You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2011/07/01 10:56:28 UTC

[jira] [Updated] (CXF-3624) BinarySecurityToken validated by STSTokenValidator doesn't satisfy IssuedToken policy

     [ https://issues.apache.org/jira/browse/CXF-3624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh updated CXF-3624:
-------------------------------------

      Description: 
I've configured a JAX-WS endpoint to validate a BinarySecurityToken sent in the WS-Security Header against an STS like this:

         <entry key="ws-security.bst.validator">
            <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"/>

After successful validation, I get the following exception on the server side:

Jun 30, 2011 10:57:21 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken
        at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47)



  was:

I've configured a JAX-WS endpoint to validate a BinarySecurityToken sent in the WS-Security Header against an STS like this:

         <entry key="ws-security.bst.validator">
            <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"/>

After successful validation, I get the following exception on the server side:

Jun 30, 2011 10:57:21 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken
        at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47)



    Fix Version/s: 2.5
                   2.4.2

> BinarySecurityToken validated by STSTokenValidator doesn't satisfy IssuedToken policy
> -------------------------------------------------------------------------------------
>
>                 Key: CXF-3624
>                 URL: https://issues.apache.org/jira/browse/CXF-3624
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.4.1
>            Reporter: Oliver Wulff
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.4.2, 2.5
>
>
> I've configured a JAX-WS endpoint to validate a BinarySecurityToken sent in the WS-Security Header against an STS like this:
>          <entry key="ws-security.bst.validator">
>             <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"/>
> After successful validation, I get the following exception on the server side:
> Jun 30, 2011 10:57:21 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
> WARNING: Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService#{http://www.example.org/contract/DoubleIt}DoubleIt has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: These policy alternatives can not be satisfied:
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken
>         at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira