You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Atkins <at...@gmail.com> on 2014/10/28 20:46:45 UTC
cxf ws-policy handling
Hi All,
I have some problem in soap wsse. There is some binding ws security in my wsdl. And It seems it is all standard policy by oasis. I also set up the correct password callback and keystore. But I will got some the Assertion Builder error message by cxf-rt-ws-policy. How can I solve this problem? Sorry for this newbie question.
PS. This is a standalone test app, not AP server container or on spring framework.
Thanks in advance.
Atkins
wsdl policy part:
<wsp:UsingPolicy wssutil:Required="true”/>
<wsp:Policy wssutil:Id=“ID1">
<ns1:SignedParts xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512">
<ns1:Body/>
</ns1:SignedParts>
</wsp:Policy>
<wsp:Policy wssutil:Id=“ID2">
<ns2:AsymmetricBinding xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512">
<wsp:Policy>
<ns2:InitiatorToken>
<wsp:Policy>
<ns2:X509Token ns2:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<ns2:WssX509V3Token11/>
</wsp:Policy>
</ns2:X509Token>
</wsp:Policy>
</ns2:InitiatorToken>
<ns2:RecipientToken>
<wsp:Policy>
<ns2:X509Token ns2:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToInitiator">
<wsp:Policy>
<ns2:WssX509V3Token11/>
</wsp:Policy>
</ns2:X509Token>
</wsp:Policy>
</ns2:RecipientToken>
<ns2:AlgorithmSuite>
<wsp:Policy>
<ns2:Basic256/>
</wsp:Policy>
</ns2:AlgorithmSuite>
<ns2:Layout>
<wsp:Policy>
<ns2:Lax/>
</wsp:Policy>
</ns2:Layout>
<ns2:IncludeTimestamp/>
<ns2:ProtectTokens/>
<ns2:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</ns2:AsymmetricBinding>
<ns3:Wss11 xmlns:ns3="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512">
<wsp:Policy>
<ns3:MustSupportRefKeyIdentifier/>
<ns3:MustSupportRefIssuerSerial/>
<ns3:MustSupportRefThumbprint/>
<ns3:MustSupportRefEncryptedKey/>
<ns3:RequireSignatureConfirmation/>
</wsp:Policy>
</ns3:Wss11>
</wsp:Policy>
Re: cxf ws-policy handling
Posted by Colm O hEigeartaigh <co...@apache.org>.
What is the error stacktrace? What does the complete WSDL look like?
Colm.
On Tue, Oct 28, 2014 at 7:46 PM, Atkins <at...@gmail.com> wrote:
> Hi All,
>
> I have some problem in soap wsse. There is some binding ws security in my
> wsdl. And It seems it is all standard policy by oasis. I also set up the
> correct password callback and keystore. But I will got some the Assertion
> Builder error message by cxf-rt-ws-policy. How can I solve this problem?
> Sorry for this newbie question.
>
> PS. This is a standalone test app, not AP server container or on spring
> framework.
> Thanks in advance.
>
> Atkins
>
> wsdl policy part:
>
>
> <wsp:UsingPolicy wssutil:Required="true”/>
> <wsp:Policy wssutil:Id=“ID1">
> <ns1:SignedParts xmlns:ns1="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512">
> <ns1:Body/>
> </ns1:SignedParts>
> </wsp:Policy>
> <wsp:Policy wssutil:Id=“ID2">
> <ns2:AsymmetricBinding xmlns:ns2="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512">
> <wsp:Policy>
> <ns2:InitiatorToken>
> <wsp:Policy>
> <ns2:X509Token ns2:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
> <ns2:WssX509V3Token11/>
> </wsp:Policy>
> </ns2:X509Token>
> </wsp:Policy>
> </ns2:InitiatorToken>
> <ns2:RecipientToken>
> <wsp:Policy>
> <ns2:X509Token ns2:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToInitiator
> ">
> <wsp:Policy>
> <ns2:WssX509V3Token11/>
> </wsp:Policy>
> </ns2:X509Token>
> </wsp:Policy>
> </ns2:RecipientToken>
> <ns2:AlgorithmSuite>
> <wsp:Policy>
> <ns2:Basic256/>
> </wsp:Policy>
> </ns2:AlgorithmSuite>
> <ns2:Layout>
> <wsp:Policy>
> <ns2:Lax/>
> </wsp:Policy>
> </ns2:Layout>
> <ns2:IncludeTimestamp/>
> <ns2:ProtectTokens/>
> <ns2:OnlySignEntireHeadersAndBody/>
> </wsp:Policy>
> </ns2:AsymmetricBinding>
> <ns3:Wss11 xmlns:ns3="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512">
> <wsp:Policy>
> <ns3:MustSupportRefKeyIdentifier/>
> <ns3:MustSupportRefIssuerSerial/>
> <ns3:MustSupportRefThumbprint/>
> <ns3:MustSupportRefEncryptedKey/>
> <ns3:RequireSignatureConfirmation/>
> </wsp:Policy>
> </ns3:Wss11>
> </wsp:Policy>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com