You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by r....@pantheon-automatisering.nl on 2013/08/01 08:06:44 UTC
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not
be satisfied:
Dear CXF Support,
First, I am a newbie with CXF. I am writing a CXF client to interact with
the government. I am able to send a message. But when I receive the
response my client crashes.
Below is the stacktrace. I'm using CXF 2.7.6. I am using Java 1.6.45. If
you need more info, please let me know as I don't exactly know what info
you need to help me.
Please help me, I'm stuck.
Ralph Keegstra
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}AsymmetricBinding
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
{http://www.w3.org/2007/05/addressing/metadata}Anonymous
{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
}OptimizedMimeSerialization
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedElements
AnonymousResponses
at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
AssertionInfoMap.java:179)
at
org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
PolicyVerificationInInterceptor.java:101)
at
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
AbstractPolicyInterceptor.java:44)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
PhaseInterceptorChain.java:271)
at org.apache.cxf.endpoint.ClientImpl.onMessage(
ClientImpl.java:800)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
HTTPConduit.java:1592)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
HTTPConduit.java:1490)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
HTTPConduit.java:1309)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
CacheAndWriteOutputStream.java:50)
at org.apache.cxf.io.CachedOutputStream.close(
CachedOutputStream.java:223)
at org.apache.cxf.transport.AbstractConduit.close(
AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(
HTTPConduit.java:622)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
PhaseInterceptorChain.java:271)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at org.apache.cxf.frontend.ClientProxy.invokeSync(
ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
JaxWsClientProxy.java:133)
at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
at nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These
policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}AsymmetricBinding
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
{http://www.w3.org/2007/05/addressing/metadata}Anonymous
{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
}OptimizedMimeSerialization
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedElements
AnonymousResponses
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
JaxWsClientProxy.java:155)
at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
at nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}AsymmetricBinding
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
{http://www.w3.org/2007/05/addressing/metadata}Anonymous
{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
}OptimizedMimeSerialization
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedElements
AnonymousResponses
at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
AssertionInfoMap.java:179)
at
org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
PolicyVerificationInInterceptor.java:101)
at
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
AbstractPolicyInterceptor.java:44)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
PhaseInterceptorChain.java:271)
at org.apache.cxf.endpoint.ClientImpl.onMessage(
ClientImpl.java:800)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
HTTPConduit.java:1592)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
HTTPConduit.java:1490)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
HTTPConduit.java:1309)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
CacheAndWriteOutputStream.java:50)
at org.apache.cxf.io.CachedOutputStream.close(
CachedOutputStream.java:223)
at org.apache.cxf.transport.AbstractConduit.close(
AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(
HTTPConduit.java:622)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
PhaseInterceptorChain.java:271)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at org.apache.cxf.frontend.ClientProxy.invokeSync(
ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
JaxWsClientProxy.java:133)
... 3 more
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Hi and thanx so far!
You probably wanted to see the next piece of the wsdl:
<wsp:Policy wsu:Id="X509EndpointPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToInitiator
">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Rsa15/>
<sp:Basic256Rsa15/>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:IncludeTimestamp/>
<sp:EncryptBeforeSigning/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<wsam:Addressing>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<wsam:Anonymous>required</wsam:Anonymous>
</wsp:All>
<wsp:All>
<AnonymousResponses/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsam:Addressing>
<mtom:OptimizedMimeSerialization
wsp:Optional="true"/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="SecureMessagePolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="
http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="
http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:SignedElements>
<sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'
and
local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'
and
local-name()='Header']/*[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
and
local-name()='Security']/*[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
and local-name()='Timestamp']</sp:XPath>
<sp:XPath>/*[namespace-uri()='http://www.w3.org/2003/05/soap-envelope'
and
local-name()='Envelope']/*[namespace-uri()='http://www.w3.org/2003/05/soap-envelope'
and
local-name()='Header']/*[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
and
local-name()='Security']/*[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
and local-name()='Timestamp']</sp:XPath>
</sp:SignedElements>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsdl:definitions>
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
01-08-2013 10:09
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
Hi,
It looks like the service is processing the CXF request correctly, but is
not returning a response that complies with the security policy, and the
client is throwing an exception. It's impossible to find out without
seeing
the security policy though. It should be in the WSDL file referenced in
the
log, if you could attach it:
file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
Bedrijven_v1.2_preprod.wsdl"
Colm.
On Thu, Aug 1, 2013 at 8:53 AM,
<r....@pantheon-automatisering.nl>wrote:
> Dear Colm,
>
> Sorry i didn't see your previous response. Because of my great e-mail
> client (Notus ;) ) I wasn't properly connected to the mailinglist,
> apologies for the inconvenience.
> I don't know how to get the security policy of the service.
> I added the message I send to the server. (I've removed the
SecurityToken
> for security reasons).
> The message I received is the text I copied from the log. I also added
the
> logging I get at the moment.
>
> Ralph
>
>
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To:
"users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not
> be satisfied:
> ------------------------------
>
>
>
> Did you not see my previous response? We need to see the security policy
of
> the service, the request message + the response message to be able to
help
> you.
>
> Colm.
>
>
> On Thu, Aug 1, 2013 at 7:06 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Dear CXF Support,
> >
> > First, I am a newbie with CXF. I am writing a CXF client to interact
with
> > the government. I am able to send a message. But when I receive the
> > response my client crashes.
> > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java 1.6.45.
If
> > you need more info, please let me know as I don't exactly know what
info
> > you need to help me.
> > Please help me, I'm stuck.
> >
> > Ralph Keegstra
> >
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> > not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > {
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements
> > AnonymousResponses
> > at
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > AssertionInfoMap.java:179)
> > at
> > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > PolicyVerificationInInterceptor.java:101)
> > at
> > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > AbstractPolicyInterceptor.java:44)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > ClientImpl.java:800)
> > at
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > HTTPConduit.java:1592)
> > at
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > HTTPConduit.java:1490)
> > at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > HTTPConduit.java:1309)
> > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > CacheAndWriteOutputStream.java:50)
> > at org.apache.cxf.io.CachedOutputStream.close(
> > CachedOutputStream.java:223)
> > at org.apache.cxf.transport.AbstractConduit.close(
> > AbstractConduit.java:56)
> > at org.apache.cxf.transport.http.HTTPConduit.close(
> > HTTPConduit.java:622)
> > at
> >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > MessageSenderInterceptor.java:62)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > )
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > ClientProxy.java:96)
> > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > JaxWsClientProxy.java:133)
> > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > at
nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These
> > policy alternatives can not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > {
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements
> > AnonymousResponses
> > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > JaxWsClientProxy.java:155)
> > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > at
nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives can not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > {
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements
> > AnonymousResponses
> > at
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > AssertionInfoMap.java:179)
> > at
> > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > PolicyVerificationInInterceptor.java:101)
> > at
> > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > AbstractPolicyInterceptor.java:44)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > ClientImpl.java:800)
> > at
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > HTTPConduit.java:1592)
> > at
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > HTTPConduit.java:1490)
> > at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > HTTPConduit.java:1309)
> > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > CacheAndWriteOutputStream.java:50)
> > at org.apache.cxf.io.CachedOutputStream.close(
> > CachedOutputStream.java:223)
> > at org.apache.cxf.transport.AbstractConduit.close(
> > AbstractConduit.java:56)
> > at org.apache.cxf.transport.http.HTTPConduit.close(
> > HTTPConduit.java:622)
> > at
> >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > MessageSenderInterceptor.java:62)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > )
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > ClientProxy.java:96)
> > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > JaxWsClientProxy.java:133)
> > ... 3 more
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Hi Colm,
It works!!!
Thank you very much for you're effort!
Adding wsam: works. I've send an e-mail to the maintainers of the WSDL
with the remarks. But my client is working!
Many thanks,
Ralph
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
15-08-2013 11:19
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
I believe there are two problems with your WSDL policy:
1) There is no such policy "{http://www.w3.org/2007/05/addressing/metadata
}Anonymous" defined in the specification:
http://www.w3.org/TR/ws-addr-metadata/
2) You do not have a "wsam:" prefix before the "AnonymousResponses"
policy.
The spec does have some examples where "AnonymousResponses" are given with
no prefix, but as I don't see a default namespace I believe this to be
incorrect.
So I would try adding "wsam:" before "AnonymousResponses" in your WSDL and
see if it works.
Colm.
On Wed, Aug 14, 2013 at 4:24 PM,
<r....@pantheon-automatisering.nl>wrote:
> Hi Colm,
>
> Thanx for looking into this problem!
> As I can't change the WSDL (only by hand of course but, the WSDL is
> defined by the government). I rebuild my client with snapshot
> '2.7.7-SNAPSHOT-1513735' (the zip
apache-cxf-2.7.7-20130814.064938-25.zip
> (sorry I develop with windows!?!?!)). I can now succesfully send a
> message!! So that works.
> I get a reaction from the server and when I look in the SOAP message I
> receive it says that the message I send is ok, but...
>
> But I'm getting an old problem back.
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not be satisfied:
> {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization
> AnonymousResponses
>
> I attached the log as txt.
>
> Is this a settings problem or is there something else?
>
> Ralph
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To:
"users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 13-08-2013 16:46 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not
> be satisfied:
> ------------------------------
>
>
>
> There is a bug in CXF where it doesn't sign anything when you are using
an
> AsymmetricBinding policy + EncryptBeforeSigning + no
> EncryptedParts/EncryptedElements policies. I have fixed it here:
>
> https://issues.apache.org/jira/browse/CXF-5199
>
> So to go further, you could either remove the "EncryptBeforeSigning"
policy
> from the WSDL, or else download the latest SNAPSHOT once it has deployed
> via the Jenkins build.
>
> Colm.
>
>
> On Mon, Aug 12, 2013 at 9:06 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Sorry, now with attached log.
> >
> >
> >
> >
> > From: Colm O hEigeartaigh <co...@apache.org> To: "
> users@cxf.apache.org"
> > <us...@cxf.apache.org> Date: 09-08-2013 17:33 Subject: Re:
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> not
> > be satisfied:
> > ------------------------------
> >
> >
> >
> > Yes, you can set all of the parameters for WS-SecurityPolicy in Java.
All
> > of the configuration tags are in the "SecurityConstants" class - it's
> just
> > a matter of setting them on the outbound message context. For example,
> one
> > of the following tests sets the user for a UsernameToken in this way:
> >
> >
> >
>
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
> >
> > URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl");
> > Service service = Service.create(wsdl, SERVICE_QNAME);
> > QName portQName = new QName(NAMESPACE,
"DoubleItPlaintextPrincipalPort");
> > DoubleItPortType utPort = service.getPort(portQName,
> > DoubleItPortType.class);
> >
> >
>
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
> > "Alice");
> >
> > Colm.
> >
> >
> > On Fri, Aug 9, 2013 at 9:56 AM, <r.keegstra@pantheon-automatisering.nl
> > >wrote:
> >
> > > Hi Colm,
> > >
> > > To get my client working with the config I tried a lot of things,
but I
> > > did’n succeed so far, the message didn’t get signed. But I have an
> other
> > > question. Is it possible to set these parameters in Java? I can’t
find
> > any
> > > example that sets this runtime.
> > > For our application these settings will be given runtime, so I need
to
> > set
> > > them runtime. Is is also posible to set the keystore runtime?
> > >
> > > Thanks for your input in advance!
> > > Ralph Keegstra
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 16:01
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > When you have a WS-SecurityPolicy, you should not use either the
> > > WSS4JOutInterceptor or WSS4JInInterceptor. CXF will take care of all
of
> > > the
> > > configuration, providing you supply it with the (e.g) Crypto
property
> > > configuration and a CallbackHandler, username, etc. Please take a
look
> at
> > > the link I posted in my last reply - that configuration works for
the
> > > client for both outbound + inbound.
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Aug 2, 2013 at 2:51 PM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > OK thank you very much!
> > > > I'm getting a little further, but I think I'm running against a
> problem
> > > I
> > > > had/made before. But now I get the following error:
> > > >
> > > > org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> can
> > > > not be satisfied:
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding: Received Timestamp does not match the
> requirements
> > > >
> > > > Which doesn't supprise me. Earlier in the development proces I had
> the
> > > > problem that I couldn't sign the timestamp. For the outgoing
message
> > I'm
> > > > using the following:
> > > > 1 Map<String, Object> outProps = new HashMap<String, Object>();
> > > > 2 outProps.put(WSHandlerConstants.ACTION,
> > > WSHandlerConstants.TIMESTAMP
> > > > + " " + WSHandlerConstants.SIGNATURE);
> > > > 3 //outProps.put(WSHandlerConstants.ACTION,
> > > > WSHandlerConstants.SIGNATURE);
> > > > 4 bindingProvider.getRequestContext().put("password", "xxxxx");
> > > > 5 outProps.put(WSHandlerConstants.USER, "xxxxxxxxx");
> > > > 6 outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > > "client_sign.properties");
> > > > 7 outProps.put(WSHandlerConstants.SIG_KEY_ID,
"DirectReference");
> > > > 8 outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{
> > > > http://www.w3.org/2005/08/addressing}Action;"
> > > > 9 + "{Element}{
> > > > http://www.w3.org/2005/08/addressing}MessageID;"
> > > > 10 + "{Element}{
> > > > http://www.w3.org/2005/08/addressing}To;"
> > > > 11 + "{Element}{
> > > > http://www.w3.org/2005/08/addressing}ReplyTo;"
> > > > 12 + "Body;"
> > > > 13 + "{Element}{
> > > >
> > > >
> > >
> > >
> >
>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > >
> > > > }Timestamp");
> > > >
> > > > 14 WSS4JOutInterceptor wssOut = new
WSS4JOutInterceptor(outProps);
> > > > 15 cxfEndpoint.getOutInterceptors().add(wssOut);
> > > >
> > > > The third line I commented out and in the wsdl I commented out
> > > > '<sp:IncludeTimestamp/>' (which is wrong, but I could send a
message
> so
> > > I
> > > > was happy at the moment). If I commented out line 2 I get a error
> that
> > > the
> > > > field Timestamp can not be found.
> > > >
> > > > Is this the cause of the problem above?
> > > > I tried to use PolicyBasedWSS4JOutInterceptor instead of
> > > > WSS4JOutInterceptor, but I don't know how to push the
configuration.
> > > >
> > > >
> > > >
> > > >
> > > > From:
> > > > Colm O hEigeartaigh <co...@apache.org>
> > > > To:
> > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > Date:
> > > > 02-08-2013 15:15
> > > > Subject:
> > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > > can not be satisfied:
> > > >
> > > >
> > > >
> > > > Ok your configuration is the issue. You are configuring the
> > > > WSS4JInInterceptor, which is not policy-aware. You need to
configure
> > the
> > > > PolicyBasedWSS4JInInterceptor instead. This is done automatically
for
> > > you
> > > > if the WSDL has the correct security policy, but the configuration
is
> > > done
> > > > in a slightly different way.
> > > >
> > > > For example, see the following configuration:
> > > >
> > > >
> > > >
> > >
> > >
> >
>
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
> > >
> > > >
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Fri, Aug 2, 2013 at 2:11 PM,
> > > > <r....@pantheon-automatisering.nl>wrote:
> > > >
> > > > > Map<String, Object> inProps = new HashMap<String, Object>();
> > > > > inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > > > "server_sign.properties");
> > > > > inProps.put(WSHandlerConstants.ACTION,
> > > WSHandlerConstants.TIMESTAMP
> > > > +
> > > > > " " + WSHandlerConstants.SIGNATURE);
> > > > > bindingProvider.getResponseContext().put("password",
"xxxxx");
> > > > > inProps.put(WSHandlerConstants.USER,
> > > > > "cs-bedrijven.procesinfrastructuur.nl");
> > > > >
> > > > > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > > > > cxfEndpoint.getInInterceptors().add(wssIn);
> > > > >
> > > > > --- server_sign.properties ---
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > > > org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> > > > > #org.apache.ws.security.crypto.merlin.keystore.alias=
> > > > > cs-bedrijven.procesinfrastructuur.nl
> > > > >
> org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
> > > > >
> > > > > This is how I configure WSS4JInInterceptor. I have no extra
config
> > > files
> > > > > and I prefer to set all config in the code. When the client
works I
> > > want
> > > > > to try to get rid of the server_sign.properties, I want to set
that
> > > > > dynamic.
> > > > >
> > > > > Ralph
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > From:
> > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > To:
> > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > Date:
> > > > > 02-08-2013 15:04
> > > > > Subject:
> > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can not be satisfied:
> > > > >
> > > > >
> > > > >
> > > > > As a sanity check, can I see your CXF client configuration?
> > > > > PolicyVerificationInInterceptor does run after
> > > > > PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> > > > > WSS4JInInterceptor explicilty in your configuration?
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Fri, Aug 2, 2013 at 1:26 PM,
> > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > >
> > > > > > Hi Colm,
> > > > > >
> > > > > > He doesn't reach the point you asked for. In
> > > > > > 'org.apache.cxf.ws.policy.AssertionInfoMap.java'
> > > checkEffectivePolicy
> > > > he
> > > > > > doesn't find any validated policy, the ArrayList validated is
> > empty,
> > > > the
> > > > > > ArrayList errors contains 50. He throws at line 179 an
exception
> > > (cxf
> > > > > > 2.7.6).
> > > > > > This method is called from
> > > > > > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor'
method
> > > > > handle.
> > > > > > Line 101 is the line where call is done.
> > > > > > The variable aim contains:
> > > > > > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedElements=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedElements:false], {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }RecipientToken=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }RecipientToken:false], {
> > > http://www.w3.org/2007/05/addressing/metadata
> > > > > > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > > > > > }Anonymous:false, {
http://www.w3.org/2007/05/addressing/metadata
> > > > > > }Anonymous:false], {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout:false],
> > > > > > AnonymousResponses=[AnonymousResponses:false,
> > > > AnonymousResponses:false],
> > > > > {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding:false], {
> > > > > http://www.w3.org/2007/02/addressing/metadata
> > > > > > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > > > > > }Addressing:true, {
http://www.w3.org/2007/02/addressing/metadata
> > > > > > }Addressing:true, {
http://www.w3.org/2007/02/addressing/metadata
> > > > > > }Addressing:true, {
http://www.w3.org/2007/02/addressing/metadata
> > > > > > }Addressing:true], {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }InitiatorToken=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }InitiatorToken:false], {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token:false,
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }X509Token:false], {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts:false], {
> > > > > >
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization=[{
> > > > > >
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization:false]}
> > > > > >
> > > > > > If you need to know something else, let me know!
> > > > > >
> > > > > > Ralph
> > > > > >
> > > > > >
> > > > > >
> > > > > > From:
> > > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > > To:
> > > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > > Date:
> > > > > > 02-08-2013 12:57
> > > > > > Subject:
> > > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > > can not be satisfied:
> > > > > >
> > > > > >
> > > > > >
> > > > > > Do you have access to a debugger? If so could you put a
> breakpoint
> > > in
> > > > > > PolicyBasedWSS4JInInterceptor in the doResults method and
trace
> the
> > > > > flow?
> > > > > > The problem is that some policy is getting unasserted, but I
> can't
> > > > > figure
> > > > > > out which one from the logging.
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > > On Fri, Aug 2, 2013 at 11:53 AM,
> > > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > This comes from the WSDL as it is given to me. When
generated
> > with
> > > > all
> > > > > > > three policies enabled, the first is used I believe. I just
> tried
> > > to
> > > > > > > generate with only one enabled. I tried three times (one
time
> for
> > > > > > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > > > > > TripleDesRsa15), all the same result as before.
> > > > > > > At almost the bottum of the log it says '
LogUtils.doLog(443)
> |
> > > > > > > WS-Addressing - failed to retrieve Message Addressing
> Properties
> > > > from
> > > > > > > context'.
> > > > > > > Is it possible that I need to add something to avoid this?
And
> if
> > > > yes
> > > > > > how
> > > > > > > do I do that?
> > > > > > >
> > > > > > > Ralph
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > From:
> > > > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > > > To:
> > > > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > > > Date:
> > > > > > > 02-08-2013 12:34
> > > > > > > Subject:
> > > > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > alternatives
> > > > > > > can not be satisfied:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > I'm not sure if this is the cause of the problem, but the
> > > following
> > > > > > policy
> > > > > > > is not valid:
> > > > > > >
> > > > > > > <sp:AlgorithmSuite>
> > > > > > > <wsp:Policy>
> > > > > > > <sp:Basic128Rsa15/>
> > > > > > > <sp:Basic256Rsa15/>
> > > > > > > <sp:TripleDesRsa15/>
> > > > > > > </wsp:Policy>
> > > > > > > </sp:AlgorithmSuite>
> > > > > > >
> > > > > > > The specification only allows you to specify one of the
> policies
> > > > > above.
> > > > > > >
> > > > > > > Colm.
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > > > >
> > > > > > > > Hi Colm,
> > > > > > > >
> > > > > > > > The previous message didn't contain a attachement. But in
the
> > > mean
> > > > > > time
> > > > > > > I
> > > > > > > > managed to get a better log. I will attach it as .txt
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > > > > > "users@cxf.apache.org"
> > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > > can
> > > > > > > not
> > > > > > > > be satisfied:
> > > > > > > > ------------------------------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Could you turn logging to "FINE" + attach the log? That
> should
> > > > tell
> > > > > us
> > > > > > > the
> > > > > > > > exact policy validation error(s).
> > > > > > > >
> > > > > > > > Colm.
> > > > > > > >
> > > > > > > >
> > > > > > > > On Thu, Aug 1, 2013 at 9:17 AM,
> > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > >wrote:
> > > > > > > >
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > Because the formatting was crappy an attachement.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > > users@cxf.apache.org"
> > > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject:
Re:
> > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > alternatives
> > > > > > > can
> > > > > > > > not
> > > > > > > > > be satisfied:
> > > > > > > > > ------------------------------
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > It looks like the service is processing the CXF request
> > > > correctly,
> > > > > > but
> > > > > > > is
> > > > > > > > > not returning a response that complies with the security
> > > policy,
> > > > > and
> > > > > > > the
> > > > > > > > > client is throwing an exception. It's impossible to find
> out
> > > > > without
> > > > > > > > seeing
> > > > > > > > > the security policy though. It should be in the WSDL
file
> > > > > referenced
> > > > > > > in
> > > > > > > > the
> > > > > > > > > log, if you could attach it:
> > > > > > > > >
> > > > > > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > > > > > >
> > > > > > > > > Colm.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > > >wrote:
> > > > > > > > >
> > > > > > > > > > Dear Colm,
> > > > > > > > > >
> > > > > > > > > > Sorry i didn't see your previous response. Because of
my
> > > great
> > > > > > > e-mail
> > > > > > > > > > client (Notus ;) ) I wasn't properly connected to the
> > > > > mailinglist,
> > > > > > > > > > apologies for the inconvenience.
> > > > > > > > > > I don't know how to get the security policy of the
> service.
> > > > > > > > > > I added the message I send to the server. (I've
removed
> the
> > > > > > > > SecurityToken
> > > > > > > > > > for security reasons).
> > > > > > > > > > The message I received is the text I copied from the
> log. I
> > > > also
> > > > > > > added
> > > > > > > > > the
> > > > > > > > > > logging I get at the moment.
> > > > > > > > > >
> > > > > > > > > > Ralph
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > > > users@cxf.apache.org"
> > > > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject:
> Re:
> > > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > > alternatives
> > > > > > > can
> > > > > > > > > not
> > > > > > > > > > be satisfied:
> > > > > > > > > > ------------------------------
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Did you not see my previous response? We need to see
the
> > > > > security
> > > > > > > > policy
> > > > > > > > > of
> > > > > > > > > > the service, the request message + the response
message
> to
> > > be
> > > > > able
> > > > > > > to
> > > > > > > > > help
> > > > > > > > > > you.
> > > > > > > > > >
> > > > > > > > > > Colm.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > > > >wrote:
> > > > > > > > > >
> > > > > > > > > > > Dear CXF Support,
> > > > > > > > > > >
> > > > > > > > > > > First, I am a newbie with CXF. I am writing a CXF
> client
> > > to
> > > > > > > interact
> > > > > > > > > with
> > > > > > > > > > > the government. I am able to send a message. But
when I
> > > > > receive
> > > > > > > the
> > > > > > > > > > > response my client crashes.
> > > > > > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am
> using
> > > > Java
> > > > > > > 1.6.45.
> > > > > > > > > If
> > > > > > > > > > > you need more info, please let me know as I don't
> exactly
> > > > know
> > > > > > > what
> > > > > > > > > info
> > > > > > > > > > > you need to help me.
> > > > > > > > > > > Please help me, I'm stuck.
> > > > > > > > > > >
> > > > > > > > > > > Ralph Keegstra
> > > > > > > > > > >
> > > > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These
policy
> > > > > > > alternatives
> > > > > > > > can
> > > > > > > > > > > not be satisfied:
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }X509Token
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }InitiatorToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }RecipientToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }Layout
> > > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous
> > > > > > > > > > > {
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedParts
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }SignedElements
> > > > > > > > > > > AnonymousResponses
> > > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > >
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > > at
> org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > > > ClientImpl.java:800)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > >
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > > > at
org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > > > at
> > org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > > > at
> > > org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > > > )
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > > > at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > > > ClientProxy.java:96)
> > > > > > > > > > > at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> > > Source)
> > > > > > > > > > > at
> > > > > > > >
nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > > > at
> > > > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > > > Exception in thread "main"
> > > > > javax.xml.ws.soap.SOAPFaultException:
> > > > > > > > These
> > > > > > > > > > > policy alternatives can not be satisfied:
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }X509Token
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }InitiatorToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }RecipientToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }Layout
> > > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous
> > > > > > > > > > > {
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedParts
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }SignedElements
> > > > > > > > > > > AnonymousResponses
> > > > > > > > > > > at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > > JaxWsClientProxy.java:155)
> > > > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> > > Source)
> > > > > > > > > > > at
> > > > > > > >
nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > > > at
> > > > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException:
> > These
> > > > > > policy
> > > > > > > > > > > alternatives can not be satisfied:
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }X509Token
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }InitiatorToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }RecipientToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }Layout
> > > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous
> > > > > > > > > > > {
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedParts
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }SignedElements
> > > > > > > > > > > AnonymousResponses
> > > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > >
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > > at
> org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > > > ClientImpl.java:800)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > >
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > > > at
org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > > > at
> > org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > > > at
> > > org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > > > )
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > > > at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > > > ClientProxy.java:96)
> > > > > > > > > > > at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > > > ... 3 more
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > --
> > > > > > > > > > Colm O hEigeartaigh
> > > > > > > > > >
> > > > > > > > > > Talend Community Coder
> > > > > > > > > > http://coders.talend.com
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Colm O hEigeartaigh
> > > > > > > > >
> > > > > > > > > Talend Community Coder
> > > > > > > > > http://coders.talend.com
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Colm O hEigeartaigh
> > > > > > > >
> > > > > > > > Talend Community Coder
> > > > > > > > http://coders.talend.com
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Colm O hEigeartaigh
> > > > > > >
> > > > > > > Talend Community Coder
> > > > > > > http://coders.talend.com
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
I believe there are two problems with your WSDL policy:
1) There is no such policy "{http://www.w3.org/2007/05/addressing/metadata
}Anonymous" defined in the specification:
http://www.w3.org/TR/ws-addr-metadata/
2) You do not have a "wsam:" prefix before the "AnonymousResponses" policy.
The spec does have some examples where "AnonymousResponses" are given with
no prefix, but as I don't see a default namespace I believe this to be
incorrect.
So I would try adding "wsam:" before "AnonymousResponses" in your WSDL and
see if it works.
Colm.
On Wed, Aug 14, 2013 at 4:24 PM, <r....@pantheon-automatisering.nl>wrote:
> Hi Colm,
>
> Thanx for looking into this problem!
> As I can't change the WSDL (only by hand of course but, the WSDL is
> defined by the government). I rebuild my client with snapshot
> '2.7.7-SNAPSHOT-1513735' (the zip apache-cxf-2.7.7-20130814.064938-25.zip
> (sorry I develop with windows!?!?!)). I can now succesfully send a
> message!! So that works.
> I get a reaction from the server and when I look in the SOAP message I
> receive it says that the message I send is ok, but...
>
> But I'm getting an old problem back.
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not be satisfied:
> {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization
> AnonymousResponses
>
> I attached the log as txt.
>
> Is this a settings problem or is there something else?
>
> Ralph
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To: "users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 13-08-2013 16:46 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not
> be satisfied:
> ------------------------------
>
>
>
> There is a bug in CXF where it doesn't sign anything when you are using an
> AsymmetricBinding policy + EncryptBeforeSigning + no
> EncryptedParts/EncryptedElements policies. I have fixed it here:
>
> https://issues.apache.org/jira/browse/CXF-5199
>
> So to go further, you could either remove the "EncryptBeforeSigning" policy
> from the WSDL, or else download the latest SNAPSHOT once it has deployed
> via the Jenkins build.
>
> Colm.
>
>
> On Mon, Aug 12, 2013 at 9:06 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Sorry, now with attached log.
> >
> >
> >
> >
> > From: Colm O hEigeartaigh <co...@apache.org> To: "
> users@cxf.apache.org"
> > <us...@cxf.apache.org> Date: 09-08-2013 17:33 Subject: Re:
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not
> > be satisfied:
> > ------------------------------
> >
> >
> >
> > Yes, you can set all of the parameters for WS-SecurityPolicy in Java. All
> > of the configuration tags are in the "SecurityConstants" class - it's
> just
> > a matter of setting them on the outbound message context. For example,
> one
> > of the following tests sets the user for a UsernameToken in this way:
> >
> >
> >
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
> >
> > URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl");
> > Service service = Service.create(wsdl, SERVICE_QNAME);
> > QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort");
> > DoubleItPortType utPort = service.getPort(portQName,
> > DoubleItPortType.class);
> >
> >
> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
> > "Alice");
> >
> > Colm.
> >
> >
> > On Fri, Aug 9, 2013 at 9:56 AM, <r.keegstra@pantheon-automatisering.nl
> > >wrote:
> >
> > > Hi Colm,
> > >
> > > To get my client working with the config I tried a lot of things, but I
> > > did’n succeed so far, the message didn’t get signed. But I have an
> other
> > > question. Is it possible to set these parameters in Java? I can’t find
> > any
> > > example that sets this runtime.
> > > For our application these settings will be given runtime, so I need to
> > set
> > > them runtime. Is is also posible to set the keystore runtime?
> > >
> > > Thanks for your input in advance!
> > > Ralph Keegstra
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 16:01
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > When you have a WS-SecurityPolicy, you should not use either the
> > > WSS4JOutInterceptor or WSS4JInInterceptor. CXF will take care of all of
> > > the
> > > configuration, providing you supply it with the (e.g) Crypto property
> > > configuration and a CallbackHandler, username, etc. Please take a look
> at
> > > the link I posted in my last reply - that configuration works for the
> > > client for both outbound + inbound.
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Aug 2, 2013 at 2:51 PM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > OK thank you very much!
> > > > I'm getting a little further, but I think I'm running against a
> problem
> > > I
> > > > had/made before. But now I get the following error:
> > > >
> > > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can
> > > > not be satisfied:
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding: Received Timestamp does not match the
> requirements
> > > >
> > > > Which doesn't supprise me. Earlier in the development proces I had
> the
> > > > problem that I couldn't sign the timestamp. For the outgoing message
> > I'm
> > > > using the following:
> > > > 1 Map<String, Object> outProps = new HashMap<String, Object>();
> > > > 2 outProps.put(WSHandlerConstants.ACTION,
> > > WSHandlerConstants.TIMESTAMP
> > > > + " " + WSHandlerConstants.SIGNATURE);
> > > > 3 //outProps.put(WSHandlerConstants.ACTION,
> > > > WSHandlerConstants.SIGNATURE);
> > > > 4 bindingProvider.getRequestContext().put("password", "xxxxx");
> > > > 5 outProps.put(WSHandlerConstants.USER, "xxxxxxxxx");
> > > > 6 outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > > "client_sign.properties");
> > > > 7 outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> > > > 8 outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{
> > > > http://www.w3.org/2005/08/addressing}Action;"
> > > > 9 + "{Element}{
> > > > http://www.w3.org/2005/08/addressing}MessageID;"
> > > > 10 + "{Element}{
> > > > http://www.w3.org/2005/08/addressing}To;"
> > > > 11 + "{Element}{
> > > > http://www.w3.org/2005/08/addressing}ReplyTo;"
> > > > 12 + "Body;"
> > > > 13 + "{Element}{
> > > >
> > > >
> > >
> > >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > >
> > > > }Timestamp");
> > > >
> > > > 14 WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> > > > 15 cxfEndpoint.getOutInterceptors().add(wssOut);
> > > >
> > > > The third line I commented out and in the wsdl I commented out
> > > > '<sp:IncludeTimestamp/>' (which is wrong, but I could send a message
> so
> > > I
> > > > was happy at the moment). If I commented out line 2 I get a error
> that
> > > the
> > > > field Timestamp can not be found.
> > > >
> > > > Is this the cause of the problem above?
> > > > I tried to use PolicyBasedWSS4JOutInterceptor instead of
> > > > WSS4JOutInterceptor, but I don't know how to push the configuration.
> > > >
> > > >
> > > >
> > > >
> > > > From:
> > > > Colm O hEigeartaigh <co...@apache.org>
> > > > To:
> > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > Date:
> > > > 02-08-2013 15:15
> > > > Subject:
> > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > > can not be satisfied:
> > > >
> > > >
> > > >
> > > > Ok your configuration is the issue. You are configuring the
> > > > WSS4JInInterceptor, which is not policy-aware. You need to configure
> > the
> > > > PolicyBasedWSS4JInInterceptor instead. This is done automatically for
> > > you
> > > > if the WSDL has the correct security policy, but the configuration is
> > > done
> > > > in a slightly different way.
> > > >
> > > > For example, see the following configuration:
> > > >
> > > >
> > > >
> > >
> > >
> >
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
> > >
> > > >
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Fri, Aug 2, 2013 at 2:11 PM,
> > > > <r....@pantheon-automatisering.nl>wrote:
> > > >
> > > > > Map<String, Object> inProps = new HashMap<String, Object>();
> > > > > inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > > > "server_sign.properties");
> > > > > inProps.put(WSHandlerConstants.ACTION,
> > > WSHandlerConstants.TIMESTAMP
> > > > +
> > > > > " " + WSHandlerConstants.SIGNATURE);
> > > > > bindingProvider.getResponseContext().put("password", "xxxxx");
> > > > > inProps.put(WSHandlerConstants.USER,
> > > > > "cs-bedrijven.procesinfrastructuur.nl");
> > > > >
> > > > > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > > > > cxfEndpoint.getInInterceptors().add(wssIn);
> > > > >
> > > > > --- server_sign.properties ---
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > > > org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> > > > > #org.apache.ws.security.crypto.merlin.keystore.alias=
> > > > > cs-bedrijven.procesinfrastructuur.nl
> > > > >
> org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
> > > > >
> > > > > This is how I configure WSS4JInInterceptor. I have no extra config
> > > files
> > > > > and I prefer to set all config in the code. When the client works I
> > > want
> > > > > to try to get rid of the server_sign.properties, I want to set that
> > > > > dynamic.
> > > > >
> > > > > Ralph
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > From:
> > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > To:
> > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > Date:
> > > > > 02-08-2013 15:04
> > > > > Subject:
> > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can not be satisfied:
> > > > >
> > > > >
> > > > >
> > > > > As a sanity check, can I see your CXF client configuration?
> > > > > PolicyVerificationInInterceptor does run after
> > > > > PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> > > > > WSS4JInInterceptor explicilty in your configuration?
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Fri, Aug 2, 2013 at 1:26 PM,
> > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > >
> > > > > > Hi Colm,
> > > > > >
> > > > > > He doesn't reach the point you asked for. In
> > > > > > 'org.apache.cxf.ws.policy.AssertionInfoMap.java'
> > > checkEffectivePolicy
> > > > he
> > > > > > doesn't find any validated policy, the ArrayList validated is
> > empty,
> > > > the
> > > > > > ArrayList errors contains 50. He throws at line 179 an exception
> > > (cxf
> > > > > > 2.7.6).
> > > > > > This method is called from
> > > > > > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
> > > > > handle.
> > > > > > Line 101 is the line where call is done.
> > > > > > The variable aim contains:
> > > > > > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedElements=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedElements:false], {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }RecipientToken=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }RecipientToken:false], {
> > > http://www.w3.org/2007/05/addressing/metadata
> > > > > > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > > > > > }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> > > > > > }Anonymous:false], {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout:false],
> > > > > > AnonymousResponses=[AnonymousResponses:false,
> > > > AnonymousResponses:false],
> > > > > {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding:false], {
> > > > > http://www.w3.org/2007/02/addressing/metadata
> > > > > > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > > > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > > > }Addressing:true], {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }InitiatorToken=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }InitiatorToken:false], {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token:false,
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }X509Token:false], {
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts=[{
> > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts:false], {
> > > > > >
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization=[{
> > > > > >
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization:false]}
> > > > > >
> > > > > > If you need to know something else, let me know!
> > > > > >
> > > > > > Ralph
> > > > > >
> > > > > >
> > > > > >
> > > > > > From:
> > > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > > To:
> > > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > > Date:
> > > > > > 02-08-2013 12:57
> > > > > > Subject:
> > > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > > can not be satisfied:
> > > > > >
> > > > > >
> > > > > >
> > > > > > Do you have access to a debugger? If so could you put a
> breakpoint
> > > in
> > > > > > PolicyBasedWSS4JInInterceptor in the doResults method and trace
> the
> > > > > flow?
> > > > > > The problem is that some policy is getting unasserted, but I
> can't
> > > > > figure
> > > > > > out which one from the logging.
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > > On Fri, Aug 2, 2013 at 11:53 AM,
> > > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > This comes from the WSDL as it is given to me. When generated
> > with
> > > > all
> > > > > > > three policies enabled, the first is used I believe. I just
> tried
> > > to
> > > > > > > generate with only one enabled. I tried three times (one time
> for
> > > > > > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > > > > > TripleDesRsa15), all the same result as before.
> > > > > > > At almost the bottum of the log it says ' LogUtils.doLog(443)
> |
> > > > > > > WS-Addressing - failed to retrieve Message Addressing
> Properties
> > > > from
> > > > > > > context'.
> > > > > > > Is it possible that I need to add something to avoid this? And
> if
> > > > yes
> > > > > > how
> > > > > > > do I do that?
> > > > > > >
> > > > > > > Ralph
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > From:
> > > > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > > > To:
> > > > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > > > Date:
> > > > > > > 02-08-2013 12:34
> > > > > > > Subject:
> > > > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > alternatives
> > > > > > > can not be satisfied:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > I'm not sure if this is the cause of the problem, but the
> > > following
> > > > > > policy
> > > > > > > is not valid:
> > > > > > >
> > > > > > > <sp:AlgorithmSuite>
> > > > > > > <wsp:Policy>
> > > > > > > <sp:Basic128Rsa15/>
> > > > > > > <sp:Basic256Rsa15/>
> > > > > > > <sp:TripleDesRsa15/>
> > > > > > > </wsp:Policy>
> > > > > > > </sp:AlgorithmSuite>
> > > > > > >
> > > > > > > The specification only allows you to specify one of the
> policies
> > > > > above.
> > > > > > >
> > > > > > > Colm.
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > > > >
> > > > > > > > Hi Colm,
> > > > > > > >
> > > > > > > > The previous message didn't contain a attachement. But in the
> > > mean
> > > > > > time
> > > > > > > I
> > > > > > > > managed to get a better log. I will attach it as .txt
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > > > > > "users@cxf.apache.org"
> > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > > can
> > > > > > > not
> > > > > > > > be satisfied:
> > > > > > > > ------------------------------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Could you turn logging to "FINE" + attach the log? That
> should
> > > > tell
> > > > > us
> > > > > > > the
> > > > > > > > exact policy validation error(s).
> > > > > > > >
> > > > > > > > Colm.
> > > > > > > >
> > > > > > > >
> > > > > > > > On Thu, Aug 1, 2013 at 9:17 AM,
> > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > >wrote:
> > > > > > > >
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > Because the formatting was crappy an attachement.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > > users@cxf.apache.org"
> > > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > alternatives
> > > > > > > can
> > > > > > > > not
> > > > > > > > > be satisfied:
> > > > > > > > > ------------------------------
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > It looks like the service is processing the CXF request
> > > > correctly,
> > > > > > but
> > > > > > > is
> > > > > > > > > not returning a response that complies with the security
> > > policy,
> > > > > and
> > > > > > > the
> > > > > > > > > client is throwing an exception. It's impossible to find
> out
> > > > > without
> > > > > > > > seeing
> > > > > > > > > the security policy though. It should be in the WSDL file
> > > > > referenced
> > > > > > > in
> > > > > > > > the
> > > > > > > > > log, if you could attach it:
> > > > > > > > >
> > > > > > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > > > > > >
> > > > > > > > > Colm.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > > >wrote:
> > > > > > > > >
> > > > > > > > > > Dear Colm,
> > > > > > > > > >
> > > > > > > > > > Sorry i didn't see your previous response. Because of my
> > > great
> > > > > > > e-mail
> > > > > > > > > > client (Notus ;) ) I wasn't properly connected to the
> > > > > mailinglist,
> > > > > > > > > > apologies for the inconvenience.
> > > > > > > > > > I don't know how to get the security policy of the
> service.
> > > > > > > > > > I added the message I send to the server. (I've removed
> the
> > > > > > > > SecurityToken
> > > > > > > > > > for security reasons).
> > > > > > > > > > The message I received is the text I copied from the
> log. I
> > > > also
> > > > > > > added
> > > > > > > > > the
> > > > > > > > > > logging I get at the moment.
> > > > > > > > > >
> > > > > > > > > > Ralph
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > > > users@cxf.apache.org"
> > > > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject:
> Re:
> > > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > > alternatives
> > > > > > > can
> > > > > > > > > not
> > > > > > > > > > be satisfied:
> > > > > > > > > > ------------------------------
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Did you not see my previous response? We need to see the
> > > > > security
> > > > > > > > policy
> > > > > > > > > of
> > > > > > > > > > the service, the request message + the response message
> to
> > > be
> > > > > able
> > > > > > > to
> > > > > > > > > help
> > > > > > > > > > you.
> > > > > > > > > >
> > > > > > > > > > Colm.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > > > >wrote:
> > > > > > > > > >
> > > > > > > > > > > Dear CXF Support,
> > > > > > > > > > >
> > > > > > > > > > > First, I am a newbie with CXF. I am writing a CXF
> client
> > > to
> > > > > > > interact
> > > > > > > > > with
> > > > > > > > > > > the government. I am able to send a message. But when I
> > > > > receive
> > > > > > > the
> > > > > > > > > > > response my client crashes.
> > > > > > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am
> using
> > > > Java
> > > > > > > 1.6.45.
> > > > > > > > > If
> > > > > > > > > > > you need more info, please let me know as I don't
> exactly
> > > > know
> > > > > > > what
> > > > > > > > > info
> > > > > > > > > > > you need to help me.
> > > > > > > > > > > Please help me, I'm stuck.
> > > > > > > > > > >
> > > > > > > > > > > Ralph Keegstra
> > > > > > > > > > >
> > > > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > > > alternatives
> > > > > > > > can
> > > > > > > > > > > not be satisfied:
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }X509Token
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }InitiatorToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }RecipientToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }Layout
> > > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous
> > > > > > > > > > > {
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedParts
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }SignedElements
> > > > > > > > > > > AnonymousResponses
> > > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > > at
> org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > > > ClientImpl.java:800)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > >
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > > > at
> > org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > > > at
> > > org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > > > )
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > > > at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > > > ClientProxy.java:96)
> > > > > > > > > > > at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> > > Source)
> > > > > > > > > > > at
> > > > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > > > at
> > > > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > > > Exception in thread "main"
> > > > > javax.xml.ws.soap.SOAPFaultException:
> > > > > > > > These
> > > > > > > > > > > policy alternatives can not be satisfied:
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }X509Token
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }InitiatorToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }RecipientToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }Layout
> > > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous
> > > > > > > > > > > {
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedParts
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }SignedElements
> > > > > > > > > > > AnonymousResponses
> > > > > > > > > > > at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > > JaxWsClientProxy.java:155)
> > > > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> > > Source)
> > > > > > > > > > > at
> > > > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > > > at
> > > > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException:
> > These
> > > > > > policy
> > > > > > > > > > > alternatives can not be satisfied:
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }X509Token
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }InitiatorToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }RecipientToken
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }Layout
> > > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous
> > > > > > > > > > > {
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedParts
> > > > > > > > > > > {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }SignedElements
> > > > > > > > > > > AnonymousResponses
> > > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > > at
> org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > > > ClientImpl.java:800)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > >
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > > > at
> > org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > > > at
> > > org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > > > at
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > > > at
> > > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > > > )
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > > > at
> > > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > > > at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > > > ClientProxy.java:96)
> > > > > > > > > > > at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > > > ... 3 more
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > --
> > > > > > > > > > Colm O hEigeartaigh
> > > > > > > > > >
> > > > > > > > > > Talend Community Coder
> > > > > > > > > > http://coders.talend.com
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Colm O hEigeartaigh
> > > > > > > > >
> > > > > > > > > Talend Community Coder
> > > > > > > > > http://coders.talend.com
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Colm O hEigeartaigh
> > > > > > > >
> > > > > > > > Talend Community Coder
> > > > > > > > http://coders.talend.com
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Colm O hEigeartaigh
> > > > > > >
> > > > > > > Talend Community Coder
> > > > > > > http://coders.talend.com
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Hi Colm,
Thanx for looking into this problem!
As I can't change the WSDL (only by hand of course but, the WSDL is
defined by the government). I rebuild my client with snapshot
'2.7.7-SNAPSHOT-1513735' (the zip apache-cxf-2.7.7-20130814.064938-25.zip
(sorry I develop with windows!?!?!)). I can now succesfully send a
message!! So that works.
I get a reaction from the server and when I look in the SOAP message I
receive it says that the message I send is ok, but...
But I'm getting an old problem back.
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
{http://www.w3.org/2007/05/addressing/metadata}Anonymous
{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
}OptimizedMimeSerialization
AnonymousResponses
I attached the log as txt.
Is this a settings problem or is there something else?
Ralph
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
13-08-2013 16:46
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
There is a bug in CXF where it doesn't sign anything when you are using an
AsymmetricBinding policy + EncryptBeforeSigning + no
EncryptedParts/EncryptedElements policies. I have fixed it here:
https://issues.apache.org/jira/browse/CXF-5199
So to go further, you could either remove the "EncryptBeforeSigning"
policy
from the WSDL, or else download the latest SNAPSHOT once it has deployed
via the Jenkins build.
Colm.
On Mon, Aug 12, 2013 at 9:06 AM,
<r....@pantheon-automatisering.nl>wrote:
> Sorry, now with attached log.
>
>
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To:
"users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 09-08-2013 17:33 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not
> be satisfied:
> ------------------------------
>
>
>
> Yes, you can set all of the parameters for WS-SecurityPolicy in Java.
All
> of the configuration tags are in the "SecurityConstants" class - it's
just
> a matter of setting them on the outbound message context. For example,
one
> of the following tests sets the user for a UsernameToken in this way:
>
>
>
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
>
> URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl");
> Service service = Service.create(wsdl, SERVICE_QNAME);
> QName portQName = new QName(NAMESPACE,
"DoubleItPlaintextPrincipalPort");
> DoubleItPortType utPort = service.getPort(portQName,
> DoubleItPortType.class);
>
>
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
> "Alice");
>
> Colm.
>
>
> On Fri, Aug 9, 2013 at 9:56 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Hi Colm,
> >
> > To get my client working with the config I tried a lot of things, but
I
> > did’n succeed so far, the message didn’t get signed. But I have an
other
> > question. Is it possible to set these parameters in Java? I can’t find
> any
> > example that sets this runtime.
> > For our application these settings will be given runtime, so I need to
> set
> > them runtime. Is is also posible to set the keystore runtime?
> >
> > Thanks for your input in advance!
> > Ralph Keegstra
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 16:01
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > can not be satisfied:
> >
> >
> >
> > When you have a WS-SecurityPolicy, you should not use either the
> > WSS4JOutInterceptor or WSS4JInInterceptor. CXF will take care of all
of
> > the
> > configuration, providing you supply it with the (e.g) Crypto property
> > configuration and a CallbackHandler, username, etc. Please take a look
at
> > the link I posted in my last reply - that configuration works for the
> > client for both outbound + inbound.
> >
> > Colm.
> >
> >
> > On Fri, Aug 2, 2013 at 2:51 PM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > OK thank you very much!
> > > I'm getting a little further, but I think I'm running against a
problem
> > I
> > > had/made before. But now I get the following error:
> > >
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> > > not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding: Received Timestamp does not match the
requirements
> > >
> > > Which doesn't supprise me. Earlier in the development proces I had
the
> > > problem that I couldn't sign the timestamp. For the outgoing message
> I'm
> > > using the following:
> > > 1 Map<String, Object> outProps = new HashMap<String, Object>();
> > > 2 outProps.put(WSHandlerConstants.ACTION,
> > WSHandlerConstants.TIMESTAMP
> > > + " " + WSHandlerConstants.SIGNATURE);
> > > 3 //outProps.put(WSHandlerConstants.ACTION,
> > > WSHandlerConstants.SIGNATURE);
> > > 4 bindingProvider.getRequestContext().put("password", "xxxxx");
> > > 5 outProps.put(WSHandlerConstants.USER, "xxxxxxxxx");
> > > 6 outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > "client_sign.properties");
> > > 7 outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> > > 8 outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{
> > > http://www.w3.org/2005/08/addressing}Action;"
> > > 9 + "{Element}{
> > > http://www.w3.org/2005/08/addressing}MessageID;"
> > > 10 + "{Element}{
> > > http://www.w3.org/2005/08/addressing}To;"
> > > 11 + "{Element}{
> > > http://www.w3.org/2005/08/addressing}ReplyTo;"
> > > 12 + "Body;"
> > > 13 + "{Element}{
> > >
> > >
> >
> >
>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> >
> > > }Timestamp");
> > >
> > > 14 WSS4JOutInterceptor wssOut = new
WSS4JOutInterceptor(outProps);
> > > 15 cxfEndpoint.getOutInterceptors().add(wssOut);
> > >
> > > The third line I commented out and in the wsdl I commented out
> > > '<sp:IncludeTimestamp/>' (which is wrong, but I could send a message
so
> > I
> > > was happy at the moment). If I commented out line 2 I get a error
that
> > the
> > > field Timestamp can not be found.
> > >
> > > Is this the cause of the problem above?
> > > I tried to use PolicyBasedWSS4JOutInterceptor instead of
> > > WSS4JOutInterceptor, but I don't know how to push the configuration.
> > >
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 15:15
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > Ok your configuration is the issue. You are configuring the
> > > WSS4JInInterceptor, which is not policy-aware. You need to configure
> the
> > > PolicyBasedWSS4JInInterceptor instead. This is done automatically
for
> > you
> > > if the WSDL has the correct security policy, but the configuration
is
> > done
> > > in a slightly different way.
> > >
> > > For example, see the following configuration:
> > >
> > >
> > >
> >
> >
>
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
> >
> > >
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Aug 2, 2013 at 2:11 PM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > Map<String, Object> inProps = new HashMap<String, Object>();
> > > > inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > > "server_sign.properties");
> > > > inProps.put(WSHandlerConstants.ACTION,
> > WSHandlerConstants.TIMESTAMP
> > > +
> > > > " " + WSHandlerConstants.SIGNATURE);
> > > > bindingProvider.getResponseContext().put("password", "xxxxx");
> > > > inProps.put(WSHandlerConstants.USER,
> > > > "cs-bedrijven.procesinfrastructuur.nl");
> > > >
> > > > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > > > cxfEndpoint.getInInterceptors().add(wssIn);
> > > >
> > > > --- server_sign.properties ---
> > > >
> > > >
> > >
> > >
> >
> >
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > > org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> > > > #org.apache.ws.security.crypto.merlin.keystore.alias=
> > > > cs-bedrijven.procesinfrastructuur.nl
> > > >
org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
> > > >
> > > > This is how I configure WSS4JInInterceptor. I have no extra config
> > files
> > > > and I prefer to set all config in the code. When the client works
I
> > want
> > > > to try to get rid of the server_sign.properties, I want to set
that
> > > > dynamic.
> > > >
> > > > Ralph
> > > >
> > > >
> > > >
> > > >
> > > > From:
> > > > Colm O hEigeartaigh <co...@apache.org>
> > > > To:
> > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > Date:
> > > > 02-08-2013 15:04
> > > > Subject:
> > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can not be satisfied:
> > > >
> > > >
> > > >
> > > > As a sanity check, can I see your CXF client configuration?
> > > > PolicyVerificationInInterceptor does run after
> > > > PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> > > > WSS4JInInterceptor explicilty in your configuration?
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Fri, Aug 2, 2013 at 1:26 PM,
> > > > <r....@pantheon-automatisering.nl>wrote:
> > > >
> > > > > Hi Colm,
> > > > >
> > > > > He doesn't reach the point you asked for. In
> > > > > 'org.apache.cxf.ws.policy.AssertionInfoMap.java'
> > checkEffectivePolicy
> > > he
> > > > > doesn't find any validated policy, the ArrayList validated is
> empty,
> > > the
> > > > > ArrayList errors contains 50. He throws at line 179 an exception
> > (cxf
> > > > > 2.7.6).
> > > > > This method is called from
> > > > > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor'
method
> > > > handle.
> > > > > Line 101 is the line where call is done.
> > > > > The variable aim contains:
> > > > > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements:false], {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken:false], {
> > http://www.w3.org/2007/05/addressing/metadata
> > > > > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > > > > }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> > > > > }Anonymous:false], {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }Layout:false],
> > > > > AnonymousResponses=[AnonymousResponses:false,
> > > AnonymousResponses:false],
> > > > {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }AsymmetricBinding=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }AsymmetricBinding:false], {
> > > > http://www.w3.org/2007/02/addressing/metadata
> > > > > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > > }Addressing:true], {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken:false], {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token:false,
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token:false], {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedParts:false], {
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > }OptimizedMimeSerialization=[{
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > }OptimizedMimeSerialization:false]}
> > > > >
> > > > > If you need to know something else, let me know!
> > > > >
> > > > > Ralph
> > > > >
> > > > >
> > > > >
> > > > > From:
> > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > To:
> > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > Date:
> > > > > 02-08-2013 12:57
> > > > > Subject:
> > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can not be satisfied:
> > > > >
> > > > >
> > > > >
> > > > > Do you have access to a debugger? If so could you put a
breakpoint
> > in
> > > > > PolicyBasedWSS4JInInterceptor in the doResults method and trace
the
> > > > flow?
> > > > > The problem is that some policy is getting unasserted, but I
can't
> > > > figure
> > > > > out which one from the logging.
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Fri, Aug 2, 2013 at 11:53 AM,
> > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > This comes from the WSDL as it is given to me. When generated
> with
> > > all
> > > > > > three policies enabled, the first is used I believe. I just
tried
> > to
> > > > > > generate with only one enabled. I tried three times (one time
for
> > > > > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > > > > TripleDesRsa15), all the same result as before.
> > > > > > At almost the bottum of the log it says ' LogUtils.doLog(443)
|
> > > > > > WS-Addressing - failed to retrieve Message Addressing
Properties
> > > from
> > > > > > context'.
> > > > > > Is it possible that I need to add something to avoid this? And
if
> > > yes
> > > > > how
> > > > > > do I do that?
> > > > > >
> > > > > > Ralph
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > From:
> > > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > > To:
> > > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > > Date:
> > > > > > 02-08-2013 12:34
> > > > > > Subject:
> > > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > > can not be satisfied:
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > I'm not sure if this is the cause of the problem, but the
> > following
> > > > > policy
> > > > > > is not valid:
> > > > > >
> > > > > > <sp:AlgorithmSuite>
> > > > > > <wsp:Policy>
> > > > > > <sp:Basic128Rsa15/>
> > > > > > <sp:Basic256Rsa15/>
> > > > > > <sp:TripleDesRsa15/>
> > > > > > </wsp:Policy>
> > > > > > </sp:AlgorithmSuite>
> > > > > >
> > > > > > The specification only allows you to specify one of the
policies
> > > > above.
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > > >
> > > > > > > Hi Colm,
> > > > > > >
> > > > > > > The previous message didn't contain a attachement. But in
the
> > mean
> > > > > time
> > > > > > I
> > > > > > > managed to get a better log. I will attach it as .txt
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > > > > "users@cxf.apache.org"
> > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can
> > > > > > not
> > > > > > > be satisfied:
> > > > > > > ------------------------------
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Could you turn logging to "FINE" + attach the log? That
should
> > > tell
> > > > us
> > > > > > the
> > > > > > > exact policy validation error(s).
> > > > > > >
> > > > > > > Colm.
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Aug 1, 2013 at 9:17 AM,
> > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > >wrote:
> > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > Because the formatting was crappy an attachement.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > users@cxf.apache.org"
> > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > > can
> > > > > > > not
> > > > > > > > be satisfied:
> > > > > > > > ------------------------------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > It looks like the service is processing the CXF request
> > > correctly,
> > > > > but
> > > > > > is
> > > > > > > > not returning a response that complies with the security
> > policy,
> > > > and
> > > > > > the
> > > > > > > > client is throwing an exception. It's impossible to find
out
> > > > without
> > > > > > > seeing
> > > > > > > > the security policy though. It should be in the WSDL file
> > > > referenced
> > > > > > in
> > > > > > > the
> > > > > > > > log, if you could attach it:
> > > > > > > >
> > > > > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > > > > >
> > > > > > > > Colm.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > >wrote:
> > > > > > > >
> > > > > > > > > Dear Colm,
> > > > > > > > >
> > > > > > > > > Sorry i didn't see your previous response. Because of my
> > great
> > > > > > e-mail
> > > > > > > > > client (Notus ;) ) I wasn't properly connected to the
> > > > mailinglist,
> > > > > > > > > apologies for the inconvenience.
> > > > > > > > > I don't know how to get the security policy of the
service.
> > > > > > > > > I added the message I send to the server. (I've removed
the
> > > > > > > SecurityToken
> > > > > > > > > for security reasons).
> > > > > > > > > The message I received is the text I copied from the
log. I
> > > also
> > > > > > added
> > > > > > > > the
> > > > > > > > > logging I get at the moment.
> > > > > > > > >
> > > > > > > > > Ralph
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > > users@cxf.apache.org"
> > > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject:
Re:
> > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > alternatives
> > > > > > can
> > > > > > > > not
> > > > > > > > > be satisfied:
> > > > > > > > > ------------------------------
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Did you not see my previous response? We need to see the
> > > > security
> > > > > > > policy
> > > > > > > > of
> > > > > > > > > the service, the request message + the response message
to
> > be
> > > > able
> > > > > > to
> > > > > > > > help
> > > > > > > > > you.
> > > > > > > > >
> > > > > > > > > Colm.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > > >wrote:
> > > > > > > > >
> > > > > > > > > > Dear CXF Support,
> > > > > > > > > >
> > > > > > > > > > First, I am a newbie with CXF. I am writing a CXF
client
> > to
> > > > > > interact
> > > > > > > > with
> > > > > > > > > > the government. I am able to send a message. But when
I
> > > > receive
> > > > > > the
> > > > > > > > > > response my client crashes.
> > > > > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am
using
> > > Java
> > > > > > 1.6.45.
> > > > > > > > If
> > > > > > > > > > you need more info, please let me know as I don't
exactly
> > > know
> > > > > > what
> > > > > > > > info
> > > > > > > > > > you need to help me.
> > > > > > > > > > Please help me, I'm stuck.
> > > > > > > > > >
> > > > > > > > > > Ralph Keegstra
> > > > > > > > > >
> > > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > > alternatives
> > > > > > > can
> > > > > > > > > > not be satisfied:
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }X509Token
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }InitiatorToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }RecipientToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }Layout
> > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata
}Anonymous
> > > > > > > > > > {
> > > > > > > >
> > > > > >
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedParts
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }SignedElements
> > > > > > > > > > AnonymousResponses
> > > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > > at
> > > > > > > > > >
> > > > >
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > > at
> > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > at
org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > > ClientImpl.java:800)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > >
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > > at
> > > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > > at
> org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > > at
> > org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > > at
> > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > > )
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > > at
> org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > > ClientProxy.java:96)
> > > > > > > > > > at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> > Source)
> > > > > > > > > > at
> > > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > > at
> > > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > > Exception in thread "main"
> > > > javax.xml.ws.soap.SOAPFaultException:
> > > > > > > These
> > > > > > > > > > policy alternatives can not be satisfied:
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }X509Token
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }InitiatorToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }RecipientToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }Layout
> > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata
}Anonymous
> > > > > > > > > > {
> > > > > > > >
> > > > > >
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedParts
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }SignedElements
> > > > > > > > > > AnonymousResponses
> > > > > > > > > > at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > JaxWsClientProxy.java:155)
> > > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> > Source)
> > > > > > > > > > at
> > > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > > at
> > > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException:
> These
> > > > > policy
> > > > > > > > > > alternatives can not be satisfied:
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }X509Token
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }InitiatorToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }RecipientToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }Layout
> > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata
}Anonymous
> > > > > > > > > > {
> > > > > > > >
> > > > > >
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedParts
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }SignedElements
> > > > > > > > > > AnonymousResponses
> > > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > > at
> > > > > > > > > >
> > > > >
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > > at
> > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > at
org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > > ClientImpl.java:800)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > >
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > > at
> > > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > > at
> org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > > at
> > org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > > at
> > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > > )
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > > at
> org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > > ClientProxy.java:96)
> > > > > > > > > > at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > > ... 3 more
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Colm O hEigeartaigh
> > > > > > > > >
> > > > > > > > > Talend Community Coder
> > > > > > > > > http://coders.talend.com
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Colm O hEigeartaigh
> > > > > > > >
> > > > > > > > Talend Community Coder
> > > > > > > > http://coders.talend.com
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Colm O hEigeartaigh
> > > > > > >
> > > > > > > Talend Community Coder
> > > > > > > http://coders.talend.com
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Hi Colm,
First of all, thank you very much for your reaction and your effort, I
really appreciate it!
To set the username and the properties I set the following code:
AanleverServiceV12_Service ss = new
AanleverServiceV12_Service(wsdlURL, SERVICE_NAME);
AanleverServiceV12 port = ss.getAanleverServiceV12();
bindingProvider = (BindingProvider) port;
bindingProvider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
"https://cs-bedrijven.procesinfrastructuur.nl/cpl/aanleverservice/1.2");
bindingProvider.getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
"client_sign.properties");
bindingProvider.getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME,
"aliasname");
bindingProvider.getResponseContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
"server_sign.properties");
bindingProvider.getResponseContext().put(SecurityConstants.SIGNATURE_USERNAME,
"cs-bedrijven.procesinfrastructuur.nl");
What I don't understand is that at line 114 of the attached log it looks
like the username is set, also the properties are set at the line. But
there is also a username 'APPLICATION'. But this configuration is not used
until the client is receiving a message. At line 668 my keystore for
signing the message is mentioned, but it is WSS4JInInterceptor, not out.
The send message does not contain any signature and BinarySecurityToken.
Ralph
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
09-08-2013 17:33
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
Yes, you can set all of the parameters for WS-SecurityPolicy in Java. All
of the configuration tags are in the "SecurityConstants" class - it's just
a matter of setting them on the outbound message context. For example, one
of the following tests sets the user for a UsernameToken in this way:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort");
DoubleItPortType utPort = service.getPort(portQName,
DoubleItPortType.class);
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
"Alice");
Colm.
On Fri, Aug 9, 2013 at 9:56 AM,
<r....@pantheon-automatisering.nl>wrote:
> Hi Colm,
>
> To get my client working with the config I tried a lot of things, but I
> did’n succeed so far, the message didn’t get signed. But I have an other
> question. Is it possible to set these parameters in Java? I can’t find
any
> example that sets this runtime.
> For our application these settings will be given runtime, so I need to
set
> them runtime. Is is also posible to set the keystore runtime?
>
> Thanks for your input in advance!
> Ralph Keegstra
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 16:01
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> When you have a WS-SecurityPolicy, you should not use either the
> WSS4JOutInterceptor or WSS4JInInterceptor. CXF will take care of all of
> the
> configuration, providing you supply it with the (e.g) Crypto property
> configuration and a CallbackHandler, username, etc. Please take a look
at
> the link I posted in my last reply - that configuration works for the
> client for both outbound + inbound.
>
> Colm.
>
>
> On Fri, Aug 2, 2013 at 2:51 PM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > OK thank you very much!
> > I'm getting a little further, but I think I'm running against a
problem
> I
> > had/made before. But now I get the following error:
> >
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> > not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding: Received Timestamp does not match the requirements
> >
> > Which doesn't supprise me. Earlier in the development proces I had the
> > problem that I couldn't sign the timestamp. For the outgoing message
I'm
> > using the following:
> > 1 Map<String, Object> outProps = new HashMap<String, Object>();
> > 2 outProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.TIMESTAMP
> > + " " + WSHandlerConstants.SIGNATURE);
> > 3 //outProps.put(WSHandlerConstants.ACTION,
> > WSHandlerConstants.SIGNATURE);
> > 4 bindingProvider.getRequestContext().put("password", "xxxxx");
> > 5 outProps.put(WSHandlerConstants.USER, "xxxxxxxxx");
> > 6 outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > "client_sign.properties");
> > 7 outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> > 8 outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{
> > http://www.w3.org/2005/08/addressing}Action;"
> > 9 + "{Element}{
> > http://www.w3.org/2005/08/addressing}MessageID;"
> > 10 + "{Element}{
> > http://www.w3.org/2005/08/addressing}To;"
> > 11 + "{Element}{
> > http://www.w3.org/2005/08/addressing}ReplyTo;"
> > 12 + "Body;"
> > 13 + "{Element}{
> >
> >
>
>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>
> > }Timestamp");
> >
> > 14 WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> > 15 cxfEndpoint.getOutInterceptors().add(wssOut);
> >
> > The third line I commented out and in the wsdl I commented out
> > '<sp:IncludeTimestamp/>' (which is wrong, but I could send a message
so
> I
> > was happy at the moment). If I commented out line 2 I get a error that
> the
> > field Timestamp can not be found.
> >
> > Is this the cause of the problem above?
> > I tried to use PolicyBasedWSS4JOutInterceptor instead of
> > WSS4JOutInterceptor, but I don't know how to push the configuration.
> >
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 15:15
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > can not be satisfied:
> >
> >
> >
> > Ok your configuration is the issue. You are configuring the
> > WSS4JInInterceptor, which is not policy-aware. You need to configure
the
> > PolicyBasedWSS4JInInterceptor instead. This is done automatically for
> you
> > if the WSDL has the correct security policy, but the configuration is
> done
> > in a slightly different way.
> >
> > For example, see the following configuration:
> >
> >
> >
>
>
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
>
> >
> >
> > Colm.
> >
> >
> > On Fri, Aug 2, 2013 at 2:11 PM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > Map<String, Object> inProps = new HashMap<String, Object>();
> > > inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > "server_sign.properties");
> > > inProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.TIMESTAMP
> > +
> > > " " + WSHandlerConstants.SIGNATURE);
> > > bindingProvider.getResponseContext().put("password", "xxxxx");
> > > inProps.put(WSHandlerConstants.USER,
> > > "cs-bedrijven.procesinfrastructuur.nl");
> > >
> > > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > > cxfEndpoint.getInInterceptors().add(wssIn);
> > >
> > > --- server_sign.properties ---
> > >
> > >
> >
> >
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> > > #org.apache.ws.security.crypto.merlin.keystore.alias=
> > > cs-bedrijven.procesinfrastructuur.nl
> > >
org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
> > >
> > > This is how I configure WSS4JInInterceptor. I have no extra config
> files
> > > and I prefer to set all config in the code. When the client works I
> want
> > > to try to get rid of the server_sign.properties, I want to set that
> > > dynamic.
> > >
> > > Ralph
> > >
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 15:04
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > As a sanity check, can I see your CXF client configuration?
> > > PolicyVerificationInInterceptor does run after
> > > PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> > > WSS4JInInterceptor explicilty in your configuration?
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Aug 2, 2013 at 1:26 PM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > Hi Colm,
> > > >
> > > > He doesn't reach the point you asked for. In
> > > > 'org.apache.cxf.ws.policy.AssertionInfoMap.java'
> checkEffectivePolicy
> > he
> > > > doesn't find any validated policy, the ArrayList validated is
empty,
> > the
> > > > ArrayList errors contains 50. He throws at line 179 an exception
> (cxf
> > > > 2.7.6).
> > > > This method is called from
> > > > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
> > > handle.
> > > > Line 101 is the line where call is done.
> > > > The variable aim contains:
> > > > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken:false], {
> http://www.w3.org/2007/05/addressing/metadata
> > > > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > > > }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> > > > }Anonymous:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}Layout=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout:false],
> > > > AnonymousResponses=[AnonymousResponses:false,
> > AnonymousResponses:false],
> > > {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding:false], {
> > > http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token:false,
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts:false], {
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization=[{
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization:false]}
> > > >
> > > > If you need to know something else, let me know!
> > > >
> > > > Ralph
> > > >
> > > >
> > > >
> > > > From:
> > > > Colm O hEigeartaigh <co...@apache.org>
> > > > To:
> > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > Date:
> > > > 02-08-2013 12:57
> > > > Subject:
> > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can not be satisfied:
> > > >
> > > >
> > > >
> > > > Do you have access to a debugger? If so could you put a breakpoint
> in
> > > > PolicyBasedWSS4JInInterceptor in the doResults method and trace
the
> > > flow?
> > > > The problem is that some policy is getting unasserted, but I can't
> > > figure
> > > > out which one from the logging.
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Fri, Aug 2, 2013 at 11:53 AM,
> > > > <r....@pantheon-automatisering.nl>wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > This comes from the WSDL as it is given to me. When generated
with
> > all
> > > > > three policies enabled, the first is used I believe. I just
tried
> to
> > > > > generate with only one enabled. I tried three times (one time
for
> > > > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > > > TripleDesRsa15), all the same result as before.
> > > > > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > > > > WS-Addressing - failed to retrieve Message Addressing Properties
> > from
> > > > > context'.
> > > > > Is it possible that I need to add something to avoid this? And
if
> > yes
> > > > how
> > > > > do I do that?
> > > > >
> > > > > Ralph
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > From:
> > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > To:
> > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > Date:
> > > > > 02-08-2013 12:34
> > > > > Subject:
> > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can not be satisfied:
> > > > >
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > I'm not sure if this is the cause of the problem, but the
> following
> > > > policy
> > > > > is not valid:
> > > > >
> > > > > <sp:AlgorithmSuite>
> > > > > <wsp:Policy>
> > > > > <sp:Basic128Rsa15/>
> > > > > <sp:Basic256Rsa15/>
> > > > > <sp:TripleDesRsa15/>
> > > > > </wsp:Policy>
> > > > > </sp:AlgorithmSuite>
> > > > >
> > > > > The specification only allows you to specify one of the policies
> > > above.
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > >
> > > > > > Hi Colm,
> > > > > >
> > > > > > The previous message didn't contain a attachement. But in the
> mean
> > > > time
> > > > > I
> > > > > > managed to get a better log. I will attach it as .txt
> > > > > >
> > > > > >
> > > > > >
> > > > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > > > "users@cxf.apache.org"
> > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can
> > > > > not
> > > > > > be satisfied:
> > > > > > ------------------------------
> > > > > >
> > > > > >
> > > > > >
> > > > > > Could you turn logging to "FINE" + attach the log? That should
> > tell
> > > us
> > > > > the
> > > > > > exact policy validation error(s).
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > > On Thu, Aug 1, 2013 at 9:17 AM,
> > > <r.keegstra@pantheon-automatisering.nl
> > > > > > >wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Because the formatting was crappy an attachement.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > users@cxf.apache.org"
> > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can
> > > > > > not
> > > > > > > be satisfied:
> > > > > > > ------------------------------
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > It looks like the service is processing the CXF request
> > correctly,
> > > > but
> > > > > is
> > > > > > > not returning a response that complies with the security
> policy,
> > > and
> > > > > the
> > > > > > > client is throwing an exception. It's impossible to find out
> > > without
> > > > > > seeing
> > > > > > > the security policy though. It should be in the WSDL file
> > > referenced
> > > > > in
> > > > > > the
> > > > > > > log, if you could attach it:
> > > > > > >
> > > > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > > > >
> > > > > > > Colm.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > >wrote:
> > > > > > >
> > > > > > > > Dear Colm,
> > > > > > > >
> > > > > > > > Sorry i didn't see your previous response. Because of my
> great
> > > > > e-mail
> > > > > > > > client (Notus ;) ) I wasn't properly connected to the
> > > mailinglist,
> > > > > > > > apologies for the inconvenience.
> > > > > > > > I don't know how to get the security policy of the
service.
> > > > > > > > I added the message I send to the server. (I've removed
the
> > > > > > SecurityToken
> > > > > > > > for security reasons).
> > > > > > > > The message I received is the text I copied from the log.
I
> > also
> > > > > added
> > > > > > > the
> > > > > > > > logging I get at the moment.
> > > > > > > >
> > > > > > > > Ralph
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > users@cxf.apache.org"
> > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > can
> > > > > > > not
> > > > > > > > be satisfied:
> > > > > > > > ------------------------------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Did you not see my previous response? We need to see the
> > > security
> > > > > > policy
> > > > > > > of
> > > > > > > > the service, the request message + the response message to
> be
> > > able
> > > > > to
> > > > > > > help
> > > > > > > > you.
> > > > > > > >
> > > > > > > > Colm.
> > > > > > > >
> > > > > > > >
> > > > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > >wrote:
> > > > > > > >
> > > > > > > > > Dear CXF Support,
> > > > > > > > >
> > > > > > > > > First, I am a newbie with CXF. I am writing a CXF client
> to
> > > > > interact
> > > > > > > with
> > > > > > > > > the government. I am able to send a message. But when I
> > > receive
> > > > > the
> > > > > > > > > response my client crashes.
> > > > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using
> > Java
> > > > > 1.6.45.
> > > > > > > If
> > > > > > > > > you need more info, please let me know as I don't
exactly
> > know
> > > > > what
> > > > > > > info
> > > > > > > > > you need to help me.
> > > > > > > > > Please help me, I'm stuck.
> > > > > > > > >
> > > > > > > > > Ralph Keegstra
> > > > > > > > >
> > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > alternatives
> > > > > > can
> > > > > > > > > not be satisfied:
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }AsymmetricBinding
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }InitiatorToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }RecipientToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout
> > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > {
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedElements
> > > > > > > > > AnonymousResponses
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > at
> > > > > > > > >
> > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > ClientImpl.java:800)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > at
> > > > > > > > >
> > > > >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > at
> > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > at
org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > at
> org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > )
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > at
org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > ClientProxy.java:96)
> > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> Source)
> > > > > > > > > at
> > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > Exception in thread "main"
> > > javax.xml.ws.soap.SOAPFaultException:
> > > > > > These
> > > > > > > > > policy alternatives can not be satisfied:
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }AsymmetricBinding
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }InitiatorToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }RecipientToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout
> > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > {
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedElements
> > > > > > > > > AnonymousResponses
> > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > JaxWsClientProxy.java:155)
> > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> Source)
> > > > > > > > > at
> > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException:
These
> > > > policy
> > > > > > > > > alternatives can not be satisfied:
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }AsymmetricBinding
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }InitiatorToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }RecipientToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout
> > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > {
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedElements
> > > > > > > > > AnonymousResponses
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > at
> > > > > > > > >
> > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > ClientImpl.java:800)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > at
> > > > > > > > >
> > > > >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > at
> > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > at
org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > at
> org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > )
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > at
org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > ClientProxy.java:96)
> > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > ... 3 more
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Colm O hEigeartaigh
> > > > > > > >
> > > > > > > > Talend Community Coder
> > > > > > > > http://coders.talend.com
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Colm O hEigeartaigh
> > > > > > >
> > > > > > > Talend Community Coder
> > > > > > > http://coders.talend.com
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
There is a bug in CXF where it doesn't sign anything when you are using an
AsymmetricBinding policy + EncryptBeforeSigning + no
EncryptedParts/EncryptedElements policies. I have fixed it here:
https://issues.apache.org/jira/browse/CXF-5199
So to go further, you could either remove the "EncryptBeforeSigning" policy
from the WSDL, or else download the latest SNAPSHOT once it has deployed
via the Jenkins build.
Colm.
On Mon, Aug 12, 2013 at 9:06 AM, <r....@pantheon-automatisering.nl>wrote:
> Sorry, now with attached log.
>
>
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To: "users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 09-08-2013 17:33 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not
> be satisfied:
> ------------------------------
>
>
>
> Yes, you can set all of the parameters for WS-SecurityPolicy in Java. All
> of the configuration tags are in the "SecurityConstants" class - it's just
> a matter of setting them on the outbound message context. For example, one
> of the following tests sets the user for a UsernameToken in this way:
>
>
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
>
> URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl");
> Service service = Service.create(wsdl, SERVICE_QNAME);
> QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort");
> DoubleItPortType utPort = service.getPort(portQName,
> DoubleItPortType.class);
>
> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
> "Alice");
>
> Colm.
>
>
> On Fri, Aug 9, 2013 at 9:56 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Hi Colm,
> >
> > To get my client working with the config I tried a lot of things, but I
> > did’n succeed so far, the message didn’t get signed. But I have an other
> > question. Is it possible to set these parameters in Java? I can’t find
> any
> > example that sets this runtime.
> > For our application these settings will be given runtime, so I need to
> set
> > them runtime. Is is also posible to set the keystore runtime?
> >
> > Thanks for your input in advance!
> > Ralph Keegstra
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 16:01
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> > can not be satisfied:
> >
> >
> >
> > When you have a WS-SecurityPolicy, you should not use either the
> > WSS4JOutInterceptor or WSS4JInInterceptor. CXF will take care of all of
> > the
> > configuration, providing you supply it with the (e.g) Crypto property
> > configuration and a CallbackHandler, username, etc. Please take a look at
> > the link I posted in my last reply - that configuration works for the
> > client for both outbound + inbound.
> >
> > Colm.
> >
> >
> > On Fri, Aug 2, 2013 at 2:51 PM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > OK thank you very much!
> > > I'm getting a little further, but I think I'm running against a problem
> > I
> > > had/made before. But now I get the following error:
> > >
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> > > not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding: Received Timestamp does not match the requirements
> > >
> > > Which doesn't supprise me. Earlier in the development proces I had the
> > > problem that I couldn't sign the timestamp. For the outgoing message
> I'm
> > > using the following:
> > > 1 Map<String, Object> outProps = new HashMap<String, Object>();
> > > 2 outProps.put(WSHandlerConstants.ACTION,
> > WSHandlerConstants.TIMESTAMP
> > > + " " + WSHandlerConstants.SIGNATURE);
> > > 3 //outProps.put(WSHandlerConstants.ACTION,
> > > WSHandlerConstants.SIGNATURE);
> > > 4 bindingProvider.getRequestContext().put("password", "xxxxx");
> > > 5 outProps.put(WSHandlerConstants.USER, "xxxxxxxxx");
> > > 6 outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > "client_sign.properties");
> > > 7 outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> > > 8 outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{
> > > http://www.w3.org/2005/08/addressing}Action;"
> > > 9 + "{Element}{
> > > http://www.w3.org/2005/08/addressing}MessageID;"
> > > 10 + "{Element}{
> > > http://www.w3.org/2005/08/addressing}To;"
> > > 11 + "{Element}{
> > > http://www.w3.org/2005/08/addressing}ReplyTo;"
> > > 12 + "Body;"
> > > 13 + "{Element}{
> > >
> > >
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> >
> > > }Timestamp");
> > >
> > > 14 WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> > > 15 cxfEndpoint.getOutInterceptors().add(wssOut);
> > >
> > > The third line I commented out and in the wsdl I commented out
> > > '<sp:IncludeTimestamp/>' (which is wrong, but I could send a message so
> > I
> > > was happy at the moment). If I commented out line 2 I get a error that
> > the
> > > field Timestamp can not be found.
> > >
> > > Is this the cause of the problem above?
> > > I tried to use PolicyBasedWSS4JOutInterceptor instead of
> > > WSS4JOutInterceptor, but I don't know how to push the configuration.
> > >
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 15:15
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > Ok your configuration is the issue. You are configuring the
> > > WSS4JInInterceptor, which is not policy-aware. You need to configure
> the
> > > PolicyBasedWSS4JInInterceptor instead. This is done automatically for
> > you
> > > if the WSDL has the correct security policy, but the configuration is
> > done
> > > in a slightly different way.
> > >
> > > For example, see the following configuration:
> > >
> > >
> > >
> >
> >
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
> >
> > >
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Aug 2, 2013 at 2:11 PM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > Map<String, Object> inProps = new HashMap<String, Object>();
> > > > inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > > "server_sign.properties");
> > > > inProps.put(WSHandlerConstants.ACTION,
> > WSHandlerConstants.TIMESTAMP
> > > +
> > > > " " + WSHandlerConstants.SIGNATURE);
> > > > bindingProvider.getResponseContext().put("password", "xxxxx");
> > > > inProps.put(WSHandlerConstants.USER,
> > > > "cs-bedrijven.procesinfrastructuur.nl");
> > > >
> > > > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > > > cxfEndpoint.getInInterceptors().add(wssIn);
> > > >
> > > > --- server_sign.properties ---
> > > >
> > > >
> > >
> > >
> >
> >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > > org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> > > > #org.apache.ws.security.crypto.merlin.keystore.alias=
> > > > cs-bedrijven.procesinfrastructuur.nl
> > > > org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
> > > >
> > > > This is how I configure WSS4JInInterceptor. I have no extra config
> > files
> > > > and I prefer to set all config in the code. When the client works I
> > want
> > > > to try to get rid of the server_sign.properties, I want to set that
> > > > dynamic.
> > > >
> > > > Ralph
> > > >
> > > >
> > > >
> > > >
> > > > From:
> > > > Colm O hEigeartaigh <co...@apache.org>
> > > > To:
> > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > Date:
> > > > 02-08-2013 15:04
> > > > Subject:
> > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can not be satisfied:
> > > >
> > > >
> > > >
> > > > As a sanity check, can I see your CXF client configuration?
> > > > PolicyVerificationInInterceptor does run after
> > > > PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> > > > WSS4JInInterceptor explicilty in your configuration?
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Fri, Aug 2, 2013 at 1:26 PM,
> > > > <r....@pantheon-automatisering.nl>wrote:
> > > >
> > > > > Hi Colm,
> > > > >
> > > > > He doesn't reach the point you asked for. In
> > > > > 'org.apache.cxf.ws.policy.AssertionInfoMap.java'
> > checkEffectivePolicy
> > > he
> > > > > doesn't find any validated policy, the ArrayList validated is
> empty,
> > > the
> > > > > ArrayList errors contains 50. He throws at line 179 an exception
> > (cxf
> > > > > 2.7.6).
> > > > > This method is called from
> > > > > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
> > > > handle.
> > > > > Line 101 is the line where call is done.
> > > > > The variable aim contains:
> > > > > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements:false], {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken:false], {
> > http://www.w3.org/2007/05/addressing/metadata
> > > > > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > > > > }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> > > > > }Anonymous:false], {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }Layout:false],
> > > > > AnonymousResponses=[AnonymousResponses:false,
> > > AnonymousResponses:false],
> > > > {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }AsymmetricBinding=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }AsymmetricBinding:false], {
> > > > http://www.w3.org/2007/02/addressing/metadata
> > > > > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > > }Addressing:true], {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken:false], {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token:false,
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token:false], {
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts=[{
> > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedParts:false], {
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > }OptimizedMimeSerialization=[{
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > }OptimizedMimeSerialization:false]}
> > > > >
> > > > > If you need to know something else, let me know!
> > > > >
> > > > > Ralph
> > > > >
> > > > >
> > > > >
> > > > > From:
> > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > To:
> > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > Date:
> > > > > 02-08-2013 12:57
> > > > > Subject:
> > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can not be satisfied:
> > > > >
> > > > >
> > > > >
> > > > > Do you have access to a debugger? If so could you put a breakpoint
> > in
> > > > > PolicyBasedWSS4JInInterceptor in the doResults method and trace the
> > > > flow?
> > > > > The problem is that some policy is getting unasserted, but I can't
> > > > figure
> > > > > out which one from the logging.
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Fri, Aug 2, 2013 at 11:53 AM,
> > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > This comes from the WSDL as it is given to me. When generated
> with
> > > all
> > > > > > three policies enabled, the first is used I believe. I just tried
> > to
> > > > > > generate with only one enabled. I tried three times (one time for
> > > > > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > > > > TripleDesRsa15), all the same result as before.
> > > > > > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > > > > > WS-Addressing - failed to retrieve Message Addressing Properties
> > > from
> > > > > > context'.
> > > > > > Is it possible that I need to add something to avoid this? And if
> > > yes
> > > > > how
> > > > > > do I do that?
> > > > > >
> > > > > > Ralph
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > From:
> > > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > > To:
> > > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > > Date:
> > > > > > 02-08-2013 12:34
> > > > > > Subject:
> > > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > > can not be satisfied:
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > I'm not sure if this is the cause of the problem, but the
> > following
> > > > > policy
> > > > > > is not valid:
> > > > > >
> > > > > > <sp:AlgorithmSuite>
> > > > > > <wsp:Policy>
> > > > > > <sp:Basic128Rsa15/>
> > > > > > <sp:Basic256Rsa15/>
> > > > > > <sp:TripleDesRsa15/>
> > > > > > </wsp:Policy>
> > > > > > </sp:AlgorithmSuite>
> > > > > >
> > > > > > The specification only allows you to specify one of the policies
> > > > above.
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > > >
> > > > > > > Hi Colm,
> > > > > > >
> > > > > > > The previous message didn't contain a attachement. But in the
> > mean
> > > > > time
> > > > > > I
> > > > > > > managed to get a better log. I will attach it as .txt
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > > > > "users@cxf.apache.org"
> > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can
> > > > > > not
> > > > > > > be satisfied:
> > > > > > > ------------------------------
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Could you turn logging to "FINE" + attach the log? That should
> > > tell
> > > > us
> > > > > > the
> > > > > > > exact policy validation error(s).
> > > > > > >
> > > > > > > Colm.
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Aug 1, 2013 at 9:17 AM,
> > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > >wrote:
> > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > Because the formatting was crappy an attachement.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > users@cxf.apache.org"
> > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > > can
> > > > > > > not
> > > > > > > > be satisfied:
> > > > > > > > ------------------------------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > It looks like the service is processing the CXF request
> > > correctly,
> > > > > but
> > > > > > is
> > > > > > > > not returning a response that complies with the security
> > policy,
> > > > and
> > > > > > the
> > > > > > > > client is throwing an exception. It's impossible to find out
> > > > without
> > > > > > > seeing
> > > > > > > > the security policy though. It should be in the WSDL file
> > > > referenced
> > > > > > in
> > > > > > > the
> > > > > > > > log, if you could attach it:
> > > > > > > >
> > > > > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > > > > >
> > > > > > > > Colm.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > >wrote:
> > > > > > > >
> > > > > > > > > Dear Colm,
> > > > > > > > >
> > > > > > > > > Sorry i didn't see your previous response. Because of my
> > great
> > > > > > e-mail
> > > > > > > > > client (Notus ;) ) I wasn't properly connected to the
> > > > mailinglist,
> > > > > > > > > apologies for the inconvenience.
> > > > > > > > > I don't know how to get the security policy of the service.
> > > > > > > > > I added the message I send to the server. (I've removed the
> > > > > > > SecurityToken
> > > > > > > > > for security reasons).
> > > > > > > > > The message I received is the text I copied from the log. I
> > > also
> > > > > > added
> > > > > > > > the
> > > > > > > > > logging I get at the moment.
> > > > > > > > >
> > > > > > > > > Ralph
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > > users@cxf.apache.org"
> > > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > alternatives
> > > > > > can
> > > > > > > > not
> > > > > > > > > be satisfied:
> > > > > > > > > ------------------------------
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Did you not see my previous response? We need to see the
> > > > security
> > > > > > > policy
> > > > > > > > of
> > > > > > > > > the service, the request message + the response message to
> > be
> > > > able
> > > > > > to
> > > > > > > > help
> > > > > > > > > you.
> > > > > > > > >
> > > > > > > > > Colm.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > > >wrote:
> > > > > > > > >
> > > > > > > > > > Dear CXF Support,
> > > > > > > > > >
> > > > > > > > > > First, I am a newbie with CXF. I am writing a CXF client
> > to
> > > > > > interact
> > > > > > > > with
> > > > > > > > > > the government. I am able to send a message. But when I
> > > > receive
> > > > > > the
> > > > > > > > > > response my client crashes.
> > > > > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using
> > > Java
> > > > > > 1.6.45.
> > > > > > > > If
> > > > > > > > > > you need more info, please let me know as I don't exactly
> > > know
> > > > > > what
> > > > > > > > info
> > > > > > > > > > you need to help me.
> > > > > > > > > > Please help me, I'm stuck.
> > > > > > > > > >
> > > > > > > > > > Ralph Keegstra
> > > > > > > > > >
> > > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > > alternatives
> > > > > > > can
> > > > > > > > > > not be satisfied:
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }X509Token
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }InitiatorToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }RecipientToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }Layout
> > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > > {
> > > > > > > >
> > > > > >
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedParts
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }SignedElements
> > > > > > > > > > AnonymousResponses
> > > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > > at
> > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > > ClientImpl.java:800)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > >
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > > at
> > > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > > at
> org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > > at
> > org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > > at
> > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > > )
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > > at
> org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > > ClientProxy.java:96)
> > > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> > Source)
> > > > > > > > > > at
> > > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > > at
> > > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > > Exception in thread "main"
> > > > javax.xml.ws.soap.SOAPFaultException:
> > > > > > > These
> > > > > > > > > > policy alternatives can not be satisfied:
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }X509Token
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }InitiatorToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }RecipientToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }Layout
> > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > > {
> > > > > > > >
> > > > > >
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedParts
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }SignedElements
> > > > > > > > > > AnonymousResponses
> > > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > JaxWsClientProxy.java:155)
> > > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> > Source)
> > > > > > > > > > at
> > > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > > at
> > > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException:
> These
> > > > > policy
> > > > > > > > > > alternatives can not be satisfied:
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > > }AsymmetricBinding
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }X509Token
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }InitiatorToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }RecipientToken
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }Layout
> > > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > > {
> > > > > > > >
> > > > > >
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedParts
> > > > > > > > > > {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }SignedElements
> > > > > > > > > > AnonymousResponses
> > > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > > at
> > > > > > > > > >
> > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > > at
> > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > > ClientImpl.java:800)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > >
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > > at
> > > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > > at
> org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > > at
> > org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > > at
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > > at
> > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > > )
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > > at
> > > > > > > >
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > > at
> org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > > ClientProxy.java:96)
> > > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > > ... 3 more
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Colm O hEigeartaigh
> > > > > > > > >
> > > > > > > > > Talend Community Coder
> > > > > > > > > http://coders.talend.com
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Colm O hEigeartaigh
> > > > > > > >
> > > > > > > > Talend Community Coder
> > > > > > > > http://coders.talend.com
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Colm O hEigeartaigh
> > > > > > >
> > > > > > > Talend Community Coder
> > > > > > > http://coders.talend.com
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Sorry, now with attached log.
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
09-08-2013 17:33
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
Yes, you can set all of the parameters for WS-SecurityPolicy in Java. All
of the configuration tags are in the "SecurityConstants" class - it's just
a matter of setting them on the outbound message context. For example, one
of the following tests sets the user for a UsernameToken in this way:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort");
DoubleItPortType utPort = service.getPort(portQName,
DoubleItPortType.class);
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
"Alice");
Colm.
On Fri, Aug 9, 2013 at 9:56 AM,
<r....@pantheon-automatisering.nl>wrote:
> Hi Colm,
>
> To get my client working with the config I tried a lot of things, but I
> did’n succeed so far, the message didn’t get signed. But I have an other
> question. Is it possible to set these parameters in Java? I can’t find
any
> example that sets this runtime.
> For our application these settings will be given runtime, so I need to
set
> them runtime. Is is also posible to set the keystore runtime?
>
> Thanks for your input in advance!
> Ralph Keegstra
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 16:01
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> When you have a WS-SecurityPolicy, you should not use either the
> WSS4JOutInterceptor or WSS4JInInterceptor. CXF will take care of all of
> the
> configuration, providing you supply it with the (e.g) Crypto property
> configuration and a CallbackHandler, username, etc. Please take a look
at
> the link I posted in my last reply - that configuration works for the
> client for both outbound + inbound.
>
> Colm.
>
>
> On Fri, Aug 2, 2013 at 2:51 PM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > OK thank you very much!
> > I'm getting a little further, but I think I'm running against a
problem
> I
> > had/made before. But now I get the following error:
> >
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> > not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding: Received Timestamp does not match the requirements
> >
> > Which doesn't supprise me. Earlier in the development proces I had the
> > problem that I couldn't sign the timestamp. For the outgoing message
I'm
> > using the following:
> > 1 Map<String, Object> outProps = new HashMap<String, Object>();
> > 2 outProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.TIMESTAMP
> > + " " + WSHandlerConstants.SIGNATURE);
> > 3 //outProps.put(WSHandlerConstants.ACTION,
> > WSHandlerConstants.SIGNATURE);
> > 4 bindingProvider.getRequestContext().put("password", "xxxxx");
> > 5 outProps.put(WSHandlerConstants.USER, "xxxxxxxxx");
> > 6 outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > "client_sign.properties");
> > 7 outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> > 8 outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{
> > http://www.w3.org/2005/08/addressing}Action;"
> > 9 + "{Element}{
> > http://www.w3.org/2005/08/addressing}MessageID;"
> > 10 + "{Element}{
> > http://www.w3.org/2005/08/addressing}To;"
> > 11 + "{Element}{
> > http://www.w3.org/2005/08/addressing}ReplyTo;"
> > 12 + "Body;"
> > 13 + "{Element}{
> >
> >
>
>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>
> > }Timestamp");
> >
> > 14 WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> > 15 cxfEndpoint.getOutInterceptors().add(wssOut);
> >
> > The third line I commented out and in the wsdl I commented out
> > '<sp:IncludeTimestamp/>' (which is wrong, but I could send a message
so
> I
> > was happy at the moment). If I commented out line 2 I get a error that
> the
> > field Timestamp can not be found.
> >
> > Is this the cause of the problem above?
> > I tried to use PolicyBasedWSS4JOutInterceptor instead of
> > WSS4JOutInterceptor, but I don't know how to push the configuration.
> >
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 15:15
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > can not be satisfied:
> >
> >
> >
> > Ok your configuration is the issue. You are configuring the
> > WSS4JInInterceptor, which is not policy-aware. You need to configure
the
> > PolicyBasedWSS4JInInterceptor instead. This is done automatically for
> you
> > if the WSDL has the correct security policy, but the configuration is
> done
> > in a slightly different way.
> >
> > For example, see the following configuration:
> >
> >
> >
>
>
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
>
> >
> >
> > Colm.
> >
> >
> > On Fri, Aug 2, 2013 at 2:11 PM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > Map<String, Object> inProps = new HashMap<String, Object>();
> > > inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > "server_sign.properties");
> > > inProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.TIMESTAMP
> > +
> > > " " + WSHandlerConstants.SIGNATURE);
> > > bindingProvider.getResponseContext().put("password", "xxxxx");
> > > inProps.put(WSHandlerConstants.USER,
> > > "cs-bedrijven.procesinfrastructuur.nl");
> > >
> > > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > > cxfEndpoint.getInInterceptors().add(wssIn);
> > >
> > > --- server_sign.properties ---
> > >
> > >
> >
> >
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> > > #org.apache.ws.security.crypto.merlin.keystore.alias=
> > > cs-bedrijven.procesinfrastructuur.nl
> > >
org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
> > >
> > > This is how I configure WSS4JInInterceptor. I have no extra config
> files
> > > and I prefer to set all config in the code. When the client works I
> want
> > > to try to get rid of the server_sign.properties, I want to set that
> > > dynamic.
> > >
> > > Ralph
> > >
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 15:04
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > As a sanity check, can I see your CXF client configuration?
> > > PolicyVerificationInInterceptor does run after
> > > PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> > > WSS4JInInterceptor explicilty in your configuration?
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Aug 2, 2013 at 1:26 PM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > Hi Colm,
> > > >
> > > > He doesn't reach the point you asked for. In
> > > > 'org.apache.cxf.ws.policy.AssertionInfoMap.java'
> checkEffectivePolicy
> > he
> > > > doesn't find any validated policy, the ArrayList validated is
empty,
> > the
> > > > ArrayList errors contains 50. He throws at line 179 an exception
> (cxf
> > > > 2.7.6).
> > > > This method is called from
> > > > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
> > > handle.
> > > > Line 101 is the line where call is done.
> > > > The variable aim contains:
> > > > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken:false], {
> http://www.w3.org/2007/05/addressing/metadata
> > > > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > > > }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> > > > }Anonymous:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}Layout=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout:false],
> > > > AnonymousResponses=[AnonymousResponses:false,
> > AnonymousResponses:false],
> > > {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding:false], {
> > > http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token:false,
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts:false], {
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization=[{
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization:false]}
> > > >
> > > > If you need to know something else, let me know!
> > > >
> > > > Ralph
> > > >
> > > >
> > > >
> > > > From:
> > > > Colm O hEigeartaigh <co...@apache.org>
> > > > To:
> > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > Date:
> > > > 02-08-2013 12:57
> > > > Subject:
> > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can not be satisfied:
> > > >
> > > >
> > > >
> > > > Do you have access to a debugger? If so could you put a breakpoint
> in
> > > > PolicyBasedWSS4JInInterceptor in the doResults method and trace
the
> > > flow?
> > > > The problem is that some policy is getting unasserted, but I can't
> > > figure
> > > > out which one from the logging.
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Fri, Aug 2, 2013 at 11:53 AM,
> > > > <r....@pantheon-automatisering.nl>wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > This comes from the WSDL as it is given to me. When generated
with
> > all
> > > > > three policies enabled, the first is used I believe. I just
tried
> to
> > > > > generate with only one enabled. I tried three times (one time
for
> > > > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > > > TripleDesRsa15), all the same result as before.
> > > > > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > > > > WS-Addressing - failed to retrieve Message Addressing Properties
> > from
> > > > > context'.
> > > > > Is it possible that I need to add something to avoid this? And
if
> > yes
> > > > how
> > > > > do I do that?
> > > > >
> > > > > Ralph
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > From:
> > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > To:
> > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > Date:
> > > > > 02-08-2013 12:34
> > > > > Subject:
> > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can not be satisfied:
> > > > >
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > I'm not sure if this is the cause of the problem, but the
> following
> > > > policy
> > > > > is not valid:
> > > > >
> > > > > <sp:AlgorithmSuite>
> > > > > <wsp:Policy>
> > > > > <sp:Basic128Rsa15/>
> > > > > <sp:Basic256Rsa15/>
> > > > > <sp:TripleDesRsa15/>
> > > > > </wsp:Policy>
> > > > > </sp:AlgorithmSuite>
> > > > >
> > > > > The specification only allows you to specify one of the policies
> > > above.
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > >
> > > > > > Hi Colm,
> > > > > >
> > > > > > The previous message didn't contain a attachement. But in the
> mean
> > > > time
> > > > > I
> > > > > > managed to get a better log. I will attach it as .txt
> > > > > >
> > > > > >
> > > > > >
> > > > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > > > "users@cxf.apache.org"
> > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can
> > > > > not
> > > > > > be satisfied:
> > > > > > ------------------------------
> > > > > >
> > > > > >
> > > > > >
> > > > > > Could you turn logging to "FINE" + attach the log? That should
> > tell
> > > us
> > > > > the
> > > > > > exact policy validation error(s).
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > > On Thu, Aug 1, 2013 at 9:17 AM,
> > > <r.keegstra@pantheon-automatisering.nl
> > > > > > >wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Because the formatting was crappy an attachement.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > users@cxf.apache.org"
> > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can
> > > > > > not
> > > > > > > be satisfied:
> > > > > > > ------------------------------
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > It looks like the service is processing the CXF request
> > correctly,
> > > > but
> > > > > is
> > > > > > > not returning a response that complies with the security
> policy,
> > > and
> > > > > the
> > > > > > > client is throwing an exception. It's impossible to find out
> > > without
> > > > > > seeing
> > > > > > > the security policy though. It should be in the WSDL file
> > > referenced
> > > > > in
> > > > > > the
> > > > > > > log, if you could attach it:
> > > > > > >
> > > > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > > > >
> > > > > > > Colm.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > >wrote:
> > > > > > >
> > > > > > > > Dear Colm,
> > > > > > > >
> > > > > > > > Sorry i didn't see your previous response. Because of my
> great
> > > > > e-mail
> > > > > > > > client (Notus ;) ) I wasn't properly connected to the
> > > mailinglist,
> > > > > > > > apologies for the inconvenience.
> > > > > > > > I don't know how to get the security policy of the
service.
> > > > > > > > I added the message I send to the server. (I've removed
the
> > > > > > SecurityToken
> > > > > > > > for security reasons).
> > > > > > > > The message I received is the text I copied from the log.
I
> > also
> > > > > added
> > > > > > > the
> > > > > > > > logging I get at the moment.
> > > > > > > >
> > > > > > > > Ralph
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > users@cxf.apache.org"
> > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > can
> > > > > > > not
> > > > > > > > be satisfied:
> > > > > > > > ------------------------------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Did you not see my previous response? We need to see the
> > > security
> > > > > > policy
> > > > > > > of
> > > > > > > > the service, the request message + the response message to
> be
> > > able
> > > > > to
> > > > > > > help
> > > > > > > > you.
> > > > > > > >
> > > > > > > > Colm.
> > > > > > > >
> > > > > > > >
> > > > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > >wrote:
> > > > > > > >
> > > > > > > > > Dear CXF Support,
> > > > > > > > >
> > > > > > > > > First, I am a newbie with CXF. I am writing a CXF client
> to
> > > > > interact
> > > > > > > with
> > > > > > > > > the government. I am able to send a message. But when I
> > > receive
> > > > > the
> > > > > > > > > response my client crashes.
> > > > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using
> > Java
> > > > > 1.6.45.
> > > > > > > If
> > > > > > > > > you need more info, please let me know as I don't
exactly
> > know
> > > > > what
> > > > > > > info
> > > > > > > > > you need to help me.
> > > > > > > > > Please help me, I'm stuck.
> > > > > > > > >
> > > > > > > > > Ralph Keegstra
> > > > > > > > >
> > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > alternatives
> > > > > > can
> > > > > > > > > not be satisfied:
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }AsymmetricBinding
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }InitiatorToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }RecipientToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout
> > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > {
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedElements
> > > > > > > > > AnonymousResponses
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > at
> > > > > > > > >
> > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > ClientImpl.java:800)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > at
> > > > > > > > >
> > > > >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > at
> > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > at
org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > at
> org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > )
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > at
org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > ClientProxy.java:96)
> > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> Source)
> > > > > > > > > at
> > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > Exception in thread "main"
> > > javax.xml.ws.soap.SOAPFaultException:
> > > > > > These
> > > > > > > > > policy alternatives can not be satisfied:
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }AsymmetricBinding
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }InitiatorToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }RecipientToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout
> > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > {
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedElements
> > > > > > > > > AnonymousResponses
> > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > JaxWsClientProxy.java:155)
> > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> Source)
> > > > > > > > > at
> > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException:
These
> > > > policy
> > > > > > > > > alternatives can not be satisfied:
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }AsymmetricBinding
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }InitiatorToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }RecipientToken
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout
> > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > {
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts
> > > > > > > > > {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedElements
> > > > > > > > > AnonymousResponses
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > at
> > > > > > > > >
> > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > ClientImpl.java:800)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > at
> > > > > > > > >
> > > > >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > at
> > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > at
org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > at
> org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > )
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > at
> > > > > > >
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > at
org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > ClientProxy.java:96)
> > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > ... 3 more
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Colm O hEigeartaigh
> > > > > > > >
> > > > > > > > Talend Community Coder
> > > > > > > > http://coders.talend.com
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Colm O hEigeartaigh
> > > > > > >
> > > > > > > Talend Community Coder
> > > > > > > http://coders.talend.com
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
Yes, you can set all of the parameters for WS-SecurityPolicy in Java. All
of the configuration tags are in the "SecurityConstants" class - it's just
a matter of setting them on the outbound message context. For example, one
of the following tests sets the user for a UsernameToken in this way:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort");
DoubleItPortType utPort = service.getPort(portQName,
DoubleItPortType.class);
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
"Alice");
Colm.
On Fri, Aug 9, 2013 at 9:56 AM, <r....@pantheon-automatisering.nl>wrote:
> Hi Colm,
>
> To get my client working with the config I tried a lot of things, but I
> did’n succeed so far, the message didn’t get signed. But I have an other
> question. Is it possible to set these parameters in Java? I can’t find any
> example that sets this runtime.
> For our application these settings will be given runtime, so I need to set
> them runtime. Is is also posible to set the keystore runtime?
>
> Thanks for your input in advance!
> Ralph Keegstra
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 16:01
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> When you have a WS-SecurityPolicy, you should not use either the
> WSS4JOutInterceptor or WSS4JInInterceptor. CXF will take care of all of
> the
> configuration, providing you supply it with the (e.g) Crypto property
> configuration and a CallbackHandler, username, etc. Please take a look at
> the link I posted in my last reply - that configuration works for the
> client for both outbound + inbound.
>
> Colm.
>
>
> On Fri, Aug 2, 2013 at 2:51 PM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > OK thank you very much!
> > I'm getting a little further, but I think I'm running against a problem
> I
> > had/made before. But now I get the following error:
> >
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> > not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding: Received Timestamp does not match the requirements
> >
> > Which doesn't supprise me. Earlier in the development proces I had the
> > problem that I couldn't sign the timestamp. For the outgoing message I'm
> > using the following:
> > 1 Map<String, Object> outProps = new HashMap<String, Object>();
> > 2 outProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.TIMESTAMP
> > + " " + WSHandlerConstants.SIGNATURE);
> > 3 //outProps.put(WSHandlerConstants.ACTION,
> > WSHandlerConstants.SIGNATURE);
> > 4 bindingProvider.getRequestContext().put("password", "xxxxx");
> > 5 outProps.put(WSHandlerConstants.USER, "xxxxxxxxx");
> > 6 outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > "client_sign.properties");
> > 7 outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> > 8 outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{
> > http://www.w3.org/2005/08/addressing}Action;"
> > 9 + "{Element}{
> > http://www.w3.org/2005/08/addressing}MessageID;"
> > 10 + "{Element}{
> > http://www.w3.org/2005/08/addressing}To;"
> > 11 + "{Element}{
> > http://www.w3.org/2005/08/addressing}ReplyTo;"
> > 12 + "Body;"
> > 13 + "{Element}{
> >
> >
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>
> > }Timestamp");
> >
> > 14 WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> > 15 cxfEndpoint.getOutInterceptors().add(wssOut);
> >
> > The third line I commented out and in the wsdl I commented out
> > '<sp:IncludeTimestamp/>' (which is wrong, but I could send a message so
> I
> > was happy at the moment). If I commented out line 2 I get a error that
> the
> > field Timestamp can not be found.
> >
> > Is this the cause of the problem above?
> > I tried to use PolicyBasedWSS4JOutInterceptor instead of
> > WSS4JOutInterceptor, but I don't know how to push the configuration.
> >
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 15:15
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> > can not be satisfied:
> >
> >
> >
> > Ok your configuration is the issue. You are configuring the
> > WSS4JInInterceptor, which is not policy-aware. You need to configure the
> > PolicyBasedWSS4JInInterceptor instead. This is done automatically for
> you
> > if the WSDL has the correct security policy, but the configuration is
> done
> > in a slightly different way.
> >
> > For example, see the following configuration:
> >
> >
> >
>
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
>
> >
> >
> > Colm.
> >
> >
> > On Fri, Aug 2, 2013 at 2:11 PM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > Map<String, Object> inProps = new HashMap<String, Object>();
> > > inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > > "server_sign.properties");
> > > inProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.TIMESTAMP
> > +
> > > " " + WSHandlerConstants.SIGNATURE);
> > > bindingProvider.getResponseContext().put("password", "xxxxx");
> > > inProps.put(WSHandlerConstants.USER,
> > > "cs-bedrijven.procesinfrastructuur.nl");
> > >
> > > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > > cxfEndpoint.getInInterceptors().add(wssIn);
> > >
> > > --- server_sign.properties ---
> > >
> > >
> >
> >
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> > > #org.apache.ws.security.crypto.merlin.keystore.alias=
> > > cs-bedrijven.procesinfrastructuur.nl
> > > org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
> > >
> > > This is how I configure WSS4JInInterceptor. I have no extra config
> files
> > > and I prefer to set all config in the code. When the client works I
> want
> > > to try to get rid of the server_sign.properties, I want to set that
> > > dynamic.
> > >
> > > Ralph
> > >
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 15:04
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > As a sanity check, can I see your CXF client configuration?
> > > PolicyVerificationInInterceptor does run after
> > > PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> > > WSS4JInInterceptor explicilty in your configuration?
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Aug 2, 2013 at 1:26 PM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > Hi Colm,
> > > >
> > > > He doesn't reach the point you asked for. In
> > > > 'org.apache.cxf.ws.policy.AssertionInfoMap.java'
> checkEffectivePolicy
> > he
> > > > doesn't find any validated policy, the ArrayList validated is empty,
> > the
> > > > ArrayList errors contains 50. He throws at line 179 an exception
> (cxf
> > > > 2.7.6).
> > > > This method is called from
> > > > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
> > > handle.
> > > > Line 101 is the line where call is done.
> > > > The variable aim contains:
> > > > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken:false], {
> http://www.w3.org/2007/05/addressing/metadata
> > > > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > > > }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> > > > }Anonymous:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout:false],
> > > > AnonymousResponses=[AnonymousResponses:false,
> > AnonymousResponses:false],
> > > {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding:false], {
> > > http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > > }Addressing:true], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token:false,
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token:false], {
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts=[{
> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts:false], {
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization=[{
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization:false]}
> > > >
> > > > If you need to know something else, let me know!
> > > >
> > > > Ralph
> > > >
> > > >
> > > >
> > > > From:
> > > > Colm O hEigeartaigh <co...@apache.org>
> > > > To:
> > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > Date:
> > > > 02-08-2013 12:57
> > > > Subject:
> > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can not be satisfied:
> > > >
> > > >
> > > >
> > > > Do you have access to a debugger? If so could you put a breakpoint
> in
> > > > PolicyBasedWSS4JInInterceptor in the doResults method and trace the
> > > flow?
> > > > The problem is that some policy is getting unasserted, but I can't
> > > figure
> > > > out which one from the logging.
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Fri, Aug 2, 2013 at 11:53 AM,
> > > > <r....@pantheon-automatisering.nl>wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > This comes from the WSDL as it is given to me. When generated with
> > all
> > > > > three policies enabled, the first is used I believe. I just tried
> to
> > > > > generate with only one enabled. I tried three times (one time for
> > > > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > > > TripleDesRsa15), all the same result as before.
> > > > > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > > > > WS-Addressing - failed to retrieve Message Addressing Properties
> > from
> > > > > context'.
> > > > > Is it possible that I need to add something to avoid this? And if
> > yes
> > > > how
> > > > > do I do that?
> > > > >
> > > > > Ralph
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > From:
> > > > > Colm O hEigeartaigh <co...@apache.org>
> > > > > To:
> > > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > Date:
> > > > > 02-08-2013 12:34
> > > > > Subject:
> > > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can not be satisfied:
> > > > >
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > I'm not sure if this is the cause of the problem, but the
> following
> > > > policy
> > > > > is not valid:
> > > > >
> > > > > <sp:AlgorithmSuite>
> > > > > <wsp:Policy>
> > > > > <sp:Basic128Rsa15/>
> > > > > <sp:Basic256Rsa15/>
> > > > > <sp:TripleDesRsa15/>
> > > > > </wsp:Policy>
> > > > > </sp:AlgorithmSuite>
> > > > >
> > > > > The specification only allows you to specify one of the policies
> > > above.
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > > > <r....@pantheon-automatisering.nl>wrote:
> > > > >
> > > > > > Hi Colm,
> > > > > >
> > > > > > The previous message didn't contain a attachement. But in the
> mean
> > > > time
> > > > > I
> > > > > > managed to get a better log. I will attach it as .txt
> > > > > >
> > > > > >
> > > > > >
> > > > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > > > "users@cxf.apache.org"
> > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can
> > > > > not
> > > > > > be satisfied:
> > > > > > ------------------------------
> > > > > >
> > > > > >
> > > > > >
> > > > > > Could you turn logging to "FINE" + attach the log? That should
> > tell
> > > us
> > > > > the
> > > > > > exact policy validation error(s).
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > > On Thu, Aug 1, 2013 at 9:17 AM,
> > > <r.keegstra@pantheon-automatisering.nl
> > > > > > >wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Because the formatting was crappy an attachement.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > users@cxf.apache.org"
> > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > > can
> > > > > > not
> > > > > > > be satisfied:
> > > > > > > ------------------------------
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > It looks like the service is processing the CXF request
> > correctly,
> > > > but
> > > > > is
> > > > > > > not returning a response that complies with the security
> policy,
> > > and
> > > > > the
> > > > > > > client is throwing an exception. It's impossible to find out
> > > without
> > > > > > seeing
> > > > > > > the security policy though. It should be in the WSDL file
> > > referenced
> > > > > in
> > > > > > the
> > > > > > > log, if you could attach it:
> > > > > > >
> > > > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > > > >
> > > > > > > Colm.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > >wrote:
> > > > > > >
> > > > > > > > Dear Colm,
> > > > > > > >
> > > > > > > > Sorry i didn't see your previous response. Because of my
> great
> > > > > e-mail
> > > > > > > > client (Notus ;) ) I wasn't properly connected to the
> > > mailinglist,
> > > > > > > > apologies for the inconvenience.
> > > > > > > > I don't know how to get the security policy of the service.
> > > > > > > > I added the message I send to the server. (I've removed the
> > > > > > SecurityToken
> > > > > > > > for security reasons).
> > > > > > > > The message I received is the text I copied from the log. I
> > also
> > > > > added
> > > > > > > the
> > > > > > > > logging I get at the moment.
> > > > > > > >
> > > > > > > > Ralph
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > > users@cxf.apache.org"
> > > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > can
> > > > > > > not
> > > > > > > > be satisfied:
> > > > > > > > ------------------------------
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Did you not see my previous response? We need to see the
> > > security
> > > > > > policy
> > > > > > > of
> > > > > > > > the service, the request message + the response message to
> be
> > > able
> > > > > to
> > > > > > > help
> > > > > > > > you.
> > > > > > > >
> > > > > > > > Colm.
> > > > > > > >
> > > > > > > >
> > > > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > > >wrote:
> > > > > > > >
> > > > > > > > > Dear CXF Support,
> > > > > > > > >
> > > > > > > > > First, I am a newbie with CXF. I am writing a CXF client
> to
> > > > > interact
> > > > > > > with
> > > > > > > > > the government. I am able to send a message. But when I
> > > receive
> > > > > the
> > > > > > > > > response my client crashes.
> > > > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using
> > Java
> > > > > 1.6.45.
> > > > > > > If
> > > > > > > > > you need more info, please let me know as I don't exactly
> > know
> > > > > what
> > > > > > > info
> > > > > > > > > you need to help me.
> > > > > > > > > Please help me, I'm stuck.
> > > > > > > > >
> > > > > > > > > Ralph Keegstra
> > > > > > > > >
> > > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > alternatives
> > > > > > can
> > > > > > > > > not be satisfied:
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }AsymmetricBinding
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }InitiatorToken
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }RecipientToken
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout
> > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > {
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedElements
> > > > > > > > > AnonymousResponses
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > at
> > > > > > > > >
> > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > ClientImpl.java:800)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > at
> > > > > > > > >
> > > > >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > at
> > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > at
> org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > )
> > > > > > > > > at
> > > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > at
> > > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > at
> > > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > ClientProxy.java:96)
> > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> Source)
> > > > > > > > > at
> > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > Exception in thread "main"
> > > javax.xml.ws.soap.SOAPFaultException:
> > > > > > These
> > > > > > > > > policy alternatives can not be satisfied:
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }AsymmetricBinding
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }InitiatorToken
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }RecipientToken
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout
> > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > {
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedElements
> > > > > > > > > AnonymousResponses
> > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > JaxWsClientProxy.java:155)
> > > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
> Source)
> > > > > > > > > at
> > > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These
> > > > policy
> > > > > > > > > alternatives can not be satisfied:
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > > }AsymmetricBinding
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }X509Token
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }InitiatorToken
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }RecipientToken
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }Layout
> > > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > > {
> > > > > > >
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > > }OptimizedMimeSerialization
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedParts
> > > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }SignedElements
> > > > > > > > > AnonymousResponses
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > > at
> > > > > > > > >
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > > at
> > > > > > > > >
> > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > > ClientImpl.java:800)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > > HTTPConduit.java:1592)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > > HTTPConduit.java:1490)
> > > > > > > > > at
> > > > > > > > >
> > > > >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > > HTTPConduit.java:1309)
> > > > > > > > > at
> > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > > CachedOutputStream.java:223)
> > > > > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > > AbstractConduit.java:56)
> > > > > > > > > at
> org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > > HTTPConduit.java:622)
> > > > > > > > > at
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > > at
> > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > > at
> > > > > > > >
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > > )
> > > > > > > > > at
> > > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > > at
> > > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > > at
> > > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > > ClientProxy.java:96)
> > > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > > ... 3 more
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Colm O hEigeartaigh
> > > > > > > >
> > > > > > > > Talend Community Coder
> > > > > > > > http://coders.talend.com
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Colm O hEigeartaigh
> > > > > > >
> > > > > > > Talend Community Coder
> > > > > > > http://coders.talend.com
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Hi Colm,
To get my client working with the config I tried a lot of things, but I
did’n succeed so far, the message didn’t get signed. But I have an other
question. Is it possible to set these parameters in Java? I can’t find any
example that sets this runtime.
For our application these settings will be given runtime, so I need to set
them runtime. Is is also posible to set the keystore runtime?
Thanks for your input in advance!
Ralph Keegstra
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
02-08-2013 16:01
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
When you have a WS-SecurityPolicy, you should not use either the
WSS4JOutInterceptor or WSS4JInInterceptor. CXF will take care of all of
the
configuration, providing you supply it with the (e.g) Crypto property
configuration and a CallbackHandler, username, etc. Please take a look at
the link I posted in my last reply - that configuration works for the
client for both outbound + inbound.
Colm.
On Fri, Aug 2, 2013 at 2:51 PM,
<r....@pantheon-automatisering.nl>wrote:
> OK thank you very much!
> I'm getting a little further, but I think I'm running against a problem
I
> had/made before. But now I get the following error:
>
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding: Received Timestamp does not match the requirements
>
> Which doesn't supprise me. Earlier in the development proces I had the
> problem that I couldn't sign the timestamp. For the outgoing message I'm
> using the following:
> 1 Map<String, Object> outProps = new HashMap<String, Object>();
> 2 outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.TIMESTAMP
> + " " + WSHandlerConstants.SIGNATURE);
> 3 //outProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.SIGNATURE);
> 4 bindingProvider.getRequestContext().put("password", "xxxxx");
> 5 outProps.put(WSHandlerConstants.USER, "xxxxxxxxx");
> 6 outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> "client_sign.properties");
> 7 outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> 8 outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{
> http://www.w3.org/2005/08/addressing}Action;"
> 9 + "{Element}{
> http://www.w3.org/2005/08/addressing}MessageID;"
> 10 + "{Element}{
> http://www.w3.org/2005/08/addressing}To;"
> 11 + "{Element}{
> http://www.w3.org/2005/08/addressing}ReplyTo;"
> 12 + "Body;"
> 13 + "{Element}{
>
>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> }Timestamp");
>
> 14 WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> 15 cxfEndpoint.getOutInterceptors().add(wssOut);
>
> The third line I commented out and in the wsdl I commented out
> '<sp:IncludeTimestamp/>' (which is wrong, but I could send a message so
I
> was happy at the moment). If I commented out line 2 I get a error that
the
> field Timestamp can not be found.
>
> Is this the cause of the problem above?
> I tried to use PolicyBasedWSS4JOutInterceptor instead of
> WSS4JOutInterceptor, but I don't know how to push the configuration.
>
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 15:15
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> Ok your configuration is the issue. You are configuring the
> WSS4JInInterceptor, which is not policy-aware. You need to configure the
> PolicyBasedWSS4JInInterceptor instead. This is done automatically for
you
> if the WSDL has the correct security policy, but the configuration is
done
> in a slightly different way.
>
> For example, see the following configuration:
>
>
>
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
>
>
> Colm.
>
>
> On Fri, Aug 2, 2013 at 2:11 PM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > Map<String, Object> inProps = new HashMap<String, Object>();
> > inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > "server_sign.properties");
> > inProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.TIMESTAMP
> +
> > " " + WSHandlerConstants.SIGNATURE);
> > bindingProvider.getResponseContext().put("password", "xxxxx");
> > inProps.put(WSHandlerConstants.USER,
> > "cs-bedrijven.procesinfrastructuur.nl");
> >
> > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > cxfEndpoint.getInInterceptors().add(wssIn);
> >
> > --- server_sign.properties ---
> >
> >
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> > #org.apache.ws.security.crypto.merlin.keystore.alias=
> > cs-bedrijven.procesinfrastructuur.nl
> > org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
> >
> > This is how I configure WSS4JInInterceptor. I have no extra config
files
> > and I prefer to set all config in the code. When the client works I
want
> > to try to get rid of the server_sign.properties, I want to set that
> > dynamic.
> >
> > Ralph
> >
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 15:04
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > can not be satisfied:
> >
> >
> >
> > As a sanity check, can I see your CXF client configuration?
> > PolicyVerificationInInterceptor does run after
> > PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> > WSS4JInInterceptor explicilty in your configuration?
> >
> > Colm.
> >
> >
> > On Fri, Aug 2, 2013 at 1:26 PM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > Hi Colm,
> > >
> > > He doesn't reach the point you asked for. In
> > > 'org.apache.cxf.ws.policy.AssertionInfoMap.java'
checkEffectivePolicy
> he
> > > doesn't find any validated policy, the ArrayList validated is empty,
> the
> > > ArrayList errors contains 50. He throws at line 179 an exception
(cxf
> > > 2.7.6).
> > > This method is called from
> > > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
> > handle.
> > > Line 101 is the line where call is done.
> > > The variable aim contains:
> > > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedElements=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedElements:false], {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }RecipientToken=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }RecipientToken:false], {
http://www.w3.org/2007/05/addressing/metadata
> > > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > > }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> > > }Anonymous:false], {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout:false],
> > > AnonymousResponses=[AnonymousResponses:false,
> AnonymousResponses:false],
> > {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding:false], {
> > http://www.w3.org/2007/02/addressing/metadata
> > > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > }Addressing:true], {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }InitiatorToken=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }InitiatorToken:false], {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}X509Token=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token:false,
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token:false], {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts:false], {
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization=[{
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization:false]}
> > >
> > > If you need to know something else, let me know!
> > >
> > > Ralph
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 12:57
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > Do you have access to a debugger? If so could you put a breakpoint
in
> > > PolicyBasedWSS4JInInterceptor in the doResults method and trace the
> > flow?
> > > The problem is that some policy is getting unasserted, but I can't
> > figure
> > > out which one from the logging.
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Aug 2, 2013 at 11:53 AM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > Hi,
> > > >
> > > > This comes from the WSDL as it is given to me. When generated with
> all
> > > > three policies enabled, the first is used I believe. I just tried
to
> > > > generate with only one enabled. I tried three times (one time for
> > > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > > TripleDesRsa15), all the same result as before.
> > > > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > > > WS-Addressing - failed to retrieve Message Addressing Properties
> from
> > > > context'.
> > > > Is it possible that I need to add something to avoid this? And if
> yes
> > > how
> > > > do I do that?
> > > >
> > > > Ralph
> > > >
> > > >
> > > >
> > > >
> > > > From:
> > > > Colm O hEigeartaigh <co...@apache.org>
> > > > To:
> > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > Date:
> > > > 02-08-2013 12:34
> > > > Subject:
> > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can not be satisfied:
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I'm not sure if this is the cause of the problem, but the
following
> > > policy
> > > > is not valid:
> > > >
> > > > <sp:AlgorithmSuite>
> > > > <wsp:Policy>
> > > > <sp:Basic128Rsa15/>
> > > > <sp:Basic256Rsa15/>
> > > > <sp:TripleDesRsa15/>
> > > > </wsp:Policy>
> > > > </sp:AlgorithmSuite>
> > > >
> > > > The specification only allows you to specify one of the policies
> > above.
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > > <r....@pantheon-automatisering.nl>wrote:
> > > >
> > > > > Hi Colm,
> > > > >
> > > > > The previous message didn't contain a attachement. But in the
mean
> > > time
> > > > I
> > > > > managed to get a better log. I will attach it as .txt
> > > > >
> > > > >
> > > > >
> > > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > > "users@cxf.apache.org"
> > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can
> > > > not
> > > > > be satisfied:
> > > > > ------------------------------
> > > > >
> > > > >
> > > > >
> > > > > Could you turn logging to "FINE" + attach the log? That should
> tell
> > us
> > > > the
> > > > > exact policy validation error(s).
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Thu, Aug 1, 2013 at 9:17 AM,
> > <r.keegstra@pantheon-automatisering.nl
> > > > > >wrote:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > Because the formatting was crappy an attachement.
> > > > > >
> > > > > >
> > > > > >
> > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > users@cxf.apache.org"
> > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can
> > > > > not
> > > > > > be satisfied:
> > > > > > ------------------------------
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > It looks like the service is processing the CXF request
> correctly,
> > > but
> > > > is
> > > > > > not returning a response that complies with the security
policy,
> > and
> > > > the
> > > > > > client is throwing an exception. It's impossible to find out
> > without
> > > > > seeing
> > > > > > the security policy though. It should be in the WSDL file
> > referenced
> > > > in
> > > > > the
> > > > > > log, if you could attach it:
> > > > > >
> > > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > > <r.keegstra@pantheon-automatisering.nl
> > > > > > >wrote:
> > > > > >
> > > > > > > Dear Colm,
> > > > > > >
> > > > > > > Sorry i didn't see your previous response. Because of my
great
> > > > e-mail
> > > > > > > client (Notus ;) ) I wasn't properly connected to the
> > mailinglist,
> > > > > > > apologies for the inconvenience.
> > > > > > > I don't know how to get the security policy of the service.
> > > > > > > I added the message I send to the server. (I've removed the
> > > > > SecurityToken
> > > > > > > for security reasons).
> > > > > > > The message I received is the text I copied from the log. I
> also
> > > > added
> > > > > > the
> > > > > > > logging I get at the moment.
> > > > > > >
> > > > > > > Ralph
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > users@cxf.apache.org"
> > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > can
> > > > > > not
> > > > > > > be satisfied:
> > > > > > > ------------------------------
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Did you not see my previous response? We need to see the
> > security
> > > > > policy
> > > > > > of
> > > > > > > the service, the request message + the response message to
be
> > able
> > > > to
> > > > > > help
> > > > > > > you.
> > > > > > >
> > > > > > > Colm.
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > >wrote:
> > > > > > >
> > > > > > > > Dear CXF Support,
> > > > > > > >
> > > > > > > > First, I am a newbie with CXF. I am writing a CXF client
to
> > > > interact
> > > > > > with
> > > > > > > > the government. I am able to send a message. But when I
> > receive
> > > > the
> > > > > > > > response my client crashes.
> > > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using
> Java
> > > > 1.6.45.
> > > > > > If
> > > > > > > > you need more info, please let me know as I don't exactly
> know
> > > > what
> > > > > > info
> > > > > > > > you need to help me.
> > > > > > > > Please help me, I'm stuck.
> > > > > > > >
> > > > > > > > Ralph Keegstra
> > > > > > > >
> > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > can
> > > > > > > > not be satisfied:
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }AsymmetricBinding
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }InitiatorToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }RecipientToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }Layout
> > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > {
> > > > > >
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > }OptimizedMimeSerialization
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedParts
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedElements
> > > > > > > > AnonymousResponses
> > > > > > > > at
> > > > > > >
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > at
> > > > > > > >
> > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > at
> > > > > > > >
> > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > at
> > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > ClientImpl.java:800)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > HTTPConduit.java:1592)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > HTTPConduit.java:1490)
> > > > > > > > at
> > > > > > > >
> > > >
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > HTTPConduit.java:1309)
> > > > > > > > at
> > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > CachedOutputStream.java:223)
> > > > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > AbstractConduit.java:56)
> > > > > > > > at
org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > HTTPConduit.java:622)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > at
> > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > at
> > > > > > >
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > )
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > ClientProxy.java:96)
> > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
Source)
> > > > > > > > at
> > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > at
> > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > Exception in thread "main"
> > javax.xml.ws.soap.SOAPFaultException:
> > > > > These
> > > > > > > > policy alternatives can not be satisfied:
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }AsymmetricBinding
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }InitiatorToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }RecipientToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }Layout
> > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > {
> > > > > >
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > }OptimizedMimeSerialization
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedParts
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedElements
> > > > > > > > AnonymousResponses
> > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > JaxWsClientProxy.java:155)
> > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown
Source)
> > > > > > > > at
> > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > at
> > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These
> > > policy
> > > > > > > > alternatives can not be satisfied:
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }AsymmetricBinding
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }InitiatorToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }RecipientToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }Layout
> > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > {
> > > > > >
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > }OptimizedMimeSerialization
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedParts
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedElements
> > > > > > > > AnonymousResponses
> > > > > > > > at
> > > > > > >
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > at
> > > > > > > >
> > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > at
> > > > > > > >
> > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > at
> > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > ClientImpl.java:800)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > HTTPConduit.java:1592)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > HTTPConduit.java:1490)
> > > > > > > > at
> > > > > > > >
> > > >
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > HTTPConduit.java:1309)
> > > > > > > > at
> > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > CachedOutputStream.java:223)
> > > > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > AbstractConduit.java:56)
> > > > > > > > at
org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > HTTPConduit.java:622)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > at
> > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > at
> > > > > > >
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > )
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > ClientProxy.java:96)
> > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > ... 3 more
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Colm O hEigeartaigh
> > > > > > >
> > > > > > > Talend Community Coder
> > > > > > > http://coders.talend.com
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
When you have a WS-SecurityPolicy, you should not use either the
WSS4JOutInterceptor or WSS4JInInterceptor. CXF will take care of all of the
configuration, providing you supply it with the (e.g) Crypto property
configuration and a CallbackHandler, username, etc. Please take a look at
the link I posted in my last reply - that configuration works for the
client for both outbound + inbound.
Colm.
On Fri, Aug 2, 2013 at 2:51 PM, <r....@pantheon-automatisering.nl>wrote:
> OK thank you very much!
> I'm getting a little further, but I think I'm running against a problem I
> had/made before. But now I get the following error:
>
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding: Received Timestamp does not match the requirements
>
> Which doesn't supprise me. Earlier in the development proces I had the
> problem that I couldn't sign the timestamp. For the outgoing message I'm
> using the following:
> 1 Map<String, Object> outProps = new HashMap<String, Object>();
> 2 outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
> + " " + WSHandlerConstants.SIGNATURE);
> 3 //outProps.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.SIGNATURE);
> 4 bindingProvider.getRequestContext().put("password", "xxxxx");
> 5 outProps.put(WSHandlerConstants.USER, "xxxxxxxxx");
> 6 outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> "client_sign.properties");
> 7 outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> 8 outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{
> http://www.w3.org/2005/08/addressing}Action;"
> 9 + "{Element}{
> http://www.w3.org/2005/08/addressing}MessageID;"
> 10 + "{Element}{
> http://www.w3.org/2005/08/addressing}To;"
> 11 + "{Element}{
> http://www.w3.org/2005/08/addressing}ReplyTo;"
> 12 + "Body;"
> 13 + "{Element}{
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> }Timestamp");
>
> 14 WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> 15 cxfEndpoint.getOutInterceptors().add(wssOut);
>
> The third line I commented out and in the wsdl I commented out
> '<sp:IncludeTimestamp/>' (which is wrong, but I could send a message so I
> was happy at the moment). If I commented out line 2 I get a error that the
> field Timestamp can not be found.
>
> Is this the cause of the problem above?
> I tried to use PolicyBasedWSS4JOutInterceptor instead of
> WSS4JOutInterceptor, but I don't know how to push the configuration.
>
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 15:15
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> Ok your configuration is the issue. You are configuring the
> WSS4JInInterceptor, which is not policy-aware. You need to configure the
> PolicyBasedWSS4JInInterceptor instead. This is done automatically for you
> if the WSDL has the correct security policy, but the configuration is done
> in a slightly different way.
>
> For example, see the following configuration:
>
>
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
>
>
> Colm.
>
>
> On Fri, Aug 2, 2013 at 2:11 PM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > Map<String, Object> inProps = new HashMap<String, Object>();
> > inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > "server_sign.properties");
> > inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
> +
> > " " + WSHandlerConstants.SIGNATURE);
> > bindingProvider.getResponseContext().put("password", "xxxxx");
> > inProps.put(WSHandlerConstants.USER,
> > "cs-bedrijven.procesinfrastructuur.nl");
> >
> > WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> > cxfEndpoint.getInInterceptors().add(wssIn);
> >
> > --- server_sign.properties ---
> >
> >
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> > #org.apache.ws.security.crypto.merlin.keystore.alias=
> > cs-bedrijven.procesinfrastructuur.nl
> > org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
> >
> > This is how I configure WSS4JInInterceptor. I have no extra config files
> > and I prefer to set all config in the code. When the client works I want
> > to try to get rid of the server_sign.properties, I want to set that
> > dynamic.
> >
> > Ralph
> >
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 15:04
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> > can not be satisfied:
> >
> >
> >
> > As a sanity check, can I see your CXF client configuration?
> > PolicyVerificationInInterceptor does run after
> > PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> > WSS4JInInterceptor explicilty in your configuration?
> >
> > Colm.
> >
> >
> > On Fri, Aug 2, 2013 at 1:26 PM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > Hi Colm,
> > >
> > > He doesn't reach the point you asked for. In
> > > 'org.apache.cxf.ws.policy.AssertionInfoMap.java' checkEffectivePolicy
> he
> > > doesn't find any validated policy, the ArrayList validated is empty,
> the
> > > ArrayList errors contains 50. He throws at line 179 an exception (cxf
> > > 2.7.6).
> > > This method is called from
> > > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
> > handle.
> > > Line 101 is the line where call is done.
> > > The variable aim contains:
> > > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedElements=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedElements:false], {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }RecipientToken=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }RecipientToken:false], {http://www.w3.org/2007/05/addressing/metadata
> > > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > > }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> > > }Anonymous:false], {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout:false],
> > > AnonymousResponses=[AnonymousResponses:false,
> AnonymousResponses:false],
> > {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding:false], {
> > http://www.w3.org/2007/02/addressing/metadata
> > > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > > }Addressing:true], {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }InitiatorToken=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }InitiatorToken:false], {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token:false,
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token:false], {
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts=[{
> > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts:false], {
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization=[{
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization:false]}
> > >
> > > If you need to know something else, let me know!
> > >
> > > Ralph
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 12:57
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > Do you have access to a debugger? If so could you put a breakpoint in
> > > PolicyBasedWSS4JInInterceptor in the doResults method and trace the
> > flow?
> > > The problem is that some policy is getting unasserted, but I can't
> > figure
> > > out which one from the logging.
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Aug 2, 2013 at 11:53 AM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > Hi,
> > > >
> > > > This comes from the WSDL as it is given to me. When generated with
> all
> > > > three policies enabled, the first is used I believe. I just tried to
> > > > generate with only one enabled. I tried three times (one time for
> > > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > > TripleDesRsa15), all the same result as before.
> > > > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > > > WS-Addressing - failed to retrieve Message Addressing Properties
> from
> > > > context'.
> > > > Is it possible that I need to add something to avoid this? And if
> yes
> > > how
> > > > do I do that?
> > > >
> > > > Ralph
> > > >
> > > >
> > > >
> > > >
> > > > From:
> > > > Colm O hEigeartaigh <co...@apache.org>
> > > > To:
> > > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > Date:
> > > > 02-08-2013 12:34
> > > > Subject:
> > > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can not be satisfied:
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I'm not sure if this is the cause of the problem, but the following
> > > policy
> > > > is not valid:
> > > >
> > > > <sp:AlgorithmSuite>
> > > > <wsp:Policy>
> > > > <sp:Basic128Rsa15/>
> > > > <sp:Basic256Rsa15/>
> > > > <sp:TripleDesRsa15/>
> > > > </wsp:Policy>
> > > > </sp:AlgorithmSuite>
> > > >
> > > > The specification only allows you to specify one of the policies
> > above.
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > > <r....@pantheon-automatisering.nl>wrote:
> > > >
> > > > > Hi Colm,
> > > > >
> > > > > The previous message didn't contain a attachement. But in the mean
> > > time
> > > > I
> > > > > managed to get a better log. I will attach it as .txt
> > > > >
> > > > >
> > > > >
> > > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > > "users@cxf.apache.org"
> > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can
> > > > not
> > > > > be satisfied:
> > > > > ------------------------------
> > > > >
> > > > >
> > > > >
> > > > > Could you turn logging to "FINE" + attach the log? That should
> tell
> > us
> > > > the
> > > > > exact policy validation error(s).
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Thu, Aug 1, 2013 at 9:17 AM,
> > <r.keegstra@pantheon-automatisering.nl
> > > > > >wrote:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > Because the formatting was crappy an attachement.
> > > > > >
> > > > > >
> > > > > >
> > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > users@cxf.apache.org"
> > > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > > can
> > > > > not
> > > > > > be satisfied:
> > > > > > ------------------------------
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > It looks like the service is processing the CXF request
> correctly,
> > > but
> > > > is
> > > > > > not returning a response that complies with the security policy,
> > and
> > > > the
> > > > > > client is throwing an exception. It's impossible to find out
> > without
> > > > > seeing
> > > > > > the security policy though. It should be in the WSDL file
> > referenced
> > > > in
> > > > > the
> > > > > > log, if you could attach it:
> > > > > >
> > > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > > <r.keegstra@pantheon-automatisering.nl
> > > > > > >wrote:
> > > > > >
> > > > > > > Dear Colm,
> > > > > > >
> > > > > > > Sorry i didn't see your previous response. Because of my great
> > > > e-mail
> > > > > > > client (Notus ;) ) I wasn't properly connected to the
> > mailinglist,
> > > > > > > apologies for the inconvenience.
> > > > > > > I don't know how to get the security policy of the service.
> > > > > > > I added the message I send to the server. (I've removed the
> > > > > SecurityToken
> > > > > > > for security reasons).
> > > > > > > The message I received is the text I copied from the log. I
> also
> > > > added
> > > > > > the
> > > > > > > logging I get at the moment.
> > > > > > >
> > > > > > > Ralph
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > > users@cxf.apache.org"
> > > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > can
> > > > > > not
> > > > > > > be satisfied:
> > > > > > > ------------------------------
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Did you not see my previous response? We need to see the
> > security
> > > > > policy
> > > > > > of
> > > > > > > the service, the request message + the response message to be
> > able
> > > > to
> > > > > > help
> > > > > > > you.
> > > > > > >
> > > > > > > Colm.
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > > <r.keegstra@pantheon-automatisering.nl
> > > > > > > >wrote:
> > > > > > >
> > > > > > > > Dear CXF Support,
> > > > > > > >
> > > > > > > > First, I am a newbie with CXF. I am writing a CXF client to
> > > > interact
> > > > > > with
> > > > > > > > the government. I am able to send a message. But when I
> > receive
> > > > the
> > > > > > > > response my client crashes.
> > > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using
> Java
> > > > 1.6.45.
> > > > > > If
> > > > > > > > you need more info, please let me know as I don't exactly
> know
> > > > what
> > > > > > info
> > > > > > > > you need to help me.
> > > > > > > > Please help me, I'm stuck.
> > > > > > > >
> > > > > > > > Ralph Keegstra
> > > > > > > >
> > > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives
> > > > > can
> > > > > > > > not be satisfied:
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }AsymmetricBinding
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }InitiatorToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }RecipientToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }Layout
> > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > {
> > > > > >
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > }OptimizedMimeSerialization
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedParts
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedElements
> > > > > > > > AnonymousResponses
> > > > > > > > at
> > > > > > >
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > at
> > > > > > > >
> > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > at
> > > > > > > >
> > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > at
> > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > ClientImpl.java:800)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > HTTPConduit.java:1592)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > HTTPConduit.java:1490)
> > > > > > > > at
> > > > > > > >
> > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > HTTPConduit.java:1309)
> > > > > > > > at
> > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > CachedOutputStream.java:223)
> > > > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > AbstractConduit.java:56)
> > > > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > HTTPConduit.java:622)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > at
> > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > at
> > > > > > >
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > )
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > ClientProxy.java:96)
> > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > > > at
> > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > at
> > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > Exception in thread "main"
> > javax.xml.ws.soap.SOAPFaultException:
> > > > > These
> > > > > > > > policy alternatives can not be satisfied:
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }AsymmetricBinding
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }InitiatorToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }RecipientToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }Layout
> > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > {
> > > > > >
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > }OptimizedMimeSerialization
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedParts
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedElements
> > > > > > > > AnonymousResponses
> > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > JaxWsClientProxy.java:155)
> > > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > > > at
> > > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > > at
> > nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These
> > > policy
> > > > > > > > alternatives can not be satisfied:
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > > }AsymmetricBinding
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }X509Token
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }InitiatorToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }RecipientToken
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }Layout
> > > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > > {
> > > > > >
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > > }OptimizedMimeSerialization
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedParts
> > > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }SignedElements
> > > > > > > > AnonymousResponses
> > > > > > > > at
> > > > > > >
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > > AssertionInfoMap.java:179)
> > > > > > > > at
> > > > > > > >
> > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > > at
> > > > > > > >
> > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > > at
> > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > > ClientImpl.java:800)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > > HTTPConduit.java:1592)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > > HTTPConduit.java:1490)
> > > > > > > > at
> > > > > > > >
> > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > > HTTPConduit.java:1309)
> > > > > > > > at
> > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > > CachedOutputStream.java:223)
> > > > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > > AbstractConduit.java:56)
> > > > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > > HTTPConduit.java:622)
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > > at
> > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > > at
> > > > > > >
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > > )
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > > ClientProxy.java:96)
> > > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > > JaxWsClientProxy.java:133)
> > > > > > > > ... 3 more
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Colm O hEigeartaigh
> > > > > > >
> > > > > > > Talend Community Coder
> > > > > > > http://coders.talend.com
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
OK thank you very much!
I'm getting a little further, but I think I'm running against a problem I
had/made before. But now I get the following error:
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}AsymmetricBinding: Received Timestamp does not match the requirements
Which doesn't supprise me. Earlier in the development proces I had the
problem that I couldn't sign the timestamp. For the outgoing message I'm
using the following:
1 Map<String, Object> outProps = new HashMap<String, Object>();
2 outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
+ " " + WSHandlerConstants.SIGNATURE);
3 //outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.SIGNATURE);
4 bindingProvider.getRequestContext().put("password", "xxxxx");
5 outProps.put(WSHandlerConstants.USER, "xxxxxxxxx");
6 outProps.put(WSHandlerConstants.SIG_PROP_FILE,
"client_sign.properties");
7 outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
8 outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{
http://www.w3.org/2005/08/addressing}Action;"
9 + "{Element}{
http://www.w3.org/2005/08/addressing}MessageID;"
10 + "{Element}{
http://www.w3.org/2005/08/addressing}To;"
11 + "{Element}{
http://www.w3.org/2005/08/addressing}ReplyTo;"
12 + "Body;"
13 + "{Element}{
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
}Timestamp");
14 WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
15 cxfEndpoint.getOutInterceptors().add(wssOut);
The third line I commented out and in the wsdl I commented out
'<sp:IncludeTimestamp/>' (which is wrong, but I could send a message so I
was happy at the moment). If I commented out line 2 I get a error that the
field Timestamp can not be found.
Is this the cause of the problem above?
I tried to use PolicyBasedWSS4JOutInterceptor instead of
WSS4JOutInterceptor, but I don't know how to push the configuration.
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
02-08-2013 15:15
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
Ok your configuration is the issue. You are configuring the
WSS4JInInterceptor, which is not policy-aware. You need to configure the
PolicyBasedWSS4JInInterceptor instead. This is done automatically for you
if the WSDL has the correct security policy, but the configuration is done
in a slightly different way.
For example, see the following configuration:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
Colm.
On Fri, Aug 2, 2013 at 2:11 PM,
<r....@pantheon-automatisering.nl>wrote:
> Map<String, Object> inProps = new HashMap<String, Object>();
> inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> "server_sign.properties");
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
+
> " " + WSHandlerConstants.SIGNATURE);
> bindingProvider.getResponseContext().put("password", "xxxxx");
> inProps.put(WSHandlerConstants.USER,
> "cs-bedrijven.procesinfrastructuur.nl");
>
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> cxfEndpoint.getInInterceptors().add(wssIn);
>
> --- server_sign.properties ---
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> #org.apache.ws.security.crypto.merlin.keystore.alias=
> cs-bedrijven.procesinfrastructuur.nl
> org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
>
> This is how I configure WSS4JInInterceptor. I have no extra config files
> and I prefer to set all config in the code. When the client works I want
> to try to get rid of the server_sign.properties, I want to set that
> dynamic.
>
> Ralph
>
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 15:04
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> As a sanity check, can I see your CXF client configuration?
> PolicyVerificationInInterceptor does run after
> PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> WSS4JInInterceptor explicilty in your configuration?
>
> Colm.
>
>
> On Fri, Aug 2, 2013 at 1:26 PM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > Hi Colm,
> >
> > He doesn't reach the point you asked for. In
> > 'org.apache.cxf.ws.policy.AssertionInfoMap.java' checkEffectivePolicy
he
> > doesn't find any validated policy, the ArrayList validated is empty,
the
> > ArrayList errors contains 50. He throws at line 179 an exception (cxf
> > 2.7.6).
> > This method is called from
> > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
> handle.
> > Line 101 is the line where call is done.
> > The variable aim contains:
> > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements:false], {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken:false], {http://www.w3.org/2007/05/addressing/metadata
> > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> > }Anonymous:false], {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}Layout:false],
> > AnonymousResponses=[AnonymousResponses:false,
AnonymousResponses:false],
> {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding:false], {
> http://www.w3.org/2007/02/addressing/metadata
> > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > }Addressing:true], {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken:false], {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token:false,
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token:false], {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedParts=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts:false], {
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization=[{
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization:false]}
> >
> > If you need to know something else, let me know!
> >
> > Ralph
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 12:57
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > can not be satisfied:
> >
> >
> >
> > Do you have access to a debugger? If so could you put a breakpoint in
> > PolicyBasedWSS4JInInterceptor in the doResults method and trace the
> flow?
> > The problem is that some policy is getting unasserted, but I can't
> figure
> > out which one from the logging.
> >
> > Colm.
> >
> >
> > On Fri, Aug 2, 2013 at 11:53 AM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > Hi,
> > >
> > > This comes from the WSDL as it is given to me. When generated with
all
> > > three policies enabled, the first is used I believe. I just tried to
> > > generate with only one enabled. I tried three times (one time for
> > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > TripleDesRsa15), all the same result as before.
> > > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > > WS-Addressing - failed to retrieve Message Addressing Properties
from
> > > context'.
> > > Is it possible that I need to add something to avoid this? And if
yes
> > how
> > > do I do that?
> > >
> > > Ralph
> > >
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 12:34
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > Hi,
> > >
> > > I'm not sure if this is the cause of the problem, but the following
> > policy
> > > is not valid:
> > >
> > > <sp:AlgorithmSuite>
> > > <wsp:Policy>
> > > <sp:Basic128Rsa15/>
> > > <sp:Basic256Rsa15/>
> > > <sp:TripleDesRsa15/>
> > > </wsp:Policy>
> > > </sp:AlgorithmSuite>
> > >
> > > The specification only allows you to specify one of the policies
> above.
> > >
> > > Colm.
> > >
> > >
> > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > Hi Colm,
> > > >
> > > > The previous message didn't contain a attachement. But in the mean
> > time
> > > I
> > > > managed to get a better log. I will attach it as .txt
> > > >
> > > >
> > > >
> > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > "users@cxf.apache.org"
> > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > can
> > > not
> > > > be satisfied:
> > > > ------------------------------
> > > >
> > > >
> > > >
> > > > Could you turn logging to "FINE" + attach the log? That should
tell
> us
> > > the
> > > > exact policy validation error(s).
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Thu, Aug 1, 2013 at 9:17 AM,
> <r.keegstra@pantheon-automatisering.nl
> > > > >wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > Because the formatting was crappy an attachement.
> > > > >
> > > > >
> > > > >
> > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > users@cxf.apache.org"
> > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can
> > > > not
> > > > > be satisfied:
> > > > > ------------------------------
> > > > >
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > It looks like the service is processing the CXF request
correctly,
> > but
> > > is
> > > > > not returning a response that complies with the security policy,
> and
> > > the
> > > > > client is throwing an exception. It's impossible to find out
> without
> > > > seeing
> > > > > the security policy though. It should be in the WSDL file
> referenced
> > > in
> > > > the
> > > > > log, if you could attach it:
> > > > >
> > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > >
> > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > <r.keegstra@pantheon-automatisering.nl
> > > > > >wrote:
> > > > >
> > > > > > Dear Colm,
> > > > > >
> > > > > > Sorry i didn't see your previous response. Because of my great
> > > e-mail
> > > > > > client (Notus ;) ) I wasn't properly connected to the
> mailinglist,
> > > > > > apologies for the inconvenience.
> > > > > > I don't know how to get the security policy of the service.
> > > > > > I added the message I send to the server. (I've removed the
> > > > SecurityToken
> > > > > > for security reasons).
> > > > > > The message I received is the text I copied from the log. I
also
> > > added
> > > > > the
> > > > > > logging I get at the moment.
> > > > > >
> > > > > > Ralph
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > users@cxf.apache.org"
> > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > can
> > > > > not
> > > > > > be satisfied:
> > > > > > ------------------------------
> > > > > >
> > > > > >
> > > > > >
> > > > > > Did you not see my previous response? We need to see the
> security
> > > > policy
> > > > > of
> > > > > > the service, the request message + the response message to be
> able
> > > to
> > > > > help
> > > > > > you.
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > <r.keegstra@pantheon-automatisering.nl
> > > > > > >wrote:
> > > > > >
> > > > > > > Dear CXF Support,
> > > > > > >
> > > > > > > First, I am a newbie with CXF. I am writing a CXF client to
> > > interact
> > > > > with
> > > > > > > the government. I am able to send a message. But when I
> receive
> > > the
> > > > > > > response my client crashes.
> > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using
Java
> > > 1.6.45.
> > > > > If
> > > > > > > you need more info, please let me know as I don't exactly
know
> > > what
> > > > > info
> > > > > > > you need to help me.
> > > > > > > Please help me, I'm stuck.
> > > > > > >
> > > > > > > Ralph Keegstra
> > > > > > >
> > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > can
> > > > > > > not be satisfied:
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }AsymmetricBinding
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }InitiatorToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }RecipientToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout
> > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > {
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > }OptimizedMimeSerialization
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedElements
> > > > > > > AnonymousResponses
> > > > > > > at
> > > > > >
org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > AssertionInfoMap.java:179)
> > > > > > > at
> > > > > > >
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > at
> > > > > > >
> > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > ClientImpl.java:800)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > HTTPConduit.java:1592)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > HTTPConduit.java:1490)
> > > > > > > at
> > > > > > >
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > HTTPConduit.java:1309)
> > > > > > > at
> > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > CachedOutputStream.java:223)
> > > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > AbstractConduit.java:56)
> > > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > HTTPConduit.java:622)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > at
> > > > > >
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > )
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > ClientProxy.java:96)
> > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > JaxWsClientProxy.java:133)
> > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > > at
> > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > at
> nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > Exception in thread "main"
> javax.xml.ws.soap.SOAPFaultException:
> > > > These
> > > > > > > policy alternatives can not be satisfied:
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }AsymmetricBinding
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }InitiatorToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }RecipientToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout
> > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > {
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > }OptimizedMimeSerialization
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedElements
> > > > > > > AnonymousResponses
> > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > JaxWsClientProxy.java:155)
> > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > > at
> > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > at
> nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These
> > policy
> > > > > > > alternatives can not be satisfied:
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }AsymmetricBinding
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }InitiatorToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }RecipientToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout
> > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > {
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > }OptimizedMimeSerialization
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedElements
> > > > > > > AnonymousResponses
> > > > > > > at
> > > > > >
org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > AssertionInfoMap.java:179)
> > > > > > > at
> > > > > > >
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > at
> > > > > > >
> > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > ClientImpl.java:800)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > HTTPConduit.java:1592)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > HTTPConduit.java:1490)
> > > > > > > at
> > > > > > >
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > HTTPConduit.java:1309)
> > > > > > > at
> > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > CachedOutputStream.java:223)
> > > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > AbstractConduit.java:56)
> > > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > HTTPConduit.java:622)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > at
> > > > > >
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > )
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > ClientProxy.java:96)
> > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > JaxWsClientProxy.java:133)
> > > > > > > ... 3 more
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
Ok your configuration is the issue. You are configuring the
WSS4JInInterceptor, which is not policy-aware. You need to configure the
PolicyBasedWSS4JInInterceptor instead. This is done automatically for you
if the WSDL has the correct security policy, but the configuration is done
in a slightly different way.
For example, see the following configuration:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client.xml?view=markup
Colm.
On Fri, Aug 2, 2013 at 2:11 PM, <r....@pantheon-automatisering.nl>wrote:
> Map<String, Object> inProps = new HashMap<String, Object>();
> inProps.put(WSHandlerConstants.SIG_PROP_FILE,
> "server_sign.properties");
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP +
> " " + WSHandlerConstants.SIGNATURE);
> bindingProvider.getResponseContext().put("password", "xxxxx");
> inProps.put(WSHandlerConstants.USER,
> "cs-bedrijven.procesinfrastructuur.nl");
>
> WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
> cxfEndpoint.getInInterceptors().add(wssIn);
>
> --- server_sign.properties ---
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
> #org.apache.ws.security.crypto.merlin.keystore.alias=
> cs-bedrijven.procesinfrastructuur.nl
> org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
>
> This is how I configure WSS4JInInterceptor. I have no extra config files
> and I prefer to set all config in the code. When the client works I want
> to try to get rid of the server_sign.properties, I want to set that
> dynamic.
>
> Ralph
>
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 15:04
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> As a sanity check, can I see your CXF client configuration?
> PolicyVerificationInInterceptor does run after
> PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
> WSS4JInInterceptor explicilty in your configuration?
>
> Colm.
>
>
> On Fri, Aug 2, 2013 at 1:26 PM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > Hi Colm,
> >
> > He doesn't reach the point you asked for. In
> > 'org.apache.cxf.ws.policy.AssertionInfoMap.java' checkEffectivePolicy he
> > doesn't find any validated policy, the ArrayList validated is empty, the
> > ArrayList errors contains 50. He throws at line 179 an exception (cxf
> > 2.7.6).
> > This method is called from
> > 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
> handle.
> > Line 101 is the line where call is done.
> > The variable aim contains:
> > {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements:false], {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken:false], {http://www.w3.org/2007/05/addressing/metadata
> > }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> > }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> > }Anonymous:false], {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout:false],
> > AnonymousResponses=[AnonymousResponses:false, AnonymousResponses:false],
> {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding:false], {
> http://www.w3.org/2007/02/addressing/metadata
> > }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> > }Addressing:true], {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken:false], {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token:false,
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token:false], {
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts=[{
> > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts:false], {
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization=[{
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization:false]}
> >
> > If you need to know something else, let me know!
> >
> > Ralph
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 12:57
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> > can not be satisfied:
> >
> >
> >
> > Do you have access to a debugger? If so could you put a breakpoint in
> > PolicyBasedWSS4JInInterceptor in the doResults method and trace the
> flow?
> > The problem is that some policy is getting unasserted, but I can't
> figure
> > out which one from the logging.
> >
> > Colm.
> >
> >
> > On Fri, Aug 2, 2013 at 11:53 AM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > Hi,
> > >
> > > This comes from the WSDL as it is given to me. When generated with all
> > > three policies enabled, the first is used I believe. I just tried to
> > > generate with only one enabled. I tried three times (one time for
> > > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > > TripleDesRsa15), all the same result as before.
> > > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > > WS-Addressing - failed to retrieve Message Addressing Properties from
> > > context'.
> > > Is it possible that I need to add something to avoid this? And if yes
> > how
> > > do I do that?
> > >
> > > Ralph
> > >
> > >
> > >
> > >
> > > From:
> > > Colm O hEigeartaigh <co...@apache.org>
> > > To:
> > > "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Date:
> > > 02-08-2013 12:34
> > > Subject:
> > > Re: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can not be satisfied:
> > >
> > >
> > >
> > > Hi,
> > >
> > > I'm not sure if this is the cause of the problem, but the following
> > policy
> > > is not valid:
> > >
> > > <sp:AlgorithmSuite>
> > > <wsp:Policy>
> > > <sp:Basic128Rsa15/>
> > > <sp:Basic256Rsa15/>
> > > <sp:TripleDesRsa15/>
> > > </wsp:Policy>
> > > </sp:AlgorithmSuite>
> > >
> > > The specification only allows you to specify one of the policies
> above.
> > >
> > > Colm.
> > >
> > >
> > > On Thu, Aug 1, 2013 at 3:44 PM,
> > > <r....@pantheon-automatisering.nl>wrote:
> > >
> > > > Hi Colm,
> > > >
> > > > The previous message didn't contain a attachement. But in the mean
> > time
> > > I
> > > > managed to get a better log. I will attach it as .txt
> > > >
> > > >
> > > >
> > > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > > "users@cxf.apache.org"
> > > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> > can
> > > not
> > > > be satisfied:
> > > > ------------------------------
> > > >
> > > >
> > > >
> > > > Could you turn logging to "FINE" + attach the log? That should tell
> us
> > > the
> > > > exact policy validation error(s).
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Thu, Aug 1, 2013 at 9:17 AM,
> <r.keegstra@pantheon-automatisering.nl
> > > > >wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > Because the formatting was crappy an attachement.
> > > > >
> > > > >
> > > > >
> > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > users@cxf.apache.org"
> > > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > > can
> > > > not
> > > > > be satisfied:
> > > > > ------------------------------
> > > > >
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > It looks like the service is processing the CXF request correctly,
> > but
> > > is
> > > > > not returning a response that complies with the security policy,
> and
> > > the
> > > > > client is throwing an exception. It's impossible to find out
> without
> > > > seeing
> > > > > the security policy though. It should be in the WSDL file
> referenced
> > > in
> > > > the
> > > > > log, if you could attach it:
> > > > >
> > > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > > Bedrijven_v1.2_preprod.wsdl"
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > >
> > > > > On Thu, Aug 1, 2013 at 8:53 AM,
> > <r.keegstra@pantheon-automatisering.nl
> > > > > >wrote:
> > > > >
> > > > > > Dear Colm,
> > > > > >
> > > > > > Sorry i didn't see your previous response. Because of my great
> > > e-mail
> > > > > > client (Notus ;) ) I wasn't properly connected to the
> mailinglist,
> > > > > > apologies for the inconvenience.
> > > > > > I don't know how to get the security policy of the service.
> > > > > > I added the message I send to the server. (I've removed the
> > > > SecurityToken
> > > > > > for security reasons).
> > > > > > The message I received is the text I copied from the log. I also
> > > added
> > > > > the
> > > > > > logging I get at the moment.
> > > > > >
> > > > > > Ralph
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > > users@cxf.apache.org"
> > > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > can
> > > > > not
> > > > > > be satisfied:
> > > > > > ------------------------------
> > > > > >
> > > > > >
> > > > > >
> > > > > > Did you not see my previous response? We need to see the
> security
> > > > policy
> > > > > of
> > > > > > the service, the request message + the response message to be
> able
> > > to
> > > > > help
> > > > > > you.
> > > > > >
> > > > > > Colm.
> > > > > >
> > > > > >
> > > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > > <r.keegstra@pantheon-automatisering.nl
> > > > > > >wrote:
> > > > > >
> > > > > > > Dear CXF Support,
> > > > > > >
> > > > > > > First, I am a newbie with CXF. I am writing a CXF client to
> > > interact
> > > > > with
> > > > > > > the government. I am able to send a message. But when I
> receive
> > > the
> > > > > > > response my client crashes.
> > > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java
> > > 1.6.45.
> > > > > If
> > > > > > > you need more info, please let me know as I don't exactly know
> > > what
> > > > > info
> > > > > > > you need to help me.
> > > > > > > Please help me, I'm stuck.
> > > > > > >
> > > > > > > Ralph Keegstra
> > > > > > >
> > > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives
> > > > can
> > > > > > > not be satisfied:
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }AsymmetricBinding
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }InitiatorToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }RecipientToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout
> > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > {
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > }OptimizedMimeSerialization
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedElements
> > > > > > > AnonymousResponses
> > > > > > > at
> > > > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > AssertionInfoMap.java:179)
> > > > > > > at
> > > > > > >
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > at
> > > > > > >
> > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > ClientImpl.java:800)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > HTTPConduit.java:1592)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > HTTPConduit.java:1490)
> > > > > > > at
> > > > > > >
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > HTTPConduit.java:1309)
> > > > > > > at
> > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > CachedOutputStream.java:223)
> > > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > AbstractConduit.java:56)
> > > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > HTTPConduit.java:622)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > )
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > ClientProxy.java:96)
> > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > JaxWsClientProxy.java:133)
> > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > > at
> > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > at
> nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > Exception in thread "main"
> javax.xml.ws.soap.SOAPFaultException:
> > > > These
> > > > > > > policy alternatives can not be satisfied:
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }AsymmetricBinding
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }InitiatorToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }RecipientToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout
> > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > {
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > }OptimizedMimeSerialization
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedElements
> > > > > > > AnonymousResponses
> > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > JaxWsClientProxy.java:155)
> > > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > > at
> > > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > > at
> nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These
> > policy
> > > > > > > alternatives can not be satisfied:
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > > }AsymmetricBinding
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }X509Token
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }InitiatorToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }RecipientToken
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }Layout
> > > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > > {
> > > > >
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > > }OptimizedMimeSerialization
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedParts
> > > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }SignedElements
> > > > > > > AnonymousResponses
> > > > > > > at
> > > > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > > AssertionInfoMap.java:179)
> > > > > > > at
> > > > > > >
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > > at
> > > > > > >
> > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > > at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > > ClientImpl.java:800)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > > HTTPConduit.java:1592)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > > HTTPConduit.java:1490)
> > > > > > > at
> > > > > > >
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > > HTTPConduit.java:1309)
> > > > > > > at
> > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > > CachedOutputStream.java:223)
> > > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > > AbstractConduit.java:56)
> > > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > > HTTPConduit.java:622)
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > > MessageSenderInterceptor.java:62)
> > > > > > > at
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > > PhaseInterceptorChain.java:271)
> > > > > > > at
> > > > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > > )
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > > ClientProxy.java:96)
> > > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > > JaxWsClientProxy.java:133)
> > > > > > > ... 3 more
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Colm O hEigeartaigh
> > > > > >
> > > > > > Talend Community Coder
> > > > > > http://coders.talend.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.SIG_PROP_FILE,
"server_sign.properties");
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP +
" " + WSHandlerConstants.SIGNATURE);
bindingProvider.getResponseContext().put("password", "xxxxx");
inProps.put(WSHandlerConstants.USER,
"cs-bedrijven.procesinfrastructuur.nl");
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
--- server_sign.properties ---
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=xxxxx
#org.apache.ws.security.crypto.merlin.keystore.alias=cs-bedrijven.procesinfrastructuur.nl
org.apache.ws.security.crypto.merlin.keystore.file=globalkeystore.jks
This is how I configure WSS4JInInterceptor. I have no extra config files
and I prefer to set all config in the code. When the client works I want
to try to get rid of the server_sign.properties, I want to set that
dynamic.
Ralph
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
02-08-2013 15:04
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
As a sanity check, can I see your CXF client configuration?
PolicyVerificationInInterceptor does run after
PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
WSS4JInInterceptor explicilty in your configuration?
Colm.
On Fri, Aug 2, 2013 at 1:26 PM,
<r....@pantheon-automatisering.nl>wrote:
> Hi Colm,
>
> He doesn't reach the point you asked for. In
> 'org.apache.cxf.ws.policy.AssertionInfoMap.java' checkEffectivePolicy he
> doesn't find any validated policy, the ArrayList validated is empty, the
> ArrayList errors contains 50. He throws at line 179 an exception (cxf
> 2.7.6).
> This method is called from
> 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method
handle.
> Line 101 is the line where call is done.
> The variable aim contains:
> {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken:false], {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout:false],
> AnonymousResponses=[AnonymousResponses:false, AnonymousResponses:false],
{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding:false], {
http://www.w3.org/2007/02/addressing/metadata
> }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}X509Token:false,
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts:false], {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization=[{
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization:false]}
>
> If you need to know something else, let me know!
>
> Ralph
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 12:57
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> Do you have access to a debugger? If so could you put a breakpoint in
> PolicyBasedWSS4JInInterceptor in the doResults method and trace the
flow?
> The problem is that some policy is getting unasserted, but I can't
figure
> out which one from the logging.
>
> Colm.
>
>
> On Fri, Aug 2, 2013 at 11:53 AM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > Hi,
> >
> > This comes from the WSDL as it is given to me. When generated with all
> > three policies enabled, the first is used I believe. I just tried to
> > generate with only one enabled. I tried three times (one time for
> > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > TripleDesRsa15), all the same result as before.
> > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > WS-Addressing - failed to retrieve Message Addressing Properties from
> > context'.
> > Is it possible that I need to add something to avoid this? And if yes
> how
> > do I do that?
> >
> > Ralph
> >
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 12:34
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > can not be satisfied:
> >
> >
> >
> > Hi,
> >
> > I'm not sure if this is the cause of the problem, but the following
> policy
> > is not valid:
> >
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic128Rsa15/>
> > <sp:Basic256Rsa15/>
> > <sp:TripleDesRsa15/>
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> >
> > The specification only allows you to specify one of the policies
above.
> >
> > Colm.
> >
> >
> > On Thu, Aug 1, 2013 at 3:44 PM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > Hi Colm,
> > >
> > > The previous message didn't contain a attachement. But in the mean
> time
> > I
> > > managed to get a better log. I will attach it as .txt
> > >
> > >
> > >
> > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > "users@cxf.apache.org"
> > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can
> > not
> > > be satisfied:
> > > ------------------------------
> > >
> > >
> > >
> > > Could you turn logging to "FINE" + attach the log? That should tell
us
> > the
> > > exact policy validation error(s).
> > >
> > > Colm.
> > >
> > >
> > > On Thu, Aug 1, 2013 at 9:17 AM,
<r.keegstra@pantheon-automatisering.nl
> > > >wrote:
> > >
> > > > Hi,
> > > >
> > > > Because the formatting was crappy an attachement.
> > > >
> > > >
> > > >
> > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > users@cxf.apache.org"
> > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> > can
> > > not
> > > > be satisfied:
> > > > ------------------------------
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > > It looks like the service is processing the CXF request correctly,
> but
> > is
> > > > not returning a response that complies with the security policy,
and
> > the
> > > > client is throwing an exception. It's impossible to find out
without
> > > seeing
> > > > the security policy though. It should be in the WSDL file
referenced
> > in
> > > the
> > > > log, if you could attach it:
> > > >
> > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > Bedrijven_v1.2_preprod.wsdl"
> > > >
> > > > Colm.
> > > >
> > > >
> > > >
> > > > On Thu, Aug 1, 2013 at 8:53 AM,
> <r.keegstra@pantheon-automatisering.nl
> > > > >wrote:
> > > >
> > > > > Dear Colm,
> > > > >
> > > > > Sorry i didn't see your previous response. Because of my great
> > e-mail
> > > > > client (Notus ;) ) I wasn't properly connected to the
mailinglist,
> > > > > apologies for the inconvenience.
> > > > > I don't know how to get the security policy of the service.
> > > > > I added the message I send to the server. (I've removed the
> > > SecurityToken
> > > > > for security reasons).
> > > > > The message I received is the text I copied from the log. I also
> > added
> > > > the
> > > > > logging I get at the moment.
> > > > >
> > > > > Ralph
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > users@cxf.apache.org"
> > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > can
> > > > not
> > > > > be satisfied:
> > > > > ------------------------------
> > > > >
> > > > >
> > > > >
> > > > > Did you not see my previous response? We need to see the
security
> > > policy
> > > > of
> > > > > the service, the request message + the response message to be
able
> > to
> > > > help
> > > > > you.
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > <r.keegstra@pantheon-automatisering.nl
> > > > > >wrote:
> > > > >
> > > > > > Dear CXF Support,
> > > > > >
> > > > > > First, I am a newbie with CXF. I am writing a CXF client to
> > interact
> > > > with
> > > > > > the government. I am able to send a message. But when I
receive
> > the
> > > > > > response my client crashes.
> > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java
> > 1.6.45.
> > > > If
> > > > > > you need more info, please let me know as I don't exactly know
> > what
> > > > info
> > > > > > you need to help me.
> > > > > > Please help me, I'm stuck.
> > > > > >
> > > > > > Ralph Keegstra
> > > > > >
> > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > can
> > > > > > not be satisfied:
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout
> > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > {
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements
> > > > > > AnonymousResponses
> > > > > > at
> > > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > AssertionInfoMap.java:179)
> > > > > > at
> > > > > >
org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > at
> > > > > >
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > ClientImpl.java:800)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > HTTPConduit.java:1592)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > HTTPConduit.java:1490)
> > > > > > at
> > > > > >
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > HTTPConduit.java:1309)
> > > > > > at
> org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > CachedOutputStream.java:223)
> > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > AbstractConduit.java:56)
> > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > HTTPConduit.java:622)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > MessageSenderInterceptor.java:62)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > )
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > ClientProxy.java:96)
> > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > JaxWsClientProxy.java:133)
> > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > at
nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > Exception in thread "main"
javax.xml.ws.soap.SOAPFaultException:
> > > These
> > > > > > policy alternatives can not be satisfied:
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout
> > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > {
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements
> > > > > > AnonymousResponses
> > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > JaxWsClientProxy.java:155)
> > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > at
nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These
> policy
> > > > > > alternatives can not be satisfied:
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout
> > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > {
> > > >
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements
> > > > > > AnonymousResponses
> > > > > > at
> > > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > AssertionInfoMap.java:179)
> > > > > > at
> > > > > >
org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > at
> > > > > >
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > ClientImpl.java:800)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > HTTPConduit.java:1592)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > HTTPConduit.java:1490)
> > > > > > at
> > > > > >
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > HTTPConduit.java:1309)
> > > > > > at
> org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > CachedOutputStream.java:223)
> > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > AbstractConduit.java:56)
> > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > HTTPConduit.java:622)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > MessageSenderInterceptor.java:62)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > )
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > ClientProxy.java:96)
> > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > JaxWsClientProxy.java:133)
> > > > > > ... 3 more
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
As a sanity check, can I see your CXF client configuration?
PolicyVerificationInInterceptor does run after
PolicyBasedWSS4JInInterceptor, so maybe you are configuring the
WSS4JInInterceptor explicilty in your configuration?
Colm.
On Fri, Aug 2, 2013 at 1:26 PM, <r....@pantheon-automatisering.nl>wrote:
> Hi Colm,
>
> He doesn't reach the point you asked for. In
> 'org.apache.cxf.ws.policy.AssertionInfoMap.java' checkEffectivePolicy he
> doesn't find any validated policy, the ArrayList validated is empty, the
> ArrayList errors contains 50. He throws at line 179 an exception (cxf
> 2.7.6).
> This method is called from
> 'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method handle.
> Line 101 is the line where call is done.
> The variable aim contains:
> {{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken:false], {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
> }Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
> }Anonymous:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout:false],
> AnonymousResponses=[AnonymousResponses:false, AnonymousResponses:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding:false], {http://www.w3.org/2007/02/addressing/metadata
> }Addressing=[{http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
> }Addressing:true], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token:false,
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token:false], {
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts=[{
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts:false], {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization=[{
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization:false]}
>
> If you need to know something else, let me know!
>
> Ralph
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 12:57
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> Do you have access to a debugger? If so could you put a breakpoint in
> PolicyBasedWSS4JInInterceptor in the doResults method and trace the flow?
> The problem is that some policy is getting unasserted, but I can't figure
> out which one from the logging.
>
> Colm.
>
>
> On Fri, Aug 2, 2013 at 11:53 AM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > Hi,
> >
> > This comes from the WSDL as it is given to me. When generated with all
> > three policies enabled, the first is used I believe. I just tried to
> > generate with only one enabled. I tried three times (one time for
> > Basic128Rsa15, one time for Basic256Ras15 and one time for
> > TripleDesRsa15), all the same result as before.
> > At almost the bottum of the log it says ' LogUtils.doLog(443) |
> > WS-Addressing - failed to retrieve Message Addressing Properties from
> > context'.
> > Is it possible that I need to add something to avoid this? And if yes
> how
> > do I do that?
> >
> > Ralph
> >
> >
> >
> >
> > From:
> > Colm O hEigeartaigh <co...@apache.org>
> > To:
> > "users@cxf.apache.org" <us...@cxf.apache.org>
> > Date:
> > 02-08-2013 12:34
> > Subject:
> > Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> > can not be satisfied:
> >
> >
> >
> > Hi,
> >
> > I'm not sure if this is the cause of the problem, but the following
> policy
> > is not valid:
> >
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic128Rsa15/>
> > <sp:Basic256Rsa15/>
> > <sp:TripleDesRsa15/>
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> >
> > The specification only allows you to specify one of the policies above.
> >
> > Colm.
> >
> >
> > On Thu, Aug 1, 2013 at 3:44 PM,
> > <r....@pantheon-automatisering.nl>wrote:
> >
> > > Hi Colm,
> > >
> > > The previous message didn't contain a attachement. But in the mean
> time
> > I
> > > managed to get a better log. I will attach it as .txt
> > >
> > >
> > >
> > > From: Colm O hEigeartaigh <co...@apache.org> To:
> > "users@cxf.apache.org"
> > > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can
> > not
> > > be satisfied:
> > > ------------------------------
> > >
> > >
> > >
> > > Could you turn logging to "FINE" + attach the log? That should tell us
> > the
> > > exact policy validation error(s).
> > >
> > > Colm.
> > >
> > >
> > > On Thu, Aug 1, 2013 at 9:17 AM, <r.keegstra@pantheon-automatisering.nl
> > > >wrote:
> > >
> > > > Hi,
> > > >
> > > > Because the formatting was crappy an attachement.
> > > >
> > > >
> > > >
> > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > users@cxf.apache.org"
> > > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> > can
> > > not
> > > > be satisfied:
> > > > ------------------------------
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > > It looks like the service is processing the CXF request correctly,
> but
> > is
> > > > not returning a response that complies with the security policy, and
> > the
> > > > client is throwing an exception. It's impossible to find out without
> > > seeing
> > > > the security policy though. It should be in the WSDL file referenced
> > in
> > > the
> > > > log, if you could attach it:
> > > >
> > > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > > Bedrijven_v1.2_preprod.wsdl"
> > > >
> > > > Colm.
> > > >
> > > >
> > > >
> > > > On Thu, Aug 1, 2013 at 8:53 AM,
> <r.keegstra@pantheon-automatisering.nl
> > > > >wrote:
> > > >
> > > > > Dear Colm,
> > > > >
> > > > > Sorry i didn't see your previous response. Because of my great
> > e-mail
> > > > > client (Notus ;) ) I wasn't properly connected to the mailinglist,
> > > > > apologies for the inconvenience.
> > > > > I don't know how to get the security policy of the service.
> > > > > I added the message I send to the server. (I've removed the
> > > SecurityToken
> > > > > for security reasons).
> > > > > The message I received is the text I copied from the log. I also
> > added
> > > > the
> > > > > logging I get at the moment.
> > > > >
> > > > > Ralph
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > > users@cxf.apache.org"
> > > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > can
> > > > not
> > > > > be satisfied:
> > > > > ------------------------------
> > > > >
> > > > >
> > > > >
> > > > > Did you not see my previous response? We need to see the security
> > > policy
> > > > of
> > > > > the service, the request message + the response message to be able
> > to
> > > > help
> > > > > you.
> > > > >
> > > > > Colm.
> > > > >
> > > > >
> > > > > On Thu, Aug 1, 2013 at 7:06 AM,
> > <r.keegstra@pantheon-automatisering.nl
> > > > > >wrote:
> > > > >
> > > > > > Dear CXF Support,
> > > > > >
> > > > > > First, I am a newbie with CXF. I am writing a CXF client to
> > interact
> > > > with
> > > > > > the government. I am able to send a message. But when I receive
> > the
> > > > > > response my client crashes.
> > > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java
> > 1.6.45.
> > > > If
> > > > > > you need more info, please let me know as I don't exactly know
> > what
> > > > info
> > > > > > you need to help me.
> > > > > > Please help me, I'm stuck.
> > > > > >
> > > > > > Ralph Keegstra
> > > > > >
> > > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives
> > > can
> > > > > > not be satisfied:
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout
> > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > {
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements
> > > > > > AnonymousResponses
> > > > > > at
> > > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > AssertionInfoMap.java:179)
> > > > > > at
> > > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > at
> > > > > >
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > ClientImpl.java:800)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > HTTPConduit.java:1592)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > HTTPConduit.java:1490)
> > > > > > at
> > > > > >
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > HTTPConduit.java:1309)
> > > > > > at
> org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > CachedOutputStream.java:223)
> > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > AbstractConduit.java:56)
> > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > HTTPConduit.java:622)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > MessageSenderInterceptor.java:62)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > )
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > ClientProxy.java:96)
> > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > JaxWsClientProxy.java:133)
> > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> > > These
> > > > > > policy alternatives can not be satisfied:
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout
> > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > {
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements
> > > > > > AnonymousResponses
> > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > JaxWsClientProxy.java:155)
> > > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > > at
> > > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These
> policy
> > > > > > alternatives can not be satisfied:
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > > }AsymmetricBinding
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }X509Token
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }InitiatorToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }RecipientToken
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }Layout
> > > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > > {
> > > >
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > > }OptimizedMimeSerialization
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedParts
> > > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }SignedElements
> > > > > > AnonymousResponses
> > > > > > at
> > > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > > AssertionInfoMap.java:179)
> > > > > > at
> > > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > > PolicyVerificationInInterceptor.java:101)
> > > > > > at
> > > > > >
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > > AbstractPolicyInterceptor.java:44)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > > ClientImpl.java:800)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > > HTTPConduit.java:1592)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > > HTTPConduit.java:1490)
> > > > > > at
> > > > > >
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > > HTTPConduit.java:1309)
> > > > > > at
> org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > > CacheAndWriteOutputStream.java:50)
> > > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > > CachedOutputStream.java:223)
> > > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > > AbstractConduit.java:56)
> > > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > > HTTPConduit.java:622)
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > > MessageSenderInterceptor.java:62)
> > > > > > at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > > PhaseInterceptorChain.java:271)
> > > > > > at
> > > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > > )
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > > ClientProxy.java:96)
> > > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > > JaxWsClientProxy.java:133)
> > > > > > ... 3 more
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Colm O hEigeartaigh
> > > > >
> > > > > Talend Community Coder
> > > > > http://coders.talend.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Hi Colm,
He doesn't reach the point you asked for. In
'org.apache.cxf.ws.policy.AssertionInfoMap.java' checkEffectivePolicy he
doesn't find any validated policy, the ArrayList validated is empty, the
ArrayList errors contains 50. He throws at line 179 an exception (cxf
2.7.6).
This method is called from
'org.apache.cxf.ws.policy.PolicyVerificationInInterceptor' method handle.
Line 101 is the line where call is done.
The variable aim contains:
{{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedElements=[{
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedElements:false], {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}RecipientToken=[{
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}RecipientToken:false], {http://www.w3.org/2007/05/addressing/metadata
}Anonymous=[{http://www.w3.org/2007/05/addressing/metadata
}Anonymous:false, {http://www.w3.org/2007/05/addressing/metadata
}Anonymous:false], {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout=[{
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout:false],
AnonymousResponses=[AnonymousResponses:false, AnonymousResponses:false], {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}AsymmetricBinding=[{
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}AsymmetricBinding:false], {http://www.w3.org/2007/02/addressing/metadata
}Addressing=[{http://www.w3.org/2007/02/addressing/metadata
}Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
}Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
}Addressing:true, {http://www.w3.org/2007/02/addressing/metadata
}Addressing:true], {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}InitiatorToken=[{
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}InitiatorToken:false], {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token=[{
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token:false,
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}X509Token:false], {
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts=[{
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedParts:false], {
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
}OptimizedMimeSerialization=[{
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
}OptimizedMimeSerialization:false]}
If you need to know something else, let me know!
Ralph
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
02-08-2013 12:57
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
Do you have access to a debugger? If so could you put a breakpoint in
PolicyBasedWSS4JInInterceptor in the doResults method and trace the flow?
The problem is that some policy is getting unasserted, but I can't figure
out which one from the logging.
Colm.
On Fri, Aug 2, 2013 at 11:53 AM,
<r....@pantheon-automatisering.nl>wrote:
> Hi,
>
> This comes from the WSDL as it is given to me. When generated with all
> three policies enabled, the first is used I believe. I just tried to
> generate with only one enabled. I tried three times (one time for
> Basic128Rsa15, one time for Basic256Ras15 and one time for
> TripleDesRsa15), all the same result as before.
> At almost the bottum of the log it says ' LogUtils.doLog(443) |
> WS-Addressing - failed to retrieve Message Addressing Properties from
> context'.
> Is it possible that I need to add something to avoid this? And if yes
how
> do I do that?
>
> Ralph
>
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 12:34
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> Hi,
>
> I'm not sure if this is the cause of the problem, but the following
policy
> is not valid:
>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic128Rsa15/>
> <sp:Basic256Rsa15/>
> <sp:TripleDesRsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
>
> The specification only allows you to specify one of the policies above.
>
> Colm.
>
>
> On Thu, Aug 1, 2013 at 3:44 PM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > Hi Colm,
> >
> > The previous message didn't contain a attachement. But in the mean
time
> I
> > managed to get a better log. I will attach it as .txt
> >
> >
> >
> > From: Colm O hEigeartaigh <co...@apache.org> To:
> "users@cxf.apache.org"
> > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> not
> > be satisfied:
> > ------------------------------
> >
> >
> >
> > Could you turn logging to "FINE" + attach the log? That should tell us
> the
> > exact policy validation error(s).
> >
> > Colm.
> >
> >
> > On Thu, Aug 1, 2013 at 9:17 AM, <r.keegstra@pantheon-automatisering.nl
> > >wrote:
> >
> > > Hi,
> > >
> > > Because the formatting was crappy an attachement.
> > >
> > >
> > >
> > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > users@cxf.apache.org"
> > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can
> > not
> > > be satisfied:
> > > ------------------------------
> > >
> > >
> > >
> > > Hi,
> > >
> > > It looks like the service is processing the CXF request correctly,
but
> is
> > > not returning a response that complies with the security policy, and
> the
> > > client is throwing an exception. It's impossible to find out without
> > seeing
> > > the security policy though. It should be in the WSDL file referenced
> in
> > the
> > > log, if you could attach it:
> > >
> > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > Bedrijven_v1.2_preprod.wsdl"
> > >
> > > Colm.
> > >
> > >
> > >
> > > On Thu, Aug 1, 2013 at 8:53 AM,
<r.keegstra@pantheon-automatisering.nl
> > > >wrote:
> > >
> > > > Dear Colm,
> > > >
> > > > Sorry i didn't see your previous response. Because of my great
> e-mail
> > > > client (Notus ;) ) I wasn't properly connected to the mailinglist,
> > > > apologies for the inconvenience.
> > > > I don't know how to get the security policy of the service.
> > > > I added the message I send to the server. (I've removed the
> > SecurityToken
> > > > for security reasons).
> > > > The message I received is the text I copied from the log. I also
> added
> > > the
> > > > logging I get at the moment.
> > > >
> > > > Ralph
> > > >
> > > >
> > > >
> > > >
> > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > users@cxf.apache.org"
> > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> can
> > > not
> > > > be satisfied:
> > > > ------------------------------
> > > >
> > > >
> > > >
> > > > Did you not see my previous response? We need to see the security
> > policy
> > > of
> > > > the service, the request message + the response message to be able
> to
> > > help
> > > > you.
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Thu, Aug 1, 2013 at 7:06 AM,
> <r.keegstra@pantheon-automatisering.nl
> > > > >wrote:
> > > >
> > > > > Dear CXF Support,
> > > > >
> > > > > First, I am a newbie with CXF. I am writing a CXF client to
> interact
> > > with
> > > > > the government. I am able to send a message. But when I receive
> the
> > > > > response my client crashes.
> > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java
> 1.6.45.
> > > If
> > > > > you need more info, please let me know as I don't exactly know
> what
> > > info
> > > > > you need to help me.
> > > > > Please help me, I'm stuck.
> > > > >
> > > > > Ralph Keegstra
> > > > >
> > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > can
> > > > > not be satisfied:
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }AsymmetricBinding
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}Layout
> > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > {
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > }OptimizedMimeSerialization
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements
> > > > > AnonymousResponses
> > > > > at
> > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > AssertionInfoMap.java:179)
> > > > > at
> > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > PolicyVerificationInInterceptor.java:101)
> > > > > at
> > > > >
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > AbstractPolicyInterceptor.java:44)
> > > > > at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > PhaseInterceptorChain.java:271)
> > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > ClientImpl.java:800)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > HTTPConduit.java:1592)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > HTTPConduit.java:1490)
> > > > > at
> > > > >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > HTTPConduit.java:1309)
> > > > > at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > CacheAndWriteOutputStream.java:50)
> > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > CachedOutputStream.java:223)
> > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > AbstractConduit.java:56)
> > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > HTTPConduit.java:622)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > MessageSenderInterceptor.java:62)
> > > > > at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > PhaseInterceptorChain.java:271)
> > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > )
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > ClientProxy.java:96)
> > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > JaxWsClientProxy.java:133)
> > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > at
> > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> > These
> > > > > policy alternatives can not be satisfied:
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }AsymmetricBinding
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}Layout
> > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > {
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > }OptimizedMimeSerialization
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements
> > > > > AnonymousResponses
> > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > JaxWsClientProxy.java:155)
> > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > at
> > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These
policy
> > > > > alternatives can not be satisfied:
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }AsymmetricBinding
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}Layout
> > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > {
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > }OptimizedMimeSerialization
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements
> > > > > AnonymousResponses
> > > > > at
> > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > AssertionInfoMap.java:179)
> > > > > at
> > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > PolicyVerificationInInterceptor.java:101)
> > > > > at
> > > > >
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > AbstractPolicyInterceptor.java:44)
> > > > > at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > PhaseInterceptorChain.java:271)
> > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > ClientImpl.java:800)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > HTTPConduit.java:1592)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > HTTPConduit.java:1490)
> > > > > at
> > > > >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > HTTPConduit.java:1309)
> > > > > at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > CacheAndWriteOutputStream.java:50)
> > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > CachedOutputStream.java:223)
> > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > AbstractConduit.java:56)
> > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > HTTPConduit.java:622)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > MessageSenderInterceptor.java:62)
> > > > > at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > PhaseInterceptorChain.java:271)
> > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > )
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > ClientProxy.java:96)
> > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > JaxWsClientProxy.java:133)
> > > > > ... 3 more
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
Do you have access to a debugger? If so could you put a breakpoint in
PolicyBasedWSS4JInInterceptor in the doResults method and trace the flow?
The problem is that some policy is getting unasserted, but I can't figure
out which one from the logging.
Colm.
On Fri, Aug 2, 2013 at 11:53 AM, <r....@pantheon-automatisering.nl>wrote:
> Hi,
>
> This comes from the WSDL as it is given to me. When generated with all
> three policies enabled, the first is used I believe. I just tried to
> generate with only one enabled. I tried three times (one time for
> Basic128Rsa15, one time for Basic256Ras15 and one time for
> TripleDesRsa15), all the same result as before.
> At almost the bottum of the log it says ' LogUtils.doLog(443) |
> WS-Addressing - failed to retrieve Message Addressing Properties from
> context'.
> Is it possible that I need to add something to avoid this? And if yes how
> do I do that?
>
> Ralph
>
>
>
>
> From:
> Colm O hEigeartaigh <co...@apache.org>
> To:
> "users@cxf.apache.org" <us...@cxf.apache.org>
> Date:
> 02-08-2013 12:34
> Subject:
> Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can not be satisfied:
>
>
>
> Hi,
>
> I'm not sure if this is the cause of the problem, but the following policy
> is not valid:
>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic128Rsa15/>
> <sp:Basic256Rsa15/>
> <sp:TripleDesRsa15/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
>
> The specification only allows you to specify one of the policies above.
>
> Colm.
>
>
> On Thu, Aug 1, 2013 at 3:44 PM,
> <r....@pantheon-automatisering.nl>wrote:
>
> > Hi Colm,
> >
> > The previous message didn't contain a attachement. But in the mean time
> I
> > managed to get a better log. I will attach it as .txt
> >
> >
> >
> > From: Colm O hEigeartaigh <co...@apache.org> To:
> "users@cxf.apache.org"
> > <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not
> > be satisfied:
> > ------------------------------
> >
> >
> >
> > Could you turn logging to "FINE" + attach the log? That should tell us
> the
> > exact policy validation error(s).
> >
> > Colm.
> >
> >
> > On Thu, Aug 1, 2013 at 9:17 AM, <r.keegstra@pantheon-automatisering.nl
> > >wrote:
> >
> > > Hi,
> > >
> > > Because the formatting was crappy an attachement.
> > >
> > >
> > >
> > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > users@cxf.apache.org"
> > > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can
> > not
> > > be satisfied:
> > > ------------------------------
> > >
> > >
> > >
> > > Hi,
> > >
> > > It looks like the service is processing the CXF request correctly, but
> is
> > > not returning a response that complies with the security policy, and
> the
> > > client is throwing an exception. It's impossible to find out without
> > seeing
> > > the security policy though. It should be in the WSDL file referenced
> in
> > the
> > > log, if you could attach it:
> > >
> > > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > > Bedrijven_v1.2_preprod.wsdl"
> > >
> > > Colm.
> > >
> > >
> > >
> > > On Thu, Aug 1, 2013 at 8:53 AM, <r.keegstra@pantheon-automatisering.nl
> > > >wrote:
> > >
> > > > Dear Colm,
> > > >
> > > > Sorry i didn't see your previous response. Because of my great
> e-mail
> > > > client (Notus ;) ) I wasn't properly connected to the mailinglist,
> > > > apologies for the inconvenience.
> > > > I don't know how to get the security policy of the service.
> > > > I added the message I send to the server. (I've removed the
> > SecurityToken
> > > > for security reasons).
> > > > The message I received is the text I copied from the log. I also
> added
> > > the
> > > > logging I get at the moment.
> > > >
> > > > Ralph
> > > >
> > > >
> > > >
> > > >
> > > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > > users@cxf.apache.org"
> > > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can
> > > not
> > > > be satisfied:
> > > > ------------------------------
> > > >
> > > >
> > > >
> > > > Did you not see my previous response? We need to see the security
> > policy
> > > of
> > > > the service, the request message + the response message to be able
> to
> > > help
> > > > you.
> > > >
> > > > Colm.
> > > >
> > > >
> > > > On Thu, Aug 1, 2013 at 7:06 AM,
> <r.keegstra@pantheon-automatisering.nl
> > > > >wrote:
> > > >
> > > > > Dear CXF Support,
> > > > >
> > > > > First, I am a newbie with CXF. I am writing a CXF client to
> interact
> > > with
> > > > > the government. I am able to send a message. But when I receive
> the
> > > > > response my client crashes.
> > > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java
> 1.6.45.
> > > If
> > > > > you need more info, please let me know as I don't exactly know
> what
> > > info
> > > > > you need to help me.
> > > > > Please help me, I'm stuck.
> > > > >
> > > > > Ralph Keegstra
> > > > >
> > > > > org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives
> > can
> > > > > not be satisfied:
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }AsymmetricBinding
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > {
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > }OptimizedMimeSerialization
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements
> > > > > AnonymousResponses
> > > > > at
> > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > AssertionInfoMap.java:179)
> > > > > at
> > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > PolicyVerificationInInterceptor.java:101)
> > > > > at
> > > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > AbstractPolicyInterceptor.java:44)
> > > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > PhaseInterceptorChain.java:271)
> > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > ClientImpl.java:800)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > HTTPConduit.java:1592)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > HTTPConduit.java:1490)
> > > > > at
> > > > >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > HTTPConduit.java:1309)
> > > > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > CacheAndWriteOutputStream.java:50)
> > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > CachedOutputStream.java:223)
> > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > AbstractConduit.java:56)
> > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > HTTPConduit.java:622)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > MessageSenderInterceptor.java:62)
> > > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > PhaseInterceptorChain.java:271)
> > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > )
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > ClientProxy.java:96)
> > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > JaxWsClientProxy.java:133)
> > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > at
> > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> > These
> > > > > policy alternatives can not be satisfied:
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }AsymmetricBinding
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > {
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > }OptimizedMimeSerialization
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements
> > > > > AnonymousResponses
> > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > JaxWsClientProxy.java:155)
> > > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > > at
> > nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> > > > > alternatives can not be satisfied:
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > > }AsymmetricBinding
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }X509Token
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }InitiatorToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }RecipientToken
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > > {
> > >
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > > }OptimizedMimeSerialization
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedParts
> > > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }SignedElements
> > > > > AnonymousResponses
> > > > > at
> > > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > > AssertionInfoMap.java:179)
> > > > > at
> > > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > > PolicyVerificationInInterceptor.java:101)
> > > > > at
> > > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > > AbstractPolicyInterceptor.java:44)
> > > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > PhaseInterceptorChain.java:271)
> > > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > > ClientImpl.java:800)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > > HTTPConduit.java:1592)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > > HTTPConduit.java:1490)
> > > > > at
> > > > >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > > HTTPConduit.java:1309)
> > > > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > > CacheAndWriteOutputStream.java:50)
> > > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > > CachedOutputStream.java:223)
> > > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > > AbstractConduit.java:56)
> > > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > > HTTPConduit.java:622)
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > > MessageSenderInterceptor.java:62)
> > > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > > PhaseInterceptorChain.java:271)
> > > > > at
> > > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > > )
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > > at
> > > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > > ClientProxy.java:96)
> > > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > > JaxWsClientProxy.java:133)
> > > > > ... 3 more
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Hi,
This comes from the WSDL as it is given to me. When generated with all
three policies enabled, the first is used I believe. I just tried to
generate with only one enabled. I tried three times (one time for
Basic128Rsa15, one time for Basic256Ras15 and one time for
TripleDesRsa15), all the same result as before.
At almost the bottum of the log it says ' LogUtils.doLog(443) |
WS-Addressing - failed to retrieve Message Addressing Properties from
context'.
Is it possible that I need to add something to avoid this? And if yes how
do I do that?
Ralph
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
02-08-2013 12:34
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
Hi,
I'm not sure if this is the cause of the problem, but the following policy
is not valid:
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Rsa15/>
<sp:Basic256Rsa15/>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
The specification only allows you to specify one of the policies above.
Colm.
On Thu, Aug 1, 2013 at 3:44 PM,
<r....@pantheon-automatisering.nl>wrote:
> Hi Colm,
>
> The previous message didn't contain a attachement. But in the mean time
I
> managed to get a better log. I will attach it as .txt
>
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To:
"users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not
> be satisfied:
> ------------------------------
>
>
>
> Could you turn logging to "FINE" + attach the log? That should tell us
the
> exact policy validation error(s).
>
> Colm.
>
>
> On Thu, Aug 1, 2013 at 9:17 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Hi,
> >
> > Because the formatting was crappy an attachement.
> >
> >
> >
> > From: Colm O hEigeartaigh <co...@apache.org> To: "
> users@cxf.apache.org"
> > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> not
> > be satisfied:
> > ------------------------------
> >
> >
> >
> > Hi,
> >
> > It looks like the service is processing the CXF request correctly, but
is
> > not returning a response that complies with the security policy, and
the
> > client is throwing an exception. It's impossible to find out without
> seeing
> > the security policy though. It should be in the WSDL file referenced
in
> the
> > log, if you could attach it:
> >
> > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > Bedrijven_v1.2_preprod.wsdl"
> >
> > Colm.
> >
> >
> >
> > On Thu, Aug 1, 2013 at 8:53 AM, <r.keegstra@pantheon-automatisering.nl
> > >wrote:
> >
> > > Dear Colm,
> > >
> > > Sorry i didn't see your previous response. Because of my great
e-mail
> > > client (Notus ;) ) I wasn't properly connected to the mailinglist,
> > > apologies for the inconvenience.
> > > I don't know how to get the security policy of the service.
> > > I added the message I send to the server. (I've removed the
> SecurityToken
> > > for security reasons).
> > > The message I received is the text I copied from the log. I also
added
> > the
> > > logging I get at the moment.
> > >
> > > Ralph
> > >
> > >
> > >
> > >
> > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > users@cxf.apache.org"
> > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> > not
> > > be satisfied:
> > > ------------------------------
> > >
> > >
> > >
> > > Did you not see my previous response? We need to see the security
> policy
> > of
> > > the service, the request message + the response message to be able
to
> > help
> > > you.
> > >
> > > Colm.
> > >
> > >
> > > On Thu, Aug 1, 2013 at 7:06 AM,
<r.keegstra@pantheon-automatisering.nl
> > > >wrote:
> > >
> > > > Dear CXF Support,
> > > >
> > > > First, I am a newbie with CXF. I am writing a CXF client to
interact
> > with
> > > > the government. I am able to send a message. But when I receive
the
> > > > response my client crashes.
> > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java
1.6.45.
> > If
> > > > you need more info, please let me know as I don't exactly know
what
> > info
> > > > you need to help me.
> > > > Please help me, I'm stuck.
> > > >
> > > > Ralph Keegstra
> > > >
> > > > org.apache.cxf.ws.policy.PolicyException: These policy
alternatives
> can
> > > > not be satisfied:
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}X509Token
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }InitiatorToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }RecipientToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > {
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedElements
> > > > AnonymousResponses
> > > > at
> > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > AssertionInfoMap.java:179)
> > > > at
> > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > PolicyVerificationInInterceptor.java:101)
> > > > at
> > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > AbstractPolicyInterceptor.java:44)
> > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > PhaseInterceptorChain.java:271)
> > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > ClientImpl.java:800)
> > > > at
> > > >
> > > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > HTTPConduit.java:1592)
> > > > at
> > > >
> > > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > HTTPConduit.java:1490)
> > > > at
> > > >
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > HTTPConduit.java:1309)
> > > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > CacheAndWriteOutputStream.java:50)
> > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > CachedOutputStream.java:223)
> > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > AbstractConduit.java:56)
> > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > HTTPConduit.java:622)
> > > > at
> > > >
> > > >
> > >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > MessageSenderInterceptor.java:62)
> > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > PhaseInterceptorChain.java:271)
> > > > at
> > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > )
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > ClientProxy.java:96)
> > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > JaxWsClientProxy.java:133)
> > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > at
> nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> These
> > > > policy alternatives can not be satisfied:
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}X509Token
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }InitiatorToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }RecipientToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > {
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedElements
> > > > AnonymousResponses
> > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > JaxWsClientProxy.java:155)
> > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > at
> nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives can not be satisfied:
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}X509Token
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }InitiatorToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }RecipientToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > {
> >
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedElements
> > > > AnonymousResponses
> > > > at
> > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > AssertionInfoMap.java:179)
> > > > at
> > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > PolicyVerificationInInterceptor.java:101)
> > > > at
> > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > AbstractPolicyInterceptor.java:44)
> > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > PhaseInterceptorChain.java:271)
> > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > ClientImpl.java:800)
> > > > at
> > > >
> > > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > HTTPConduit.java:1592)
> > > > at
> > > >
> > > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > HTTPConduit.java:1490)
> > > > at
> > > >
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > HTTPConduit.java:1309)
> > > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > CacheAndWriteOutputStream.java:50)
> > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > CachedOutputStream.java:223)
> > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > AbstractConduit.java:56)
> > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > HTTPConduit.java:622)
> > > > at
> > > >
> > > >
> > >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > MessageSenderInterceptor.java:62)
> > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > PhaseInterceptorChain.java:271)
> > > > at
> > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > )
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > ClientProxy.java:96)
> > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > JaxWsClientProxy.java:133)
> > > > ... 3 more
> > > >
> > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi,
I'm not sure if this is the cause of the problem, but the following policy
is not valid:
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Rsa15/>
<sp:Basic256Rsa15/>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
The specification only allows you to specify one of the policies above.
Colm.
On Thu, Aug 1, 2013 at 3:44 PM, <r....@pantheon-automatisering.nl>wrote:
> Hi Colm,
>
> The previous message didn't contain a attachement. But in the mean time I
> managed to get a better log. I will attach it as .txt
>
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To: "users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 01-08-2013 10:48 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not
> be satisfied:
> ------------------------------
>
>
>
> Could you turn logging to "FINE" + attach the log? That should tell us the
> exact policy validation error(s).
>
> Colm.
>
>
> On Thu, Aug 1, 2013 at 9:17 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Hi,
> >
> > Because the formatting was crappy an attachement.
> >
> >
> >
> > From: Colm O hEigeartaigh <co...@apache.org> To: "
> users@cxf.apache.org"
> > <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not
> > be satisfied:
> > ------------------------------
> >
> >
> >
> > Hi,
> >
> > It looks like the service is processing the CXF request correctly, but is
> > not returning a response that complies with the security policy, and the
> > client is throwing an exception. It's impossible to find out without
> seeing
> > the security policy though. It should be in the WSDL file referenced in
> the
> > log, if you could attach it:
> >
> > file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> > Bedrijven_v1.2_preprod.wsdl"
> >
> > Colm.
> >
> >
> >
> > On Thu, Aug 1, 2013 at 8:53 AM, <r.keegstra@pantheon-automatisering.nl
> > >wrote:
> >
> > > Dear Colm,
> > >
> > > Sorry i didn't see your previous response. Because of my great e-mail
> > > client (Notus ;) ) I wasn't properly connected to the mailinglist,
> > > apologies for the inconvenience.
> > > I don't know how to get the security policy of the service.
> > > I added the message I send to the server. (I've removed the
> SecurityToken
> > > for security reasons).
> > > The message I received is the text I copied from the log. I also added
> > the
> > > logging I get at the moment.
> > >
> > > Ralph
> > >
> > >
> > >
> > >
> > > From: Colm O hEigeartaigh <co...@apache.org> To: "
> > users@cxf.apache.org"
> > > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> > not
> > > be satisfied:
> > > ------------------------------
> > >
> > >
> > >
> > > Did you not see my previous response? We need to see the security
> policy
> > of
> > > the service, the request message + the response message to be able to
> > help
> > > you.
> > >
> > > Colm.
> > >
> > >
> > > On Thu, Aug 1, 2013 at 7:06 AM, <r.keegstra@pantheon-automatisering.nl
> > > >wrote:
> > >
> > > > Dear CXF Support,
> > > >
> > > > First, I am a newbie with CXF. I am writing a CXF client to interact
> > with
> > > > the government. I am able to send a message. But when I receive the
> > > > response my client crashes.
> > > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java 1.6.45.
> > If
> > > > you need more info, please let me know as I don't exactly know what
> > info
> > > > you need to help me.
> > > > Please help me, I'm stuck.
> > > >
> > > > Ralph Keegstra
> > > >
> > > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
> can
> > > > not be satisfied:
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }InitiatorToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }RecipientToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > {
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedElements
> > > > AnonymousResponses
> > > > at
> > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > AssertionInfoMap.java:179)
> > > > at
> > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > PolicyVerificationInInterceptor.java:101)
> > > > at
> > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > AbstractPolicyInterceptor.java:44)
> > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > PhaseInterceptorChain.java:271)
> > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > ClientImpl.java:800)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > HTTPConduit.java:1592)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > HTTPConduit.java:1490)
> > > > at
> > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > HTTPConduit.java:1309)
> > > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > CacheAndWriteOutputStream.java:50)
> > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > CachedOutputStream.java:223)
> > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > AbstractConduit.java:56)
> > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > HTTPConduit.java:622)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > MessageSenderInterceptor.java:62)
> > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > PhaseInterceptorChain.java:271)
> > > > at
> > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > )
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > ClientProxy.java:96)
> > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > JaxWsClientProxy.java:133)
> > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > at
> nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
> These
> > > > policy alternatives can not be satisfied:
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }InitiatorToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }RecipientToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > {
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedElements
> > > > AnonymousResponses
> > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > JaxWsClientProxy.java:155)
> > > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > > at
> nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> > > > alternatives can not be satisfied:
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > > }AsymmetricBinding
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }InitiatorToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }RecipientToken
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > > {
> > http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > > }OptimizedMimeSerialization
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedParts
> > > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }SignedElements
> > > > AnonymousResponses
> > > > at
> > > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > > AssertionInfoMap.java:179)
> > > > at
> > > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > > PolicyVerificationInInterceptor.java:101)
> > > > at
> > > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > > AbstractPolicyInterceptor.java:44)
> > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > PhaseInterceptorChain.java:271)
> > > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > > ClientImpl.java:800)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > > HTTPConduit.java:1592)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > > HTTPConduit.java:1490)
> > > > at
> > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > > HTTPConduit.java:1309)
> > > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > > CacheAndWriteOutputStream.java:50)
> > > > at org.apache.cxf.io.CachedOutputStream.close(
> > > > CachedOutputStream.java:223)
> > > > at org.apache.cxf.transport.AbstractConduit.close(
> > > > AbstractConduit.java:56)
> > > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > > HTTPConduit.java:622)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > > MessageSenderInterceptor.java:62)
> > > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > > PhaseInterceptorChain.java:271)
> > > > at
> > > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > > )
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > > at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > > ClientProxy.java:96)
> > > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > > JaxWsClientProxy.java:133)
> > > > ... 3 more
> > > >
> > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> > >
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Hi Colm,
The previous message didn't contain a attachement. But in the mean time I
managed to get a better log. I will attach it as .txt
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
01-08-2013 10:48
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
Could you turn logging to "FINE" + attach the log? That should tell us the
exact policy validation error(s).
Colm.
On Thu, Aug 1, 2013 at 9:17 AM,
<r....@pantheon-automatisering.nl>wrote:
> Hi,
>
> Because the formatting was crappy an attachement.
>
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To:
"users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not
> be satisfied:
> ------------------------------
>
>
>
> Hi,
>
> It looks like the service is processing the CXF request correctly, but
is
> not returning a response that complies with the security policy, and the
> client is throwing an exception. It's impossible to find out without
seeing
> the security policy though. It should be in the WSDL file referenced in
the
> log, if you could attach it:
>
> file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> Bedrijven_v1.2_preprod.wsdl"
>
> Colm.
>
>
>
> On Thu, Aug 1, 2013 at 8:53 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Dear Colm,
> >
> > Sorry i didn't see your previous response. Because of my great e-mail
> > client (Notus ;) ) I wasn't properly connected to the mailinglist,
> > apologies for the inconvenience.
> > I don't know how to get the security policy of the service.
> > I added the message I send to the server. (I've removed the
SecurityToken
> > for security reasons).
> > The message I received is the text I copied from the log. I also added
> the
> > logging I get at the moment.
> >
> > Ralph
> >
> >
> >
> >
> > From: Colm O hEigeartaigh <co...@apache.org> To: "
> users@cxf.apache.org"
> > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> not
> > be satisfied:
> > ------------------------------
> >
> >
> >
> > Did you not see my previous response? We need to see the security
policy
> of
> > the service, the request message + the response message to be able to
> help
> > you.
> >
> > Colm.
> >
> >
> > On Thu, Aug 1, 2013 at 7:06 AM, <r.keegstra@pantheon-automatisering.nl
> > >wrote:
> >
> > > Dear CXF Support,
> > >
> > > First, I am a newbie with CXF. I am writing a CXF client to interact
> with
> > > the government. I am able to send a message. But when I receive the
> > > response my client crashes.
> > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java
1.6.45.
> If
> > > you need more info, please let me know as I don't exactly know what
> info
> > > you need to help me.
> > > Please help me, I'm stuck.
> > >
> > > Ralph Keegstra
> > >
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> > > not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedParts
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements
> > > AnonymousResponses
> > > at
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > AssertionInfoMap.java:179)
> > > at
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > PolicyVerificationInInterceptor.java:101)
> > > at
> > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > AbstractPolicyInterceptor.java:44)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > ClientImpl.java:800)
> > > at
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > HTTPConduit.java:1592)
> > > at
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > HTTPConduit.java:1490)
> > > at
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > HTTPConduit.java:1309)
> > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > CacheAndWriteOutputStream.java:50)
> > > at org.apache.cxf.io.CachedOutputStream.close(
> > > CachedOutputStream.java:223)
> > > at org.apache.cxf.transport.AbstractConduit.close(
> > > AbstractConduit.java:56)
> > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > HTTPConduit.java:622)
> > > at
> > >
> > >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > MessageSenderInterceptor.java:62)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > )
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > ClientProxy.java:96)
> > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > JaxWsClientProxy.java:133)
> > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > at
nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
These
> > > policy alternatives can not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedParts
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements
> > > AnonymousResponses
> > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > JaxWsClientProxy.java:155)
> > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > at
nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives can not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedParts
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements
> > > AnonymousResponses
> > > at
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > AssertionInfoMap.java:179)
> > > at
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > PolicyVerificationInInterceptor.java:101)
> > > at
> > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > AbstractPolicyInterceptor.java:44)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > ClientImpl.java:800)
> > > at
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > HTTPConduit.java:1592)
> > > at
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > HTTPConduit.java:1490)
> > > at
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > HTTPConduit.java:1309)
> > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > CacheAndWriteOutputStream.java:50)
> > > at org.apache.cxf.io.CachedOutputStream.close(
> > > CachedOutputStream.java:223)
> > > at org.apache.cxf.transport.AbstractConduit.close(
> > > AbstractConduit.java:56)
> > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > HTTPConduit.java:622)
> > > at
> > >
> > >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > MessageSenderInterceptor.java:62)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > )
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > ClientProxy.java:96)
> > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > JaxWsClientProxy.java:133)
> > > ... 3 more
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Dear Colm,
To develop this client I'm using Eclipse. I haven't successfully changed
the loglevel from INFO to FINE of the java.util.logging. I tried log4j and
got a bit more log, but I'm afraid it is not what your looking for. Next
monday I'm going to try to get more logging with the default logger. But
attached the log so far with log4j (but it's missing a lot if you ask me).
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
01-08-2013 10:48
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
Could you turn logging to "FINE" + attach the log? That should tell us the
exact policy validation error(s).
Colm.
On Thu, Aug 1, 2013 at 9:17 AM,
<r....@pantheon-automatisering.nl>wrote:
> Hi,
>
> Because the formatting was crappy an attachement.
>
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To:
"users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not
> be satisfied:
> ------------------------------
>
>
>
> Hi,
>
> It looks like the service is processing the CXF request correctly, but
is
> not returning a response that complies with the security policy, and the
> client is throwing an exception. It's impossible to find out without
seeing
> the security policy though. It should be in the WSDL file referenced in
the
> log, if you could attach it:
>
> file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> Bedrijven_v1.2_preprod.wsdl"
>
> Colm.
>
>
>
> On Thu, Aug 1, 2013 at 8:53 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Dear Colm,
> >
> > Sorry i didn't see your previous response. Because of my great e-mail
> > client (Notus ;) ) I wasn't properly connected to the mailinglist,
> > apologies for the inconvenience.
> > I don't know how to get the security policy of the service.
> > I added the message I send to the server. (I've removed the
SecurityToken
> > for security reasons).
> > The message I received is the text I copied from the log. I also added
> the
> > logging I get at the moment.
> >
> > Ralph
> >
> >
> >
> >
> > From: Colm O hEigeartaigh <co...@apache.org> To: "
> users@cxf.apache.org"
> > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> not
> > be satisfied:
> > ------------------------------
> >
> >
> >
> > Did you not see my previous response? We need to see the security
policy
> of
> > the service, the request message + the response message to be able to
> help
> > you.
> >
> > Colm.
> >
> >
> > On Thu, Aug 1, 2013 at 7:06 AM, <r.keegstra@pantheon-automatisering.nl
> > >wrote:
> >
> > > Dear CXF Support,
> > >
> > > First, I am a newbie with CXF. I am writing a CXF client to interact
> with
> > > the government. I am able to send a message. But when I receive the
> > > response my client crashes.
> > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java
1.6.45.
> If
> > > you need more info, please let me know as I don't exactly know what
> info
> > > you need to help me.
> > > Please help me, I'm stuck.
> > >
> > > Ralph Keegstra
> > >
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> > > not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedParts
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements
> > > AnonymousResponses
> > > at
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > AssertionInfoMap.java:179)
> > > at
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > PolicyVerificationInInterceptor.java:101)
> > > at
> > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > AbstractPolicyInterceptor.java:44)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > ClientImpl.java:800)
> > > at
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > HTTPConduit.java:1592)
> > > at
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > HTTPConduit.java:1490)
> > > at
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > HTTPConduit.java:1309)
> > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > CacheAndWriteOutputStream.java:50)
> > > at org.apache.cxf.io.CachedOutputStream.close(
> > > CachedOutputStream.java:223)
> > > at org.apache.cxf.transport.AbstractConduit.close(
> > > AbstractConduit.java:56)
> > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > HTTPConduit.java:622)
> > > at
> > >
> > >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > MessageSenderInterceptor.java:62)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > )
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > ClientProxy.java:96)
> > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > JaxWsClientProxy.java:133)
> > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > at
nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException:
These
> > > policy alternatives can not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedParts
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements
> > > AnonymousResponses
> > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > JaxWsClientProxy.java:155)
> > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > at
nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives can not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedParts
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements
> > > AnonymousResponses
> > > at
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > AssertionInfoMap.java:179)
> > > at
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > PolicyVerificationInInterceptor.java:101)
> > > at
> > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > AbstractPolicyInterceptor.java:44)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > ClientImpl.java:800)
> > > at
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > HTTPConduit.java:1592)
> > > at
> > >
> > >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > HTTPConduit.java:1490)
> > > at
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > HTTPConduit.java:1309)
> > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > CacheAndWriteOutputStream.java:50)
> > > at org.apache.cxf.io.CachedOutputStream.close(
> > > CachedOutputStream.java:223)
> > > at org.apache.cxf.transport.AbstractConduit.close(
> > > AbstractConduit.java:56)
> > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > HTTPConduit.java:622)
> > > at
> > >
> > >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > MessageSenderInterceptor.java:62)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > )
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > ClientProxy.java:96)
> > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > JaxWsClientProxy.java:133)
> > > ... 3 more
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
Could you turn logging to "FINE" + attach the log? That should tell us the
exact policy validation error(s).
Colm.
On Thu, Aug 1, 2013 at 9:17 AM, <r....@pantheon-automatisering.nl>wrote:
> Hi,
>
> Because the formatting was crappy an attachement.
>
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To: "users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 01-08-2013 10:09 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not
> be satisfied:
> ------------------------------
>
>
>
> Hi,
>
> It looks like the service is processing the CXF request correctly, but is
> not returning a response that complies with the security policy, and the
> client is throwing an exception. It's impossible to find out without seeing
> the security policy though. It should be in the WSDL file referenced in the
> log, if you could attach it:
>
> file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
> Bedrijven_v1.2_preprod.wsdl"
>
> Colm.
>
>
>
> On Thu, Aug 1, 2013 at 8:53 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Dear Colm,
> >
> > Sorry i didn't see your previous response. Because of my great e-mail
> > client (Notus ;) ) I wasn't properly connected to the mailinglist,
> > apologies for the inconvenience.
> > I don't know how to get the security policy of the service.
> > I added the message I send to the server. (I've removed the SecurityToken
> > for security reasons).
> > The message I received is the text I copied from the log. I also added
> the
> > logging I get at the moment.
> >
> > Ralph
> >
> >
> >
> >
> > From: Colm O hEigeartaigh <co...@apache.org> To: "
> users@cxf.apache.org"
> > <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not
> > be satisfied:
> > ------------------------------
> >
> >
> >
> > Did you not see my previous response? We need to see the security policy
> of
> > the service, the request message + the response message to be able to
> help
> > you.
> >
> > Colm.
> >
> >
> > On Thu, Aug 1, 2013 at 7:06 AM, <r.keegstra@pantheon-automatisering.nl
> > >wrote:
> >
> > > Dear CXF Support,
> > >
> > > First, I am a newbie with CXF. I am writing a CXF client to interact
> with
> > > the government. I am able to send a message. But when I receive the
> > > response my client crashes.
> > > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java 1.6.45.
> If
> > > you need more info, please let me know as I don't exactly know what
> info
> > > you need to help me.
> > > Please help me, I'm stuck.
> > >
> > > Ralph Keegstra
> > >
> > > org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> > > not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements
> > > AnonymousResponses
> > > at
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > AssertionInfoMap.java:179)
> > > at
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > PolicyVerificationInInterceptor.java:101)
> > > at
> > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > AbstractPolicyInterceptor.java:44)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > ClientImpl.java:800)
> > > at
> > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > HTTPConduit.java:1592)
> > > at
> > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > HTTPConduit.java:1490)
> > > at
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > HTTPConduit.java:1309)
> > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > CacheAndWriteOutputStream.java:50)
> > > at org.apache.cxf.io.CachedOutputStream.close(
> > > CachedOutputStream.java:223)
> > > at org.apache.cxf.transport.AbstractConduit.close(
> > > AbstractConduit.java:56)
> > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > HTTPConduit.java:622)
> > > at
> > >
> > >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > MessageSenderInterceptor.java:62)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > )
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > ClientProxy.java:96)
> > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > JaxWsClientProxy.java:133)
> > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > at nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These
> > > policy alternatives can not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements
> > > AnonymousResponses
> > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > JaxWsClientProxy.java:155)
> > > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > > at nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> > > alternatives can not be satisfied:
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > > }AsymmetricBinding
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }InitiatorToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }RecipientToken
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > > {
> http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > > }OptimizedMimeSerialization
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }SignedElements
> > > AnonymousResponses
> > > at
> > org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > > AssertionInfoMap.java:179)
> > > at
> > > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > > PolicyVerificationInInterceptor.java:101)
> > > at
> > > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > > AbstractPolicyInterceptor.java:44)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > > ClientImpl.java:800)
> > > at
> > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > > HTTPConduit.java:1592)
> > > at
> > >
> > >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > > HTTPConduit.java:1490)
> > > at
> > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > > HTTPConduit.java:1309)
> > > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > > CacheAndWriteOutputStream.java:50)
> > > at org.apache.cxf.io.CachedOutputStream.close(
> > > CachedOutputStream.java:223)
> > > at org.apache.cxf.transport.AbstractConduit.close(
> > > AbstractConduit.java:56)
> > > at org.apache.cxf.transport.http.HTTPConduit.close(
> > > HTTPConduit.java:622)
> > > at
> > >
> > >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > > MessageSenderInterceptor.java:62)
> > > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > > PhaseInterceptorChain.java:271)
> > > at
> > org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > > )
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > > at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > > ClientProxy.java:96)
> > > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > > JaxWsClientProxy.java:133)
> > > ... 3 more
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Hi,
Because the formatting was crappy an attachement.
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
01-08-2013 10:09
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
Hi,
It looks like the service is processing the CXF request correctly, but is
not returning a response that complies with the security policy, and the
client is throwing an exception. It's impossible to find out without
seeing
the security policy though. It should be in the WSDL file referenced in
the
log, if you could attach it:
file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
Bedrijven_v1.2_preprod.wsdl"
Colm.
On Thu, Aug 1, 2013 at 8:53 AM,
<r....@pantheon-automatisering.nl>wrote:
> Dear Colm,
>
> Sorry i didn't see your previous response. Because of my great e-mail
> client (Notus ;) ) I wasn't properly connected to the mailinglist,
> apologies for the inconvenience.
> I don't know how to get the security policy of the service.
> I added the message I send to the server. (I've removed the
SecurityToken
> for security reasons).
> The message I received is the text I copied from the log. I also added
the
> logging I get at the moment.
>
> Ralph
>
>
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To:
"users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not
> be satisfied:
> ------------------------------
>
>
>
> Did you not see my previous response? We need to see the security policy
of
> the service, the request message + the response message to be able to
help
> you.
>
> Colm.
>
>
> On Thu, Aug 1, 2013 at 7:06 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Dear CXF Support,
> >
> > First, I am a newbie with CXF. I am writing a CXF client to interact
with
> > the government. I am able to send a message. But when I receive the
> > response my client crashes.
> > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java 1.6.45.
If
> > you need more info, please let me know as I don't exactly know what
info
> > you need to help me.
> > Please help me, I'm stuck.
> >
> > Ralph Keegstra
> >
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can
> > not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > {
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements
> > AnonymousResponses
> > at
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > AssertionInfoMap.java:179)
> > at
> > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > PolicyVerificationInInterceptor.java:101)
> > at
> > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > AbstractPolicyInterceptor.java:44)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > ClientImpl.java:800)
> > at
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > HTTPConduit.java:1592)
> > at
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > HTTPConduit.java:1490)
> > at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > HTTPConduit.java:1309)
> > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > CacheAndWriteOutputStream.java:50)
> > at org.apache.cxf.io.CachedOutputStream.close(
> > CachedOutputStream.java:223)
> > at org.apache.cxf.transport.AbstractConduit.close(
> > AbstractConduit.java:56)
> > at org.apache.cxf.transport.http.HTTPConduit.close(
> > HTTPConduit.java:622)
> > at
> >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > MessageSenderInterceptor.java:62)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > )
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > ClientProxy.java:96)
> > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > JaxWsClientProxy.java:133)
> > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > at
nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These
> > policy alternatives can not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > {
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements
> > AnonymousResponses
> > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > JaxWsClientProxy.java:155)
> > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > at
nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives can not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > {
http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements
> > AnonymousResponses
> > at
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > AssertionInfoMap.java:179)
> > at
> > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > PolicyVerificationInInterceptor.java:101)
> > at
> > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > AbstractPolicyInterceptor.java:44)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > ClientImpl.java:800)
> > at
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > HTTPConduit.java:1592)
> > at
> >
> >
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > HTTPConduit.java:1490)
> > at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > HTTPConduit.java:1309)
> > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > CacheAndWriteOutputStream.java:50)
> > at org.apache.cxf.io.CachedOutputStream.close(
> > CachedOutputStream.java:223)
> > at org.apache.cxf.transport.AbstractConduit.close(
> > AbstractConduit.java:56)
> > at org.apache.cxf.transport.http.HTTPConduit.close(
> > HTTPConduit.java:622)
> > at
> >
> >
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > MessageSenderInterceptor.java:62)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > )
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > ClientProxy.java:96)
> > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > JaxWsClientProxy.java:133)
> > ... 3 more
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi,
It looks like the service is processing the CXF request correctly, but is
not returning a response that complies with the security policy, and the
client is throwing an exception. It's impossible to find out without seeing
the security policy though. It should be in the WSDL file referenced in the
log, if you could attach it:
file:WSDL/Aanleveren/Aanleverservice_Digipoort_WUS 2.0
Bedrijven_v1.2_preprod.wsdl"
Colm.
On Thu, Aug 1, 2013 at 8:53 AM, <r....@pantheon-automatisering.nl>wrote:
> Dear Colm,
>
> Sorry i didn't see your previous response. Because of my great e-mail
> client (Notus ;) ) I wasn't properly connected to the mailinglist,
> apologies for the inconvenience.
> I don't know how to get the security policy of the service.
> I added the message I send to the server. (I've removed the SecurityToken
> for security reasons).
> The message I received is the text I copied from the log. I also added the
> logging I get at the moment.
>
> Ralph
>
>
>
>
> From: Colm O hEigeartaigh <co...@apache.org> To: "users@cxf.apache.org"
> <us...@cxf.apache.org> Date: 01-08-2013 09:34 Subject: Re:
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not
> be satisfied:
> ------------------------------
>
>
>
> Did you not see my previous response? We need to see the security policy of
> the service, the request message + the response message to be able to help
> you.
>
> Colm.
>
>
> On Thu, Aug 1, 2013 at 7:06 AM, <r.keegstra@pantheon-automatisering.nl
> >wrote:
>
> > Dear CXF Support,
> >
> > First, I am a newbie with CXF. I am writing a CXF client to interact with
> > the government. I am able to send a message. But when I receive the
> > response my client crashes.
> > Below is the stacktrace. I'm using CXF 2.7.6. I am using Java 1.6.45. If
> > you need more info, please let me know as I don't exactly know what info
> > you need to help me.
> > Please help me, I'm stuck.
> >
> > Ralph Keegstra
> >
> > org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> > not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements
> > AnonymousResponses
> > at
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > AssertionInfoMap.java:179)
> > at
> > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > PolicyVerificationInInterceptor.java:101)
> > at
> > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > AbstractPolicyInterceptor.java:44)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > ClientImpl.java:800)
> > at
> >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > HTTPConduit.java:1592)
> > at
> >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > HTTPConduit.java:1490)
> > at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > HTTPConduit.java:1309)
> > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > CacheAndWriteOutputStream.java:50)
> > at org.apache.cxf.io.CachedOutputStream.close(
> > CachedOutputStream.java:223)
> > at org.apache.cxf.transport.AbstractConduit.close(
> > AbstractConduit.java:56)
> > at org.apache.cxf.transport.http.HTTPConduit.close(
> > HTTPConduit.java:622)
> > at
> >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > MessageSenderInterceptor.java:62)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > )
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > ClientProxy.java:96)
> > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > JaxWsClientProxy.java:133)
> > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > at nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These
> > policy alternatives can not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements
> > AnonymousResponses
> > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > JaxWsClientProxy.java:155)
> > at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> > at nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> > at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> > Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> > alternatives can not be satisfied:
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> > }AsymmetricBinding
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }InitiatorToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }RecipientToken
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> > {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> > {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> > }OptimizedMimeSerialization
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }SignedElements
> > AnonymousResponses
> > at
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> > AssertionInfoMap.java:179)
> > at
> > org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> > PolicyVerificationInInterceptor.java:101)
> > at
> > org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> > AbstractPolicyInterceptor.java:44)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at org.apache.cxf.endpoint.ClientImpl.onMessage(
> > ClientImpl.java:800)
> > at
> >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> > HTTPConduit.java:1592)
> > at
> >
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> > HTTPConduit.java:1490)
> > at
> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> > HTTPConduit.java:1309)
> > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> > CacheAndWriteOutputStream.java:50)
> > at org.apache.cxf.io.CachedOutputStream.close(
> > CachedOutputStream.java:223)
> > at org.apache.cxf.transport.AbstractConduit.close(
> > AbstractConduit.java:56)
> > at org.apache.cxf.transport.http.HTTPConduit.close(
> > HTTPConduit.java:622)
> > at
> >
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> > MessageSenderInterceptor.java:62)
> > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> > PhaseInterceptorChain.java:271)
> > at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> > )
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> > at org.apache.cxf.frontend.ClientProxy.invokeSync(
> > ClientProxy.java:96)
> > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> > JaxWsClientProxy.java:133)
> > ... 3 more
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
Posted by r....@pantheon-automatisering.nl.
Dear Colm,
Sorry i didn't see your previous response. Because of my great e-mail
client (Notus ;) ) I wasn't properly connected to the mailinglist,
apologies for the inconvenience.
I don't know how to get the security policy of the service.
I added the message I send to the server. (I've removed the SecurityToken
for security reasons).
The message I received is the text I copied from the log. I also added the
logging I get at the moment.
Ralph
From:
Colm O hEigeartaigh <co...@apache.org>
To:
"users@cxf.apache.org" <us...@cxf.apache.org>
Date:
01-08-2013 09:34
Subject:
Re: org.apache.cxf.ws.policy.PolicyException: These policy alternatives
can not be satisfied:
Did you not see my previous response? We need to see the security policy
of
the service, the request message + the response message to be able to help
you.
Colm.
On Thu, Aug 1, 2013 at 7:06 AM,
<r....@pantheon-automatisering.nl>wrote:
> Dear CXF Support,
>
> First, I am a newbie with CXF. I am writing a CXF client to interact
with
> the government. I am able to send a message. But when I receive the
> response my client crashes.
> Below is the stacktrace. I'm using CXF 2.7.6. I am using Java 1.6.45. If
> you need more info, please let me know as I don't exactly know what info
> you need to help me.
> Please help me, I'm stuck.
>
> Ralph Keegstra
>
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}InitiatorToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}RecipientToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedElements
> AnonymousResponses
> at
org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> AssertionInfoMap.java:179)
> at
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> PolicyVerificationInInterceptor.java:101)
> at
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> AbstractPolicyInterceptor.java:44)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(
> ClientImpl.java:800)
> at
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> HTTPConduit.java:1592)
> at
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> HTTPConduit.java:1490)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> HTTPConduit.java:1309)
> at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> CacheAndWriteOutputStream.java:50)
> at org.apache.cxf.io.CachedOutputStream.close(
> CachedOutputStream.java:223)
> at org.apache.cxf.transport.AbstractConduit.close(
> AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(
> HTTPConduit.java:622)
> at
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> MessageSenderInterceptor.java:62)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:271)
> at
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> )
> at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:133)
> at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> at nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These
> policy alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}InitiatorToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}RecipientToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedElements
> AnonymousResponses
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:155)
> at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> at nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}InitiatorToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}RecipientToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
}SignedElements
> AnonymousResponses
> at
org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> AssertionInfoMap.java:179)
> at
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> PolicyVerificationInInterceptor.java:101)
> at
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> AbstractPolicyInterceptor.java:44)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(
> ClientImpl.java:800)
> at
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> HTTPConduit.java:1592)
> at
>
>
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> HTTPConduit.java:1490)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> HTTPConduit.java:1309)
> at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> CacheAndWriteOutputStream.java:50)
> at org.apache.cxf.io.CachedOutputStream.close(
> CachedOutputStream.java:223)
> at org.apache.cxf.transport.AbstractConduit.close(
> AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(
> HTTPConduit.java:622)
> at
>
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> MessageSenderInterceptor.java:62)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:271)
> at
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> )
> at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:133)
> ... 3 more
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: org.apache.cxf.ws.policy.PolicyException: These policy
alternatives can not be satisfied:
Posted by Colm O hEigeartaigh <co...@apache.org>.
Did you not see my previous response? We need to see the security policy of
the service, the request message + the response message to be able to help
you.
Colm.
On Thu, Aug 1, 2013 at 7:06 AM, <r....@pantheon-automatisering.nl>wrote:
> Dear CXF Support,
>
> First, I am a newbie with CXF. I am writing a CXF client to interact with
> the government. I am able to send a message. But when I receive the
> response my client crashes.
> Below is the stacktrace. I'm using CXF 2.7.6. I am using Java 1.6.45. If
> you need more info, please let me know as I don't exactly know what info
> you need to help me.
> Please help me, I'm stuck.
>
> Ralph Keegstra
>
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
> not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedElements
> AnonymousResponses
> at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> AssertionInfoMap.java:179)
> at
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> PolicyVerificationInInterceptor.java:101)
> at
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> AbstractPolicyInterceptor.java:44)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(
> ClientImpl.java:800)
> at
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> HTTPConduit.java:1592)
> at
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> HTTPConduit.java:1490)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> HTTPConduit.java:1309)
> at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> CacheAndWriteOutputStream.java:50)
> at org.apache.cxf.io.CachedOutputStream.close(
> CachedOutputStream.java:223)
> at org.apache.cxf.transport.AbstractConduit.close(
> AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(
> HTTPConduit.java:622)
> at
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> MessageSenderInterceptor.java:62)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> )
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:133)
> at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> at nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These
> policy alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedElements
> AnonymousResponses
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:155)
> at com.sun.proxy.$Proxy34.aanleveren(Unknown Source)
> at nl.pfm.wus.aanroep.WUSAanlever.leverAan(WUSAanlever.java:34)
> at nl.pfm.wus.aanroep.WUSAanroep.main(WUSAanroep.java:9)
> Caused by: org.apache.cxf.ws.policy.PolicyException: These policy
> alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
> }AsymmetricBinding
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
> {http://www.w3.org/2007/05/addressing/metadata}Anonymous
> {http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization
> }OptimizedMimeSerialization
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedElements
> AnonymousResponses
> at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(
> AssertionInfoMap.java:179)
> at
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(
> PolicyVerificationInInterceptor.java:101)
> at
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(
> AbstractPolicyInterceptor.java:44)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(
> ClientImpl.java:800)
> at
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(
> HTTPConduit.java:1592)
> at
>
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(
> HTTPConduit.java:1490)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(
> HTTPConduit.java:1309)
> at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(
> CacheAndWriteOutputStream.java:50)
> at org.apache.cxf.io.CachedOutputStream.close(
> CachedOutputStream.java:223)
> at org.apache.cxf.transport.AbstractConduit.close(
> AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(
> HTTPConduit.java:622)
> at
>
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(
> MessageSenderInterceptor.java:62)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530
> )
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(
> ClientProxy.java:96)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:133)
> ... 3 more
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com