You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Ni...@cargarantie.com on 2015/04/20 12:23:36 UTC
Custom WS-Security Policy for Webservice
Hi all,
I'm trying to apply a custom WS-Security policy to a web service. I'm
using wsimport from the jaxws-maven-plugin to generate the SEI. The
implementation of the SEI looks like this:
import javax.jws.WebService;
import org.apache.cxf.annotations.Policy;
import org.jboss.ws.api.annotation.EndpointConfig;
@WebService(
portName = "VehicleOrderRetailDelivery",
serviceName = "VehicleOrderRetailDelivery",
targetNamespace = "some/namespace",
wsdlLocation =
"/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl",
endpointInterface =
"mypackage.IVehicleOrderRetailDelivery"
)
@Policies({@Policy(placement = Policy.Placement.BINDING, uri =
"CustomPolicy.xml", includeInWSDL=true)})
@EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml"
, configName = "Custom WS-Security Endpoint")
public class VehicleOrderRetailDelivery implements
IVehicleOrderRetailDelivery {
public void report(@XmlElement(required = true)
ReportRequestType reportRequest) { ... }
}
The problem is that the custom WS-Security policy is not active. If I send
requests to the endpoint using SoapUI, I get a soap fault telling me that
the message contains encrypted data. I'm using Wildfly 8.1.0 and I've
already set the log level to DEBUG but there is no information in the log
what goes wrong or why the policy is not active. This part of the log
makes me believe that there is some kind of policy that it is loaded
21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default
task-5) Chain org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815 was
modified. `Current flow:`
receive [PolicyInInterceptor, EndpointAssociationInterceptor,
AttachmentInInterceptor]
pre-stream [CertConstraintsInterceptor]
post-stream [StaxInInterceptor]
read [WSDLGetInterceptor, ReadHeadersInterceptor,
SoapActionInInterceptor, StartBodyInterceptor]
pre-protocol [EnableDecoupledFaultInterceptor, MEXInInterceptor,
MustUnderstandInterceptor]
pre-protocol-frontend [HandlerAuthInterceptor]
post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack
]
unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
pre-logical [NsCtxSelectorStoreInterceptor, OneWayProcessorInterceptor,
MustUnderstandEndingInterceptor]
post-logical [WrapperClassInInterceptor]
pre-invoke [SwAInInterceptor, HolderInInterceptor]
invoke [ServiceInvokerInterceptor,
UltimateReceiverMustUnderstandInterceptor]
post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor]
but why is it not active? Does anybody have an idea why the custom policy
is not loaded? Any hints are highly appreciated.
Cheers
Nik
Antwort: RE: Antwort: RE: Antwort: RE: Antwort: RE: Custom WS-Security
Policy for Webservice
Posted by Ni...@cargarantie.com.
Hi Andrei, pleas apologize my late reply. I was away the last two months!
> > > > I've debugged the PlicyAnnotationListener at the recommended
> > > position, but no
> > > > result. Both methods in case ENDPOINT_SELECTED (addPolicies(...)
and
> > > > addEndpointImplPolicies(...)) do not add a policy since the
> > policylists are
> > > > always empty (null). The reason for this is probably that the
> > > PropertyMap of the
> > > > endpoint interface is also null. In summray, no policies (policy
> > > annotations) are
> > > > found.
> > >
> > > Did you see @Policies annotations for the implClass in
> > > addEndpointImplPolicies(...) in debugger variables explorer?
> > > Is the implementation class correct one?
> >
> > I'm not sure if I understood your question correctly, but in
> Variables Explorer, I
> > see that other annotation properties I've made for WS-Security,
> like encryption
> > properties, username, etc., are loaded correctly (the
> implementation class is
> > JaxWsEndpointImpl). I think this shows that the correct class is
loaded.
>
> I mean just to verify in debugger inside addEndpointImplPolicies()
> method that cls (implementation class) has all declared annotations
> (including @Policies).
> You can add cls.getAnnotations() in debugger expressions window and
> see what is declared on class level.
The cls contains my web service interface, the implCls contains the actual
implementation of the interface. The cls object contains all declared
annotations of the interface class. However, the implCls is missing
@EndpointConfig and @Policy which are declared in the implementaton class.
> Was the following check inside addEndpointImplPolicies()
> unsuccessful or you go inside?:
> Policy p = cls.getAnnotation(Policy.class);
> Policies ps = cls.getAnnotation(Policies.class);
> if (p != null || ps != null) {
> ...
Yes, it was unsuccessful. Both p and ps are null.
> Could you try to start you class standalone, without application
> server and see if the problem persists?
If I run my web service in standalone mode, the implClass used in the
endpoint contains the policy annotaitons.
My assumption is that the class loading does not work properly, maybe
because the wrong class loader is used. Do you have any suggestion how to
proceed?
Thanks
Nik
> Regards,
> Andrei.
>
> >
> > Regards
> > Niko
> >
> > >
> > > Regards,
> > > Andrei.
> > >
> > > >
> > > > Thanks
> > > > Niko
> > > >
> > > > >
> > > > > Thanks
> > > > > Niko
> > > > >
> > > > > >
> > > > > > Regards,
> > > > > > Andrei.
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Nikolaus.Huber@cargarantie.com
> > > > > > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > > > > > Sent: Dienstag, 21. April 2015 12:46
> > > > > > > To: users@cxf.apache.org
> > > > > > > Subject: Antwort: RE: Custom WS-Security Policy for
Webservice
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > thanks for the link to the examples. I'm using a similar
> > > > > > configuration now, but
> > > > > > > without success.
> > > > > > >
> > > > > > > Concerning your questions: What I want to achieve is
basically
> > the
> > > > > policy
> > > > > > > described here (
> > > > > > >
> > > > >
> > > >
> >
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-
> > > > > > > examples.html#_Toc274723250
> > > > > > > ). The only difference is that I want to use Basic128 as the
> > > > > > Algorithm Suite. This
> > > > > > > is the requirement of our customer. Thus, I do not register
an
> > > > > interceptor
> > > > > > > provider. The policy assertions I use should be standard,
right?
> > > > > > >
> > > > > > > Thanks
> > > > > > > Niko
> > > > > > >
> > > > > > > Andrei Shakirin <as...@talend.com> schrieb am 20.04.2015
> > > > 21:06:03:
> > > > > > >
> > > > > > > > Von: Andrei Shakirin <as...@talend.com>
> > > > > > > > An: "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > > > > Datum: 20.04.2015 21:07
> > > > > > > > Betreff: RE: Custom WS-Security Policy for Webservice
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > Take a look in following system tests:
> > > > > > > >
> > > >
https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > > > > > >
> > > > >
> > test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java
> > > > > > > >
> > > >
https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > > > > > > test/java/org/apache/cxf/systest/ws/policy/javafirst/
> > > > > > > > OperationSimpleServiceImpl.java
> > > > > > > >
> > > > > > > > One possible issue is that uri attribute in @Policy
> > > > > > > > annotation can
> > > >
> > > > > be
> > > > > > > > required to be in URI form (classpath:/xxx, file:///xxx).
> > > > > > > > Do you register interceptor provider for the custom policy
> > > > assertion
> > > > > > > > or it contains standard assertions? What is your
expectation
> > > > > > > > from activating of custom policy?
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > > Andrei.
> > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: Nikolaus.Huber@cargarantie.com
> > > > > > > > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > > > > > > > Sent: Montag, 20. April 2015 12:24
> > > > > > > > > To: users@cxf.apache.org
> > > > > > > > > Subject: Custom WS-Security Policy for Webservice
> > > > > > > > >
> > > > > > > > > Hi all,
> > > > > > > > >
> > > > > > > > > I'm trying to apply a custom WS-Security policy to a web
> > > > service.
> > > > > > > > > I'm
> > > > > > > using
> > > > > > > > > wsimport from the jaxws-maven-plugin to generate the
SEI.
> > The
> > > > > > > > > implementation of the SEI looks like this:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > import javax.jws.WebService;
> > > > > > > > > import org.apache.cxf.annotations.Policy;
> > > > > > > > > import
org.jboss.ws.api.annotation.EndpointConfig;
> > > > > > > > >
> > > > > > > > > @WebService(
> > > > > > > > > portName = "VehicleOrderRetailDelivery",
> > > > > > > > > serviceName =
"VehicleOrderRetailDelivery",
> > > > > > > > > targetNamespace = "some/namespace",
> > > > > > > > > wsdlLocation =
> > > > > > > > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl",
> > > > > > > > > endpointInterface =
> > > > > > > > > "mypackage.IVehicleOrderRetailDelivery"
> > > > > > > > > )
> > > > > > > > > @Policies({@Policy(placement =
> > > > > > > > > Policy.Placement.BINDING,
> > > >
> > > > > uri
> > > > > > > > > = "CustomPolicy.xml", includeInWSDL=true)})
> > > > > > > > > @EndpointConfig(configFile =
> > > > > > > "WEB-INF/jaxws-endpoint-config.xml"
> > > > > > > > > , configName = "Custom WS-Security Endpoint")
> > > > > > > > > public class VehicleOrderRetailDelivery
implements
> > > > > > > > > IVehicleOrderRetailDelivery {
> > > > > > > > >
> > > > > > > > > public void report(@XmlElement(required
=
> > > > > > > > > true)
> > > > > > > > ReportRequestType
> > > > > > > > > reportRequest) { ... }
> > > > > > > > > }
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > The problem is that the custom WS-Security policy is not
> > active.
> > > >
> > > > > If
> > > > > > > > > I
> > > > > > > send
> > > > > > > > > requests to the endpoint using SoapUI, I get a soap
fault
> > > > telling
> > > > > me
> > > > > > > that
> > > > > > > > > the message contains encrypted data. I'm using Wildfly
> > > > > > > > > 8.1.0 and I've already set the log level to DEBUG but
> > > > > > > > > there is no
> > > > > information
> > > > > > > > > in the
> > > > > > > log
> > > > > > > > > what goes wrong or why the policy is not active. This
part
> > of
> > > > the
> > > > > > > > > log makes me believe that there is some kind of policy
> > > > > > > > > that
> > it
> > > > is
> > > > > > > > > loaded
> > > > > > > > >
> > > > > > > > > 21:43:17,813 FINE
> > > > > > > > > [org.apache.cxf.phase.PhaseInterceptorChain]
> > > > > > > (default
> > > > > > > > > task-5) Chain
> > > > org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815
> > > > > > > > > was modified. `Current flow:` receive
> > > > > > > > > [PolicyInInterceptor, EndpointAssociationInterceptor,
> > AttachmentInInterceptor]
> > > > > > > > > pre-stream [CertConstraintsInterceptor]
> > > > > > > > > post-stream [StaxInInterceptor]
> > > > > > > > > read [WSDLGetInterceptor, ReadHeadersInterceptor,
> > > > > > > > > SoapActionInInterceptor, StartBodyInterceptor]
> > > > > > > > > pre-protocol [EnableDecoupledFaultInterceptor,
> > > > MEXInInterceptor,
> > > > > > > > > MustUnderstandInterceptor]
> > > > > > > > > pre-protocol-frontend [HandlerAuthInterceptor]
> > > > > > > > > post-protocol [CheckFaultInterceptor,
> > > > > > > JAXBAttachmentSchemaValidationHack
> > > > > > > > > ]
> > > > > > > > > unmarshal [DocLiteralInInterceptor,
SoapHeaderInterceptor]
> > > > > > > > > pre-logical [NsCtxSelectorStoreInterceptor,
> > > > > > > OneWayProcessorInterceptor,
> > > > > > > > > MustUnderstandEndingInterceptor]
> > > > > > > > > post-logical [WrapperClassInInterceptor]
> > > > > > > > > pre-invoke [SwAInInterceptor, HolderInInterceptor]
> > > > > > > > > invoke [ServiceInvokerInterceptor,
> > > > > > > > > UltimateReceiverMustUnderstandInterceptor]
> > > > > > > > > post-invoke [OutgoingChainInterceptor,
> > > > StaxInEndingInterceptor]
> > > > > > > > >
> > > > > > > > > but why is it not active? Does anybody have an idea why
> > > > > > > > > the
> > > > custom
> > > > > > > policy
> > > > > > > > > is not loaded? Any hints are highly appreciated.
> > > > > > > > >
> > > > > > > > > Cheers
> > > > > > > > > Nik
RE: Antwort: RE: Antwort: RE: Antwort: RE: Custom WS-Security
Policy for Webservice
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
> -----Original Message-----
> From: Nikolaus.Huber@cargarantie.com
> [mailto:Nikolaus.Huber@cargarantie.com]
> Sent: Dienstag, 5. Mai 2015 16:16
> To: users@cxf.apache.org
> Subject: Antwort: RE: Antwort: RE: Antwort: RE: Custom WS-Security Policy for
> Webservice
>
> Hi,
>
> > > I've debugged the PlicyAnnotationListener at the recommended
> > position, but no
> > > result. Both methods in case ENDPOINT_SELECTED (addPolicies(...) and
> > > addEndpointImplPolicies(...)) do not add a policy since the
> policylists are
> > > always empty (null). The reason for this is probably that the
> > PropertyMap of the
> > > endpoint interface is also null. In summray, no policies (policy
> > annotations) are
> > > found.
> >
> > Did you see @Policies annotations for the implClass in
> > addEndpointImplPolicies(...) in debugger variables explorer?
> > Is the implementation class correct one?
>
> I'm not sure if I understood your question correctly, but in Variables Explorer, I
> see that other annotation properties I've made for WS-Security, like encryption
> properties, username, etc., are loaded correctly (the implementation class is
> JaxWsEndpointImpl). I think this shows that the correct class is loaded.
I mean just to verify in debugger inside addEndpointImplPolicies() method that cls (implementation class) has all declared annotations (including @Policies).
You can add cls.getAnnotations() in debugger expressions window and see what is declared on class level.
Was the following check inside addEndpointImplPolicies() unsuccessful or you go inside?:
Policy p = cls.getAnnotation(Policy.class);
Policies ps = cls.getAnnotation(Policies.class);
if (p != null || ps != null) {
...
>
> > >
> > > Do you have any idea/recommendation how to proceed? Do you think the
> > > reason might be that I missed some important configuration, e.g.,
> > a namespace
> > > in the policy file or something else (I don't think so since the
> > examples don't use
> > > any custom namespaces)?
> > >
> > > In which environment did you run your sample projects? Maybe I'll
> > give it a try
> > > to switch...
> >
> > I don't see obvious problem in your code.
> > Try to run following CXF system test: https://github.com/apache/cxf/
> > blob/master/systests/ws-security/src/test/java/org/apache/cxf/
> > systest/ws/policy/JavaFirstPolicyServiceTest.java
> > It uses service class with very similar @Policy annotation: https://
> > github.com/apache/cxf/blob/master/systests/ws-security/src/test/
> >
> java/org/apache/cxf/systest/ws/policy/javafirst/BindingSimpleServiceImpl.java
> >
> > What is the difference in your case?
>
> The test can be executed and I don't see a difference to the
> BindingSimpleServiceImpl. What I can do is try to reuse your policy...
Could you try to start you class standalone, without application server and see if the problem persists?
Regards,
Andrei.
>
> Regards
> Niko
>
> >
> > Regards,
> > Andrei.
> >
> > >
> > > Thanks
> > > Niko
> > >
> > > >
> > > > Thanks
> > > > Niko
> > > >
> > > > >
> > > > > Regards,
> > > > > Andrei.
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Nikolaus.Huber@cargarantie.com
> > > > > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > > > > Sent: Dienstag, 21. April 2015 12:46
> > > > > > To: users@cxf.apache.org
> > > > > > Subject: Antwort: RE: Custom WS-Security Policy for Webservice
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > thanks for the link to the examples. I'm using a similar
> > > > > configuration now, but
> > > > > > without success.
> > > > > >
> > > > > > Concerning your questions: What I want to achieve is basically
> the
> > > > policy
> > > > > > described here (
> > > > > >
> > > >
> > >
> http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-
> > > > > > examples.html#_Toc274723250
> > > > > > ). The only difference is that I want to use Basic128 as the
> > > > > Algorithm Suite. This
> > > > > > is the requirement of our customer. Thus, I do not register an
> > > > interceptor
> > > > > > provider. The policy assertions I use should be standard, right?
> > > > > >
> > > > > > Thanks
> > > > > > Niko
> > > > > >
> > > > > > Andrei Shakirin <as...@talend.com> schrieb am 20.04.2015
> > > 21:06:03:
> > > > > >
> > > > > > > Von: Andrei Shakirin <as...@talend.com>
> > > > > > > An: "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > > > Datum: 20.04.2015 21:07
> > > > > > > Betreff: RE: Custom WS-Security Policy for Webservice
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Take a look in following system tests:
> > > > > > >
> > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > > > > >
> > > >
> test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java
> > > > > > >
> > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > > > > > test/java/org/apache/cxf/systest/ws/policy/javafirst/
> > > > > > > OperationSimpleServiceImpl.java
> > > > > > >
> > > > > > > One possible issue is that uri attribute in @Policy
> > > > > > > annotation can
> > >
> > > > be
> > > > > > > required to be in URI form (classpath:/xxx, file:///xxx).
> > > > > > > Do you register interceptor provider for the custom policy
> > > assertion
> > > > > > > or it contains standard assertions? What is your expectation
> > > > > > > from activating of custom policy?
> > > > > > >
> > > > > > > Regards,
> > > > > > > Andrei.
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Nikolaus.Huber@cargarantie.com
> > > > > > > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > > > > > > Sent: Montag, 20. April 2015 12:24
> > > > > > > > To: users@cxf.apache.org
> > > > > > > > Subject: Custom WS-Security Policy for Webservice
> > > > > > > >
> > > > > > > > Hi all,
> > > > > > > >
> > > > > > > > I'm trying to apply a custom WS-Security policy to a web
> > > service.
> > > > > > > > I'm
> > > > > > using
> > > > > > > > wsimport from the jaxws-maven-plugin to generate the SEI.
> The
> > > > > > > > implementation of the SEI looks like this:
> > > > > > > >
> > > > > > > >
> > > > > > > > import javax.jws.WebService;
> > > > > > > > import org.apache.cxf.annotations.Policy;
> > > > > > > > import org.jboss.ws.api.annotation.EndpointConfig;
> > > > > > > >
> > > > > > > > @WebService(
> > > > > > > > portName = "VehicleOrderRetailDelivery",
> > > > > > > > serviceName = "VehicleOrderRetailDelivery",
> > > > > > > > targetNamespace = "some/namespace",
> > > > > > > > wsdlLocation =
> > > > > > > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl",
> > > > > > > > endpointInterface =
> > > > > > > > "mypackage.IVehicleOrderRetailDelivery"
> > > > > > > > )
> > > > > > > > @Policies({@Policy(placement =
> > > > > > > > Policy.Placement.BINDING,
> > >
> > > > uri
> > > > > > > > = "CustomPolicy.xml", includeInWSDL=true)})
> > > > > > > > @EndpointConfig(configFile =
> > > > > > "WEB-INF/jaxws-endpoint-config.xml"
> > > > > > > > , configName = "Custom WS-Security Endpoint")
> > > > > > > > public class VehicleOrderRetailDelivery implements
> > > > > > > > IVehicleOrderRetailDelivery {
> > > > > > > >
> > > > > > > > public void report(@XmlElement(required =
> > > > > > > > true)
> > > > > > > ReportRequestType
> > > > > > > > reportRequest) { ... }
> > > > > > > > }
> > > > > > > >
> > > > > > > >
> > > > > > > > The problem is that the custom WS-Security policy is not
> active.
> > >
> > > > If
> > > > > > > > I
> > > > > > send
> > > > > > > > requests to the endpoint using SoapUI, I get a soap fault
> > > telling
> > > > me
> > > > > > that
> > > > > > > > the message contains encrypted data. I'm using Wildfly
> > > > > > > > 8.1.0 and I've already set the log level to DEBUG but
> > > > > > > > there is no
> > > > information
> > > > > > > > in the
> > > > > > log
> > > > > > > > what goes wrong or why the policy is not active. This part
> of
> > > the
> > > > > > > > log makes me believe that there is some kind of policy
> > > > > > > > that
> it
> > > is
> > > > > > > > loaded
> > > > > > > >
> > > > > > > > 21:43:17,813 FINE
> > > > > > > > [org.apache.cxf.phase.PhaseInterceptorChain]
> > > > > > (default
> > > > > > > > task-5) Chain
> > > org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815
> > > > > > > > was modified. `Current flow:` receive
> > > > > > > > [PolicyInInterceptor, EndpointAssociationInterceptor,
> AttachmentInInterceptor]
> > > > > > > > pre-stream [CertConstraintsInterceptor]
> > > > > > > > post-stream [StaxInInterceptor]
> > > > > > > > read [WSDLGetInterceptor, ReadHeadersInterceptor,
> > > > > > > > SoapActionInInterceptor, StartBodyInterceptor]
> > > > > > > > pre-protocol [EnableDecoupledFaultInterceptor,
> > > MEXInInterceptor,
> > > > > > > > MustUnderstandInterceptor]
> > > > > > > > pre-protocol-frontend [HandlerAuthInterceptor]
> > > > > > > > post-protocol [CheckFaultInterceptor,
> > > > > > JAXBAttachmentSchemaValidationHack
> > > > > > > > ]
> > > > > > > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> > > > > > > > pre-logical [NsCtxSelectorStoreInterceptor,
> > > > > > OneWayProcessorInterceptor,
> > > > > > > > MustUnderstandEndingInterceptor]
> > > > > > > > post-logical [WrapperClassInInterceptor]
> > > > > > > > pre-invoke [SwAInInterceptor, HolderInInterceptor]
> > > > > > > > invoke [ServiceInvokerInterceptor,
> > > > > > > > UltimateReceiverMustUnderstandInterceptor]
> > > > > > > > post-invoke [OutgoingChainInterceptor,
> > > StaxInEndingInterceptor]
> > > > > > > >
> > > > > > > > but why is it not active? Does anybody have an idea why
> > > > > > > > the
> > > custom
> > > > > > policy
> > > > > > > > is not loaded? Any hints are highly appreciated.
> > > > > > > >
> > > > > > > > Cheers
> > > > > > > > Nik
Antwort: RE: Antwort: RE: Antwort: RE: Custom WS-Security Policy for
Webservice
Posted by Ni...@cargarantie.com.
Hi,
> > I've debugged the PlicyAnnotationListener at the recommended
> position, but no
> > result. Both methods in case ENDPOINT_SELECTED (addPolicies(...) and
> > addEndpointImplPolicies(...)) do not add a policy since the
policylists are
> > always empty (null). The reason for this is probably that the
> PropertyMap of the
> > endpoint interface is also null. In summray, no policies (policy
> annotations) are
> > found.
>
> Did you see @Policies annotations for the implClass in
> addEndpointImplPolicies(...) in debugger variables explorer?
> Is the implementation class correct one?
I'm not sure if I understood your question correctly, but in Variables
Explorer, I see that other annotation properties I've made for
WS-Security, like encryption properties, username, etc., are loaded
correctly (the implementation class is JaxWsEndpointImpl). I think this
shows that the correct class is loaded.
> >
> > Do you have any idea/recommendation how to proceed? Do you think the
> > reason might be that I missed some important configuration, e.g.,
> a namespace
> > in the policy file or something else (I don't think so since the
> examples don't use
> > any custom namespaces)?
> >
> > In which environment did you run your sample projects? Maybe I'll
> give it a try
> > to switch...
>
> I don't see obvious problem in your code.
> Try to run following CXF system test: https://github.com/apache/cxf/
> blob/master/systests/ws-security/src/test/java/org/apache/cxf/
> systest/ws/policy/JavaFirstPolicyServiceTest.java
> It uses service class with very similar @Policy annotation: https://
> github.com/apache/cxf/blob/master/systests/ws-security/src/test/
>
java/org/apache/cxf/systest/ws/policy/javafirst/BindingSimpleServiceImpl.java
>
> What is the difference in your case?
The test can be executed and I don't see a difference to the
BindingSimpleServiceImpl. What I can do is try to reuse your policy...
Regards
Niko
>
> Regards,
> Andrei.
>
> >
> > Thanks
> > Niko
> >
> > >
> > > Thanks
> > > Niko
> > >
> > > >
> > > > Regards,
> > > > Andrei.
> > > >
> > > > > -----Original Message-----
> > > > > From: Nikolaus.Huber@cargarantie.com
> > > > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > > > Sent: Dienstag, 21. April 2015 12:46
> > > > > To: users@cxf.apache.org
> > > > > Subject: Antwort: RE: Custom WS-Security Policy for Webservice
> > > > >
> > > > > Hi,
> > > > >
> > > > > thanks for the link to the examples. I'm using a similar
> > > > configuration now, but
> > > > > without success.
> > > > >
> > > > > Concerning your questions: What I want to achieve is basically
the
> > > policy
> > > > > described here (
> > > > >
> > >
> >
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-
> > > > > examples.html#_Toc274723250
> > > > > ). The only difference is that I want to use Basic128 as the
> > > > Algorithm Suite. This
> > > > > is the requirement of our customer. Thus, I do not register an
> > > interceptor
> > > > > provider. The policy assertions I use should be standard, right?
> > > > >
> > > > > Thanks
> > > > > Niko
> > > > >
> > > > > Andrei Shakirin <as...@talend.com> schrieb am 20.04.2015
> > 21:06:03:
> > > > >
> > > > > > Von: Andrei Shakirin <as...@talend.com>
> > > > > > An: "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > > Datum: 20.04.2015 21:07
> > > > > > Betreff: RE: Custom WS-Security Policy for Webservice
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > Take a look in following system tests:
> > > > > >
> > https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > > > >
> > >
test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java
> > > > > >
> > https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > > > > test/java/org/apache/cxf/systest/ws/policy/javafirst/
> > > > > > OperationSimpleServiceImpl.java
> > > > > >
> > > > > > One possible issue is that uri attribute in @Policy annotation
> > > > > > can
> >
> > > be
> > > > > > required to be in URI form (classpath:/xxx, file:///xxx).
> > > > > > Do you register interceptor provider for the custom policy
> > assertion
> > > > > > or it contains standard assertions? What is your expectation
> > > > > > from activating of custom policy?
> > > > > >
> > > > > > Regards,
> > > > > > Andrei.
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Nikolaus.Huber@cargarantie.com
> > > > > > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > > > > > Sent: Montag, 20. April 2015 12:24
> > > > > > > To: users@cxf.apache.org
> > > > > > > Subject: Custom WS-Security Policy for Webservice
> > > > > > >
> > > > > > > Hi all,
> > > > > > >
> > > > > > > I'm trying to apply a custom WS-Security policy to a web
> > service.
> > > > > > > I'm
> > > > > using
> > > > > > > wsimport from the jaxws-maven-plugin to generate the SEI.
The
> > > > > > > implementation of the SEI looks like this:
> > > > > > >
> > > > > > >
> > > > > > > import javax.jws.WebService;
> > > > > > > import org.apache.cxf.annotations.Policy;
> > > > > > > import org.jboss.ws.api.annotation.EndpointConfig;
> > > > > > >
> > > > > > > @WebService(
> > > > > > > portName = "VehicleOrderRetailDelivery",
> > > > > > > serviceName = "VehicleOrderRetailDelivery",
> > > > > > > targetNamespace = "some/namespace",
> > > > > > > wsdlLocation =
> > > > > > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl",
> > > > > > > endpointInterface =
> > > > > > > "mypackage.IVehicleOrderRetailDelivery"
> > > > > > > )
> > > > > > > @Policies({@Policy(placement =
> > > > > > > Policy.Placement.BINDING,
> >
> > > uri
> > > > > > > = "CustomPolicy.xml", includeInWSDL=true)})
> > > > > > > @EndpointConfig(configFile =
> > > > > "WEB-INF/jaxws-endpoint-config.xml"
> > > > > > > , configName = "Custom WS-Security Endpoint")
> > > > > > > public class VehicleOrderRetailDelivery implements
> > > > > > > IVehicleOrderRetailDelivery {
> > > > > > >
> > > > > > > public void report(@XmlElement(required =
> > > > > > > true)
> > > > > > ReportRequestType
> > > > > > > reportRequest) { ... }
> > > > > > > }
> > > > > > >
> > > > > > >
> > > > > > > The problem is that the custom WS-Security policy is not
active.
> >
> > > If
> > > > > > > I
> > > > > send
> > > > > > > requests to the endpoint using SoapUI, I get a soap fault
> > telling
> > > me
> > > > > that
> > > > > > > the message contains encrypted data. I'm using Wildfly 8.1.0
> > > > > > > and I've already set the log level to DEBUG but there is no
> > > information
> > > > > > > in the
> > > > > log
> > > > > > > what goes wrong or why the policy is not active. This part
of
> > the
> > > > > > > log makes me believe that there is some kind of policy that
it
> > is
> > > > > > > loaded
> > > > > > >
> > > > > > > 21:43:17,813 FINE
> > > > > > > [org.apache.cxf.phase.PhaseInterceptorChain]
> > > > > (default
> > > > > > > task-5) Chain
> > org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815
> > > > > > > was modified. `Current flow:` receive [PolicyInInterceptor,
> > > > > > > EndpointAssociationInterceptor, AttachmentInInterceptor]
> > > > > > > pre-stream [CertConstraintsInterceptor]
> > > > > > > post-stream [StaxInInterceptor]
> > > > > > > read [WSDLGetInterceptor, ReadHeadersInterceptor,
> > > > > > > SoapActionInInterceptor, StartBodyInterceptor]
> > > > > > > pre-protocol [EnableDecoupledFaultInterceptor,
> > MEXInInterceptor,
> > > > > > > MustUnderstandInterceptor]
> > > > > > > pre-protocol-frontend [HandlerAuthInterceptor]
> > > > > > > post-protocol [CheckFaultInterceptor,
> > > > > JAXBAttachmentSchemaValidationHack
> > > > > > > ]
> > > > > > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> > > > > > > pre-logical [NsCtxSelectorStoreInterceptor,
> > > > > OneWayProcessorInterceptor,
> > > > > > > MustUnderstandEndingInterceptor]
> > > > > > > post-logical [WrapperClassInInterceptor]
> > > > > > > pre-invoke [SwAInInterceptor, HolderInInterceptor]
> > > > > > > invoke [ServiceInvokerInterceptor,
> > > > > > > UltimateReceiverMustUnderstandInterceptor]
> > > > > > > post-invoke [OutgoingChainInterceptor,
> > StaxInEndingInterceptor]
> > > > > > >
> > > > > > > but why is it not active? Does anybody have an idea why the
> > custom
> > > > > policy
> > > > > > > is not loaded? Any hints are highly appreciated.
> > > > > > >
> > > > > > > Cheers
> > > > > > > Nik
RE: Antwort: RE: Antwort: RE: Custom WS-Security Policy for
Webservice
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
> -----Original Message-----
> From: Nikolaus.Huber@cargarantie.com
> [mailto:Nikolaus.Huber@cargarantie.com]
> Sent: Montag, 27. April 2015 10:39
> To: users@cxf.apache.org
> Subject: Antwort: RE: Antwort: RE: Custom WS-Security Policy for Webservice
>
> Hi,
>
> > > If not, I would recommend to set endpoint in CXF class https://
> > > github.com/apache/cxf/blob/master/rt/ws/policy/src/main/java/org/
> > > apache/cxf/ws/policy/PolicyAnnotationListener.java , loading method
> > > handleEvent() case ENDPOINT_SELECTED and debug policy loading.
> > Thanks for the hint, I'll give it a try.
>
> I've debugged the PlicyAnnotationListener at the recommended position, but no
> result. Both methods in case ENDPOINT_SELECTED (addPolicies(...) and
> addEndpointImplPolicies(...)) do not add a policy since the policy lists are
> always empty (null). The reason for this is probably that the PropertyMap of the
> endpoint interface is also null. In summray, no policies (policy annotations) are
> found.
Did you see @Policies annotations for the implClass in addEndpointImplPolicies(...) in debugger variables explorer?
Is the implementation class correct one?
>
> Do you have any idea/recommendation how to proceed? Do you think the
> reason might be that I missed some important configuration, e.g., a namespace
> in the policy file or something else (I don't think so since the examples don't use
> any custom namespaces)?
>
> In which environment did you run your sample projects? Maybe I'll give it a try
> to switch...
I don't see obvious problem in your code.
Try to run following CXF system test: https://github.com/apache/cxf/blob/master/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java
It uses service class with very similar @Policy annotation: https://github.com/apache/cxf/blob/master/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/javafirst/BindingSimpleServiceImpl.java
What is the difference in your case?
Regards,
Andrei.
>
> Thanks
> Niko
>
> >
> > Thanks
> > Niko
> >
> > >
> > > Regards,
> > > Andrei.
> > >
> > > > -----Original Message-----
> > > > From: Nikolaus.Huber@cargarantie.com
> > > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > > Sent: Dienstag, 21. April 2015 12:46
> > > > To: users@cxf.apache.org
> > > > Subject: Antwort: RE: Custom WS-Security Policy for Webservice
> > > >
> > > > Hi,
> > > >
> > > > thanks for the link to the examples. I'm using a similar
> > > configuration now, but
> > > > without success.
> > > >
> > > > Concerning your questions: What I want to achieve is basically the
> > policy
> > > > described here (
> > > >
> >
> http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-
> > > > examples.html#_Toc274723250
> > > > ). The only difference is that I want to use Basic128 as the
> > > Algorithm Suite. This
> > > > is the requirement of our customer. Thus, I do not register an
> > interceptor
> > > > provider. The policy assertions I use should be standard, right?
> > > >
> > > > Thanks
> > > > Niko
> > > >
> > > > Andrei Shakirin <as...@talend.com> schrieb am 20.04.2015
> 21:06:03:
> > > >
> > > > > Von: Andrei Shakirin <as...@talend.com>
> > > > > An: "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > > Datum: 20.04.2015 21:07
> > > > > Betreff: RE: Custom WS-Security Policy for Webservice
> > > > >
> > > > > Hi,
> > > > >
> > > > > Take a look in following system tests:
> > > > >
> https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > > >
> > test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java
> > > > >
> https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > > > test/java/org/apache/cxf/systest/ws/policy/javafirst/
> > > > > OperationSimpleServiceImpl.java
> > > > >
> > > > > One possible issue is that uri attribute in @Policy annotation
> > > > > can
>
> > be
> > > > > required to be in URI form (classpath:/xxx, file:///xxx).
> > > > > Do you register interceptor provider for the custom policy
> assertion
> > > > > or it contains standard assertions? What is your expectation
> > > > > from activating of custom policy?
> > > > >
> > > > > Regards,
> > > > > Andrei.
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Nikolaus.Huber@cargarantie.com
> > > > > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > > > > Sent: Montag, 20. April 2015 12:24
> > > > > > To: users@cxf.apache.org
> > > > > > Subject: Custom WS-Security Policy for Webservice
> > > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > I'm trying to apply a custom WS-Security policy to a web
> service.
> > > > > > I'm
> > > > using
> > > > > > wsimport from the jaxws-maven-plugin to generate the SEI. The
> > > > > > implementation of the SEI looks like this:
> > > > > >
> > > > > >
> > > > > > import javax.jws.WebService;
> > > > > > import org.apache.cxf.annotations.Policy;
> > > > > > import org.jboss.ws.api.annotation.EndpointConfig;
> > > > > >
> > > > > > @WebService(
> > > > > > portName = "VehicleOrderRetailDelivery",
> > > > > > serviceName = "VehicleOrderRetailDelivery",
> > > > > > targetNamespace = "some/namespace",
> > > > > > wsdlLocation =
> > > > > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl",
> > > > > > endpointInterface =
> > > > > > "mypackage.IVehicleOrderRetailDelivery"
> > > > > > )
> > > > > > @Policies({@Policy(placement =
> > > > > > Policy.Placement.BINDING,
>
> > uri
> > > > > > = "CustomPolicy.xml", includeInWSDL=true)})
> > > > > > @EndpointConfig(configFile =
> > > > "WEB-INF/jaxws-endpoint-config.xml"
> > > > > > , configName = "Custom WS-Security Endpoint")
> > > > > > public class VehicleOrderRetailDelivery implements
> > > > > > IVehicleOrderRetailDelivery {
> > > > > >
> > > > > > public void report(@XmlElement(required =
> > > > > > true)
> > > > > ReportRequestType
> > > > > > reportRequest) { ... }
> > > > > > }
> > > > > >
> > > > > >
> > > > > > The problem is that the custom WS-Security policy is not active.
>
> > If
> > > > > > I
> > > > send
> > > > > > requests to the endpoint using SoapUI, I get a soap fault
> telling
> > me
> > > > that
> > > > > > the message contains encrypted data. I'm using Wildfly 8.1.0
> > > > > > and I've already set the log level to DEBUG but there is no
> > information
> > > > > > in the
> > > > log
> > > > > > what goes wrong or why the policy is not active. This part of
> the
> > > > > > log makes me believe that there is some kind of policy that it
> is
> > > > > > loaded
> > > > > >
> > > > > > 21:43:17,813 FINE
> > > > > > [org.apache.cxf.phase.PhaseInterceptorChain]
> > > > (default
> > > > > > task-5) Chain
> org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815
> > > > > > was modified. `Current flow:` receive [PolicyInInterceptor,
> > > > > > EndpointAssociationInterceptor, AttachmentInInterceptor]
> > > > > > pre-stream [CertConstraintsInterceptor]
> > > > > > post-stream [StaxInInterceptor]
> > > > > > read [WSDLGetInterceptor, ReadHeadersInterceptor,
> > > > > > SoapActionInInterceptor, StartBodyInterceptor]
> > > > > > pre-protocol [EnableDecoupledFaultInterceptor,
> MEXInInterceptor,
> > > > > > MustUnderstandInterceptor]
> > > > > > pre-protocol-frontend [HandlerAuthInterceptor]
> > > > > > post-protocol [CheckFaultInterceptor,
> > > > JAXBAttachmentSchemaValidationHack
> > > > > > ]
> > > > > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> > > > > > pre-logical [NsCtxSelectorStoreInterceptor,
> > > > OneWayProcessorInterceptor,
> > > > > > MustUnderstandEndingInterceptor]
> > > > > > post-logical [WrapperClassInInterceptor]
> > > > > > pre-invoke [SwAInInterceptor, HolderInInterceptor]
> > > > > > invoke [ServiceInvokerInterceptor,
> > > > > > UltimateReceiverMustUnderstandInterceptor]
> > > > > > post-invoke [OutgoingChainInterceptor,
> StaxInEndingInterceptor]
> > > > > >
> > > > > > but why is it not active? Does anybody have an idea why the
> custom
> > > > policy
> > > > > > is not loaded? Any hints are highly appreciated.
> > > > > >
> > > > > > Cheers
> > > > > > Nik
Re: Antwort: Re: Antwort: RE: Antwort: RE: Custom WS-Security
Policy for Webservice
Posted by Jose Luiz Berg <jl...@jbdesign.com.br>.
I am using EAP6.2
--
View this message in context: http://cxf.547215.n5.nabble.com/Custom-WS-Security-Policy-for-Webservice-tp5756262p5757011.html
Sent from the cxf-user mailing list archive at Nabble.com.
Antwort: Re: Antwort: RE: Antwort: RE: Custom WS-Security Policy for
Webservice
Posted by Ni...@cargarantie.com.
Dear Jose,
sorry to disappoint you, but I've not found a solution so far. Please see
the latest eMails on this topic to get some more infos. ASAP, I'm trying
to reproduce the setting Andrei sent me.
What environment do you use? Wildfly 8.1?
Let's keep in touch!
Niko
>
> Dear Mr. Huber,
>
> I am having exactly the same problem in my project.
> After researching a lot in the net since last Friday, I couldn't find
any
> answer. An excerption of my code is below:
>
> @WebService(serviceName="UsuarioSoapService")
> public class UsuarioSoapServ extends WebServiceBase<UsuarioServEJB>
> implements UsuarioServ {
> @WebMethod
> @Override
> @Policy(uri="classpath:/policies/BearerPolicy.xml")
> public Usuario lerUsuario(@WebParam(name="bilhete") Bilhete bilhete,
> @WebParam(name="dnOuId") String dnOuId) {
> LogInicioMetodo();
> return LogFinalMetodo(getService().lerUsuario(bilhete, dnOuId));
> }
> }
>
> But the @Policy annotation is ignored, and no policy is included in
WSDL.
> The log shows no error, even if I force a non existent policy file.
>
> This was supposed to be an easy code, but I am struggling to make it
work.
> If you found any answer for this problem, please share.
>
> Regards,
>
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/
> Custom-WS-Security-Policy-for-Webservice-tp5756262p5756752.html
> Sent from the cxf-user mailing list archive at Nabble.com.
RE: Antwort: RE: Antwort: RE: Custom WS-Security Policy for
Webservice
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
Could you try to move policy annotation to the class level, if the problem persists?
Regards,
Andrei.
> -----Original Message-----
> From: Jose Luiz Berg [mailto:jluiz.berg@jbdesign.com.br]
> Sent: Mittwoch, 29. April 2015 21:27
> To: users@cxf.apache.org
> Subject: Re: Antwort: RE: Antwort: RE: Custom WS-Security Policy for
> Webservice
>
> Dear Mr. Huber,
>
> I am having exactly the same problem in my project.
> After researching a lot in the net since last Friday, I couldn't find any answer.
> An excerption of my code is below:
>
> @WebService(serviceName="UsuarioSoapService")
> public class UsuarioSoapServ extends WebServiceBase<UsuarioServEJB>
> implements UsuarioServ {
> @WebMethod
> @Override
> @Policy(uri="classpath:/policies/BearerPolicy.xml")
> public Usuario lerUsuario(@WebParam(name="bilhete") Bilhete
> bilhete,
> @WebParam(name="dnOuId") String dnOuId) {
> LogInicioMetodo();
> return LogFinalMetodo(getService().lerUsuario(bilhete,
> dnOuId));
> }
> }
>
> But the @Policy annotation is ignored, and no policy is included in WSDL.
> The log shows no error, even if I force a non existent policy file.
>
> This was supposed to be an easy code, but I am struggling to make it work.
> If you found any answer for this problem, please share.
>
> Regards,
>
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Custom-WS-
> Security-Policy-for-Webservice-tp5756262p5756752.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: Antwort: RE: Antwort: RE: Custom WS-Security Policy for
Webservice
Posted by Jose Luiz Berg <jl...@jbdesign.com.br>.
Dear Mr. Huber,
I am having exactly the same problem in my project.
After researching a lot in the net since last Friday, I couldn't find any
answer. An excerption of my code is below:
@WebService(serviceName="UsuarioSoapService")
public class UsuarioSoapServ extends WebServiceBase<UsuarioServEJB>
implements UsuarioServ {
@WebMethod
@Override
@Policy(uri="classpath:/policies/BearerPolicy.xml")
public Usuario lerUsuario(@WebParam(name="bilhete") Bilhete bilhete,
@WebParam(name="dnOuId") String dnOuId) {
LogInicioMetodo();
return LogFinalMetodo(getService().lerUsuario(bilhete, dnOuId));
}
}
But the @Policy annotation is ignored, and no policy is included in WSDL.
The log shows no error, even if I force a non existent policy file.
This was supposed to be an easy code, but I am struggling to make it work.
If you found any answer for this problem, please share.
Regards,
--
View this message in context: http://cxf.547215.n5.nabble.com/Custom-WS-Security-Policy-for-Webservice-tp5756262p5756752.html
Sent from the cxf-user mailing list archive at Nabble.com.
Antwort: RE: Antwort: RE: Custom WS-Security Policy for Webservice
Posted by Ni...@cargarantie.com.
Hi,
> > If not, I would recommend to set endpoint in CXF class https://
> > github.com/apache/cxf/blob/master/rt/ws/policy/src/main/java/org/
> > apache/cxf/ws/policy/PolicyAnnotationListener.java , loading method
> > handleEvent() case ENDPOINT_SELECTED and debug policy loading.
> Thanks for the hint, I'll give it a try.
I've debugged the PlicyAnnotationListener at the recommended position, but
no result. Both methods in case ENDPOINT_SELECTED (addPolicies(...) and
addEndpointImplPolicies(...)) do not add a policy since the policy lists
are always empty (null). The reason for this is probably that the
PropertyMap of the endpoint interface is also null. In summray, no
policies (policy annotations) are found.
Do you have any idea/recommendation how to proceed? Do you think the
reason might be that I missed some important configuration, e.g., a
namespace in the policy file or something else (I don't think so since the
examples don't use any custom namespaces)?
In which environment did you run your sample projects? Maybe I'll give it
a try to switch...
Thanks
Niko
>
> Thanks
> Niko
>
> >
> > Regards,
> > Andrei.
> >
> > > -----Original Message-----
> > > From: Nikolaus.Huber@cargarantie.com
> > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > Sent: Dienstag, 21. April 2015 12:46
> > > To: users@cxf.apache.org
> > > Subject: Antwort: RE: Custom WS-Security Policy for Webservice
> > >
> > > Hi,
> > >
> > > thanks for the link to the examples. I'm using a similar
> > configuration now, but
> > > without success.
> > >
> > > Concerning your questions: What I want to achieve is basically the
> policy
> > > described here (
> > >
>
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-
> > > examples.html#_Toc274723250
> > > ). The only difference is that I want to use Basic128 as the
> > Algorithm Suite. This
> > > is the requirement of our customer. Thus, I do not register an
> interceptor
> > > provider. The policy assertions I use should be standard, right?
> > >
> > > Thanks
> > > Niko
> > >
> > > Andrei Shakirin <as...@talend.com> schrieb am 20.04.2015
21:06:03:
> > >
> > > > Von: Andrei Shakirin <as...@talend.com>
> > > > An: "users@cxf.apache.org" <us...@cxf.apache.org>
> > > > Datum: 20.04.2015 21:07
> > > > Betreff: RE: Custom WS-Security Policy for Webservice
> > > >
> > > > Hi,
> > > >
> > > > Take a look in following system tests:
> > > >
https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > >
> test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java
> > > >
https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > > test/java/org/apache/cxf/systest/ws/policy/javafirst/
> > > > OperationSimpleServiceImpl.java
> > > >
> > > > One possible issue is that uri attribute in @Policy annotation can
> be
> > > > required to be in URI form (classpath:/xxx, file:///xxx).
> > > > Do you register interceptor provider for the custom policy
assertion
> > > > or it contains standard assertions? What is your expectation from
> > > > activating of custom policy?
> > > >
> > > > Regards,
> > > > Andrei.
> > > >
> > > > > -----Original Message-----
> > > > > From: Nikolaus.Huber@cargarantie.com
> > > > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > > > Sent: Montag, 20. April 2015 12:24
> > > > > To: users@cxf.apache.org
> > > > > Subject: Custom WS-Security Policy for Webservice
> > > > >
> > > > > Hi all,
> > > > >
> > > > > I'm trying to apply a custom WS-Security policy to a web
service.
> > > > > I'm
> > > using
> > > > > wsimport from the jaxws-maven-plugin to generate the SEI. The
> > > > > implementation of the SEI looks like this:
> > > > >
> > > > >
> > > > > import javax.jws.WebService;
> > > > > import org.apache.cxf.annotations.Policy;
> > > > > import org.jboss.ws.api.annotation.EndpointConfig;
> > > > >
> > > > > @WebService(
> > > > > portName = "VehicleOrderRetailDelivery",
> > > > > serviceName = "VehicleOrderRetailDelivery",
> > > > > targetNamespace = "some/namespace",
> > > > > wsdlLocation =
> > > > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl",
> > > > > endpointInterface =
> > > > > "mypackage.IVehicleOrderRetailDelivery"
> > > > > )
> > > > > @Policies({@Policy(placement = Policy.Placement.BINDING,
> uri
> > > > > = "CustomPolicy.xml", includeInWSDL=true)})
> > > > > @EndpointConfig(configFile =
> > > "WEB-INF/jaxws-endpoint-config.xml"
> > > > > , configName = "Custom WS-Security Endpoint")
> > > > > public class VehicleOrderRetailDelivery implements
> > > > > IVehicleOrderRetailDelivery {
> > > > >
> > > > > public void report(@XmlElement(required = true)
> > > > ReportRequestType
> > > > > reportRequest) { ... }
> > > > > }
> > > > >
> > > > >
> > > > > The problem is that the custom WS-Security policy is not active.
> If
> > > > > I
> > > send
> > > > > requests to the endpoint using SoapUI, I get a soap fault
telling
> me
> > > that
> > > > > the message contains encrypted data. I'm using Wildfly 8.1.0 and
> > > > > I've already set the log level to DEBUG but there is no
> information
> > > > > in the
> > > log
> > > > > what goes wrong or why the policy is not active. This part of
the
> > > > > log makes me believe that there is some kind of policy that it
is
> > > > > loaded
> > > > >
> > > > > 21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain]
> > > (default
> > > > > task-5) Chain
org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815
> > > > > was modified. `Current flow:` receive [PolicyInInterceptor,
> > > > > EndpointAssociationInterceptor, AttachmentInInterceptor]
> > > > > pre-stream [CertConstraintsInterceptor]
> > > > > post-stream [StaxInInterceptor]
> > > > > read [WSDLGetInterceptor, ReadHeadersInterceptor,
> > > > > SoapActionInInterceptor, StartBodyInterceptor]
> > > > > pre-protocol [EnableDecoupledFaultInterceptor,
MEXInInterceptor,
> > > > > MustUnderstandInterceptor]
> > > > > pre-protocol-frontend [HandlerAuthInterceptor]
> > > > > post-protocol [CheckFaultInterceptor,
> > > JAXBAttachmentSchemaValidationHack
> > > > > ]
> > > > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> > > > > pre-logical [NsCtxSelectorStoreInterceptor,
> > > OneWayProcessorInterceptor,
> > > > > MustUnderstandEndingInterceptor]
> > > > > post-logical [WrapperClassInInterceptor]
> > > > > pre-invoke [SwAInInterceptor, HolderInInterceptor]
> > > > > invoke [ServiceInvokerInterceptor,
> > > > > UltimateReceiverMustUnderstandInterceptor]
> > > > > post-invoke [OutgoingChainInterceptor,
StaxInEndingInterceptor]
> > > > >
> > > > > but why is it not active? Does anybody have an idea why the
custom
> > > policy
> > > > > is not loaded? Any hints are highly appreciated.
> > > > >
> > > > > Cheers
> > > > > Nik
Antwort: RE: Antwort: RE: Custom WS-Security Policy for Webservice
Posted by Ni...@cargarantie.com.
Hi,
> Did you already try to get a WSDL from the service endpoint: http://
> host:port/SERVICE_ENDPOINT?wsdl ?
> Is your policy populated in the WSDL?
Yes, I tried but without success.
> If not, I would recommend to set endpoint in CXF class https://
> github.com/apache/cxf/blob/master/rt/ws/policy/src/main/java/org/
> apache/cxf/ws/policy/PolicyAnnotationListener.java , loading method
> handleEvent() case ENDPOINT_SELECTED and debug policy loading.
Thanks for the hint, I'll give it a try.
Thanks
Niko
>
> Regards,
> Andrei.
>
> > -----Original Message-----
> > From: Nikolaus.Huber@cargarantie.com
> > [mailto:Nikolaus.Huber@cargarantie.com]
> > Sent: Dienstag, 21. April 2015 12:46
> > To: users@cxf.apache.org
> > Subject: Antwort: RE: Custom WS-Security Policy for Webservice
> >
> > Hi,
> >
> > thanks for the link to the examples. I'm using a similar
> configuration now, but
> > without success.
> >
> > Concerning your questions: What I want to achieve is basically the
policy
> > described here (
> >
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-
> > examples.html#_Toc274723250
> > ). The only difference is that I want to use Basic128 as the
> Algorithm Suite. This
> > is the requirement of our customer. Thus, I do not register an
interceptor
> > provider. The policy assertions I use should be standard, right?
> >
> > Thanks
> > Niko
> >
> > Andrei Shakirin <as...@talend.com> schrieb am 20.04.2015 21:06:03:
> >
> > > Von: Andrei Shakirin <as...@talend.com>
> > > An: "users@cxf.apache.org" <us...@cxf.apache.org>
> > > Datum: 20.04.2015 21:07
> > > Betreff: RE: Custom WS-Security Policy for Webservice
> > >
> > > Hi,
> > >
> > > Take a look in following system tests:
> > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > >
test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java
> > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > > test/java/org/apache/cxf/systest/ws/policy/javafirst/
> > > OperationSimpleServiceImpl.java
> > >
> > > One possible issue is that uri attribute in @Policy annotation can
be
> > > required to be in URI form (classpath:/xxx, file:///xxx).
> > > Do you register interceptor provider for the custom policy assertion
> > > or it contains standard assertions? What is your expectation from
> > > activating of custom policy?
> > >
> > > Regards,
> > > Andrei.
> > >
> > > > -----Original Message-----
> > > > From: Nikolaus.Huber@cargarantie.com
> > > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > > Sent: Montag, 20. April 2015 12:24
> > > > To: users@cxf.apache.org
> > > > Subject: Custom WS-Security Policy for Webservice
> > > >
> > > > Hi all,
> > > >
> > > > I'm trying to apply a custom WS-Security policy to a web service.
> > > > I'm
> > using
> > > > wsimport from the jaxws-maven-plugin to generate the SEI. The
> > > > implementation of the SEI looks like this:
> > > >
> > > >
> > > > import javax.jws.WebService;
> > > > import org.apache.cxf.annotations.Policy;
> > > > import org.jboss.ws.api.annotation.EndpointConfig;
> > > >
> > > > @WebService(
> > > > portName = "VehicleOrderRetailDelivery",
> > > > serviceName = "VehicleOrderRetailDelivery",
> > > > targetNamespace = "some/namespace",
> > > > wsdlLocation =
> > > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl",
> > > > endpointInterface =
> > > > "mypackage.IVehicleOrderRetailDelivery"
> > > > )
> > > > @Policies({@Policy(placement = Policy.Placement.BINDING,
uri
> > > > = "CustomPolicy.xml", includeInWSDL=true)})
> > > > @EndpointConfig(configFile =
> > "WEB-INF/jaxws-endpoint-config.xml"
> > > > , configName = "Custom WS-Security Endpoint")
> > > > public class VehicleOrderRetailDelivery implements
> > > > IVehicleOrderRetailDelivery {
> > > >
> > > > public void report(@XmlElement(required = true)
> > > ReportRequestType
> > > > reportRequest) { ... }
> > > > }
> > > >
> > > >
> > > > The problem is that the custom WS-Security policy is not active.
If
> > > > I
> > send
> > > > requests to the endpoint using SoapUI, I get a soap fault telling
me
> > that
> > > > the message contains encrypted data. I'm using Wildfly 8.1.0 and
> > > > I've already set the log level to DEBUG but there is no
information
> > > > in the
> > log
> > > > what goes wrong or why the policy is not active. This part of the
> > > > log makes me believe that there is some kind of policy that it is
> > > > loaded
> > > >
> > > > 21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain]
> > (default
> > > > task-5) Chain org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815
> > > > was modified. `Current flow:` receive [PolicyInInterceptor,
> > > > EndpointAssociationInterceptor, AttachmentInInterceptor]
> > > > pre-stream [CertConstraintsInterceptor]
> > > > post-stream [StaxInInterceptor]
> > > > read [WSDLGetInterceptor, ReadHeadersInterceptor,
> > > > SoapActionInInterceptor, StartBodyInterceptor]
> > > > pre-protocol [EnableDecoupledFaultInterceptor, MEXInInterceptor,
> > > > MustUnderstandInterceptor]
> > > > pre-protocol-frontend [HandlerAuthInterceptor]
> > > > post-protocol [CheckFaultInterceptor,
> > JAXBAttachmentSchemaValidationHack
> > > > ]
> > > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> > > > pre-logical [NsCtxSelectorStoreInterceptor,
> > OneWayProcessorInterceptor,
> > > > MustUnderstandEndingInterceptor]
> > > > post-logical [WrapperClassInInterceptor]
> > > > pre-invoke [SwAInInterceptor, HolderInInterceptor]
> > > > invoke [ServiceInvokerInterceptor,
> > > > UltimateReceiverMustUnderstandInterceptor]
> > > > post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor]
> > > >
> > > > but why is it not active? Does anybody have an idea why the custom
> > policy
> > > > is not loaded? Any hints are highly appreciated.
> > > >
> > > > Cheers
> > > > Nik
RE: Antwort: RE: Custom WS-Security Policy for Webservice
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
Did you already try to get a WSDL from the service endpoint: http://host:port/SERVICE_ENDPOINT?wsdl ?
Is your policy populated in the WSDL?
If not, I would recommend to set endpoint in CXF class https://github.com/apache/cxf/blob/master/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyAnnotationListener.java , loading method
handleEvent() case ENDPOINT_SELECTED and debug policy loading.
Regards,
Andrei.
> -----Original Message-----
> From: Nikolaus.Huber@cargarantie.com
> [mailto:Nikolaus.Huber@cargarantie.com]
> Sent: Dienstag, 21. April 2015 12:46
> To: users@cxf.apache.org
> Subject: Antwort: RE: Custom WS-Security Policy for Webservice
>
> Hi,
>
> thanks for the link to the examples. I'm using a similar configuration now, but
> without success.
>
> Concerning your questions: What I want to achieve is basically the policy
> described here (
> http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-
> examples.html#_Toc274723250
> ). The only difference is that I want to use Basic128 as the Algorithm Suite. This
> is the requirement of our customer. Thus, I do not register an interceptor
> provider. The policy assertions I use should be standard, right?
>
> Thanks
> Niko
>
> Andrei Shakirin <as...@talend.com> schrieb am 20.04.2015 21:06:03:
>
> > Von: Andrei Shakirin <as...@talend.com>
> > An: "users@cxf.apache.org" <us...@cxf.apache.org>
> > Datum: 20.04.2015 21:07
> > Betreff: RE: Custom WS-Security Policy for Webservice
> >
> > Hi,
> >
> > Take a look in following system tests:
> > https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java
> > https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> > test/java/org/apache/cxf/systest/ws/policy/javafirst/
> > OperationSimpleServiceImpl.java
> >
> > One possible issue is that uri attribute in @Policy annotation can be
> > required to be in URI form (classpath:/xxx, file:///xxx).
> > Do you register interceptor provider for the custom policy assertion
> > or it contains standard assertions? What is your expectation from
> > activating of custom policy?
> >
> > Regards,
> > Andrei.
> >
> > > -----Original Message-----
> > > From: Nikolaus.Huber@cargarantie.com
> > > [mailto:Nikolaus.Huber@cargarantie.com]
> > > Sent: Montag, 20. April 2015 12:24
> > > To: users@cxf.apache.org
> > > Subject: Custom WS-Security Policy for Webservice
> > >
> > > Hi all,
> > >
> > > I'm trying to apply a custom WS-Security policy to a web service.
> > > I'm
> using
> > > wsimport from the jaxws-maven-plugin to generate the SEI. The
> > > implementation of the SEI looks like this:
> > >
> > >
> > > import javax.jws.WebService;
> > > import org.apache.cxf.annotations.Policy;
> > > import org.jboss.ws.api.annotation.EndpointConfig;
> > >
> > > @WebService(
> > > portName = "VehicleOrderRetailDelivery",
> > > serviceName = "VehicleOrderRetailDelivery",
> > > targetNamespace = "some/namespace",
> > > wsdlLocation =
> > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl",
> > > endpointInterface =
> > > "mypackage.IVehicleOrderRetailDelivery"
> > > )
> > > @Policies({@Policy(placement = Policy.Placement.BINDING, uri
> > > = "CustomPolicy.xml", includeInWSDL=true)})
> > > @EndpointConfig(configFile =
> "WEB-INF/jaxws-endpoint-config.xml"
> > > , configName = "Custom WS-Security Endpoint")
> > > public class VehicleOrderRetailDelivery implements
> > > IVehicleOrderRetailDelivery {
> > >
> > > public void report(@XmlElement(required = true)
> > ReportRequestType
> > > reportRequest) { ... }
> > > }
> > >
> > >
> > > The problem is that the custom WS-Security policy is not active. If
> > > I
> send
> > > requests to the endpoint using SoapUI, I get a soap fault telling me
> that
> > > the message contains encrypted data. I'm using Wildfly 8.1.0 and
> > > I've already set the log level to DEBUG but there is no information
> > > in the
> log
> > > what goes wrong or why the policy is not active. This part of the
> > > log makes me believe that there is some kind of policy that it is
> > > loaded
> > >
> > > 21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain]
> (default
> > > task-5) Chain org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815
> > > was modified. `Current flow:` receive [PolicyInInterceptor,
> > > EndpointAssociationInterceptor, AttachmentInInterceptor]
> > > pre-stream [CertConstraintsInterceptor]
> > > post-stream [StaxInInterceptor]
> > > read [WSDLGetInterceptor, ReadHeadersInterceptor,
> > > SoapActionInInterceptor, StartBodyInterceptor]
> > > pre-protocol [EnableDecoupledFaultInterceptor, MEXInInterceptor,
> > > MustUnderstandInterceptor]
> > > pre-protocol-frontend [HandlerAuthInterceptor]
> > > post-protocol [CheckFaultInterceptor,
> JAXBAttachmentSchemaValidationHack
> > > ]
> > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> > > pre-logical [NsCtxSelectorStoreInterceptor,
> OneWayProcessorInterceptor,
> > > MustUnderstandEndingInterceptor]
> > > post-logical [WrapperClassInInterceptor]
> > > pre-invoke [SwAInInterceptor, HolderInInterceptor]
> > > invoke [ServiceInvokerInterceptor,
> > > UltimateReceiverMustUnderstandInterceptor]
> > > post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor]
> > >
> > > but why is it not active? Does anybody have an idea why the custom
> policy
> > > is not loaded? Any hints are highly appreciated.
> > >
> > > Cheers
> > > Nik
Antwort: RE: Custom WS-Security Policy for Webservice
Posted by Ni...@cargarantie.com.
Hi,
thanks for the link to the examples. I'm using a similar configuration
now, but without success.
Concerning your questions: What I want to achieve is basically the policy
described here (
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html#_Toc274723250
). The only difference is that I want to use Basic128 as the Algorithm
Suite. This is the requirement of our customer. Thus, I do not register an
interceptor provider. The policy assertions I use should be standard,
right?
Thanks
Niko
Andrei Shakirin <as...@talend.com> schrieb am 20.04.2015 21:06:03:
> Von: Andrei Shakirin <as...@talend.com>
> An: "users@cxf.apache.org" <us...@cxf.apache.org>
> Datum: 20.04.2015 21:07
> Betreff: RE: Custom WS-Security Policy for Webservice
>
> Hi,
>
> Take a look in following system tests:
> https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java
> https://github.com/apache/cxf/blob/master/systests/ws-security/src/
> test/java/org/apache/cxf/systest/ws/policy/javafirst/
> OperationSimpleServiceImpl.java
>
> One possible issue is that uri attribute in @Policy annotation can
> be required to be in URI form (classpath:/xxx, file:///xxx).
> Do you register interceptor provider for the custom policy assertion
> or it contains standard assertions? What is your expectation from
> activating of custom policy?
>
> Regards,
> Andrei.
>
> > -----Original Message-----
> > From: Nikolaus.Huber@cargarantie.com
> > [mailto:Nikolaus.Huber@cargarantie.com]
> > Sent: Montag, 20. April 2015 12:24
> > To: users@cxf.apache.org
> > Subject: Custom WS-Security Policy for Webservice
> >
> > Hi all,
> >
> > I'm trying to apply a custom WS-Security policy to a web service. I'm
using
> > wsimport from the jaxws-maven-plugin to generate the SEI. The
> > implementation of the SEI looks like this:
> >
> >
> > import javax.jws.WebService;
> > import org.apache.cxf.annotations.Policy;
> > import org.jboss.ws.api.annotation.EndpointConfig;
> >
> > @WebService(
> > portName = "VehicleOrderRetailDelivery",
> > serviceName = "VehicleOrderRetailDelivery",
> > targetNamespace = "some/namespace",
> > wsdlLocation =
> > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl",
> > endpointInterface =
> > "mypackage.IVehicleOrderRetailDelivery"
> > )
> > @Policies({@Policy(placement = Policy.Placement.BINDING, uri =
> > "CustomPolicy.xml", includeInWSDL=true)})
> > @EndpointConfig(configFile =
"WEB-INF/jaxws-endpoint-config.xml"
> > , configName = "Custom WS-Security Endpoint")
> > public class VehicleOrderRetailDelivery implements
> > IVehicleOrderRetailDelivery {
> >
> > public void report(@XmlElement(required = true)
> ReportRequestType
> > reportRequest) { ... }
> > }
> >
> >
> > The problem is that the custom WS-Security policy is not active. If I
send
> > requests to the endpoint using SoapUI, I get a soap fault telling me
that
> > the message contains encrypted data. I'm using Wildfly 8.1.0 and I've
> > already set the log level to DEBUG but there is no information in the
log
> > what goes wrong or why the policy is not active. This part of the log
> > makes me believe that there is some kind of policy that it is loaded
> >
> > 21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain]
(default
> > task-5) Chain org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815 was
> > modified. `Current flow:`
> > receive [PolicyInInterceptor, EndpointAssociationInterceptor,
> > AttachmentInInterceptor]
> > pre-stream [CertConstraintsInterceptor]
> > post-stream [StaxInInterceptor]
> > read [WSDLGetInterceptor, ReadHeadersInterceptor,
> > SoapActionInInterceptor, StartBodyInterceptor]
> > pre-protocol [EnableDecoupledFaultInterceptor, MEXInInterceptor,
> > MustUnderstandInterceptor]
> > pre-protocol-frontend [HandlerAuthInterceptor]
> > post-protocol [CheckFaultInterceptor,
JAXBAttachmentSchemaValidationHack
> > ]
> > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> > pre-logical [NsCtxSelectorStoreInterceptor,
OneWayProcessorInterceptor,
> > MustUnderstandEndingInterceptor]
> > post-logical [WrapperClassInInterceptor]
> > pre-invoke [SwAInInterceptor, HolderInInterceptor]
> > invoke [ServiceInvokerInterceptor,
> > UltimateReceiverMustUnderstandInterceptor]
> > post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor]
> >
> > but why is it not active? Does anybody have an idea why the custom
policy
> > is not loaded? Any hints are highly appreciated.
> >
> > Cheers
> > Nik
RE: Custom WS-Security Policy for Webservice
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
Take a look in following system tests:
https://github.com/apache/cxf/blob/master/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java
https://github.com/apache/cxf/blob/master/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/javafirst/OperationSimpleServiceImpl.java
One possible issue is that uri attribute in @Policy annotation can be required to be in URI form (classpath:/xxx, file:///xxx).
Do you register interceptor provider for the custom policy assertion or it contains standard assertions? What is your expectation from activating of custom policy?
Regards,
Andrei.
> -----Original Message-----
> From: Nikolaus.Huber@cargarantie.com
> [mailto:Nikolaus.Huber@cargarantie.com]
> Sent: Montag, 20. April 2015 12:24
> To: users@cxf.apache.org
> Subject: Custom WS-Security Policy for Webservice
>
> Hi all,
>
> I'm trying to apply a custom WS-Security policy to a web service. I'm using
> wsimport from the jaxws-maven-plugin to generate the SEI. The
> implementation of the SEI looks like this:
>
>
> import javax.jws.WebService;
> import org.apache.cxf.annotations.Policy;
> import org.jboss.ws.api.annotation.EndpointConfig;
>
> @WebService(
> portName = "VehicleOrderRetailDelivery",
> serviceName = "VehicleOrderRetailDelivery",
> targetNamespace = "some/namespace",
> wsdlLocation =
> "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl",
> endpointInterface =
> "mypackage.IVehicleOrderRetailDelivery"
> )
> @Policies({@Policy(placement = Policy.Placement.BINDING, uri =
> "CustomPolicy.xml", includeInWSDL=true)})
> @EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml"
> , configName = "Custom WS-Security Endpoint")
> public class VehicleOrderRetailDelivery implements
> IVehicleOrderRetailDelivery {
>
> public void report(@XmlElement(required = true) ReportRequestType
> reportRequest) { ... }
> }
>
>
> The problem is that the custom WS-Security policy is not active. If I send
> requests to the endpoint using SoapUI, I get a soap fault telling me that
> the message contains encrypted data. I'm using Wildfly 8.1.0 and I've
> already set the log level to DEBUG but there is no information in the log
> what goes wrong or why the policy is not active. This part of the log
> makes me believe that there is some kind of policy that it is loaded
>
> 21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default
> task-5) Chain org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815 was
> modified. `Current flow:`
> receive [PolicyInInterceptor, EndpointAssociationInterceptor,
> AttachmentInInterceptor]
> pre-stream [CertConstraintsInterceptor]
> post-stream [StaxInInterceptor]
> read [WSDLGetInterceptor, ReadHeadersInterceptor,
> SoapActionInInterceptor, StartBodyInterceptor]
> pre-protocol [EnableDecoupledFaultInterceptor, MEXInInterceptor,
> MustUnderstandInterceptor]
> pre-protocol-frontend [HandlerAuthInterceptor]
> post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack
> ]
> unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor]
> pre-logical [NsCtxSelectorStoreInterceptor, OneWayProcessorInterceptor,
> MustUnderstandEndingInterceptor]
> post-logical [WrapperClassInInterceptor]
> pre-invoke [SwAInInterceptor, HolderInInterceptor]
> invoke [ServiceInvokerInterceptor,
> UltimateReceiverMustUnderstandInterceptor]
> post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor]
>
> but why is it not active? Does anybody have an idea why the custom policy
> is not loaded? Any hints are highly appreciated.
>
> Cheers
> Nik