType.INCLUDE_TOKEN_NEVER == inclusion
> || IncludeTokenType.INCLUDE_TOKEN_ONCE == inclusion) {
> this.inclusion = inclusion;
> } else {
> // TODO replace this with a proper (WSSPolicyException) exception
> throw new RuntimeException("Incorrect inclusion value: " + inclusion);
> }
> }
> {code}
> throws of RuntimeException...
> Please help me solve this problem!
--
This message was sent by Atlassian JIRA
(v6.1#6144)