7 Replies Latest reply on Apr 11, 2014 10:20 AM by babyboyft

Policy not supported for UsernameTokenOverHTTPS error.

hugo_g May 11, 2010 3:19 AM

Hi,

I am new to JBossWS and have run into a problem with WS-Security. I am after some pointers on how to get around the problem. I am obviously doing something very wrong! I have encountered this problem with JBoss 4.2.3.GA + jbossws-native-3.1.1.GA and JBoss 5.0.1.GA + jbossws-native-3.2.2.GA.

When calling an endpoint I get the following error.

org.jboss.ws.WSException: Policy not supported! #UsernameTokenOverHTTPS
    at org.jboss.ws.WSException.rethrow(WSException.java:60)
    at org.jboss.ws.extensions.policy.metadata.PolicyMetaDataBuilder.deployPolicyClientSide(PolicyMetaDataBuilder.java:316)
    at org.jboss.ws.extensions.policy.metadata.PolicyMetaDataBuilder.deployPolicy(PolicyMetaDataBuilder.java:274)
    at org.jboss.ws.extensions.policy.metadata.PolicyMetaDataBuilder.processPolicies(PolicyMetaDataBuilder.java:220)
    at org.jboss.ws.extensions.policy.metadata.PolicyMetaDataBuilder.processPolicyExtensions(PolicyMetaDataBuilder.java:203)
    at org.jboss.ws.metadata.builder.jaxws.JAXWSClientMetaDataBuilder.buildMetaData(JAXWSClientMetaDataBuilder.java:93)
    at org.jboss.ws.core.jaxws.spi.ServiceDelegateImpl.<init>(ServiceDelegateImpl.java:146)
    at org.jboss.ws.core.jaxws.spi.ServiceDelegateImpl.<init>(ServiceDelegateImpl.java:117)
    at org.jboss.ws.core.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:111)
    at org.jboss.ws.core.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)
    at javax.xml.ws.Service.<init>(Service.java:56)

...

Caused by: org.jboss.ws.extensions.policy.deployer.exceptions.UnsupportedPolicy
at org.jboss.ws.extensions.policy.deployer.PolicyDeployer.deployClientSide(PolicyDeployer.java:174)
at org.jboss.ws.extensions.policy.metadata.PolicyMetaDataBuilder.deployPolicyClientSide(PolicyMetaDataBuilder.java:307)

The wsdl fragment showing the security policy is below.

<wsp:Policy wsu:Id="UsernameTokenOverHTTPS" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:ExactlyOne>
      <wsp:All>
        <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
          <wsp:Policy>
...
          </wsp:Policy>
        </sp:TransportBinding>
        <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
          <wsp:Policy>
            <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
          </wsp:Policy>
        </sp:SupportingTokens>
      </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

I noticed that org.jboss.ws.extensions.policy.deployer.PolicyDeployer does not support "http://schemas.xmlsoap.org/ws/2004/09/policy". Is this the problem? How to get support for UsernameTokenOverHTTPS?

Thanks,

Hugo

1. Re: Policy not supported for UsernameTokenOverHTTPS error.

hugo_g May 13, 2010 2:01 AM (in response to hugo_g)

Solved by specifying com.sun.xml.ws.spi.ProviderImpl in META_INF/services/javax.xml.ws.spi.Provider.

See http://java.sun.com/javase/6/docs/api/javax/xml/ws/spi/Provider.html#Provider()
Actions
2. Policy not supported for UsernameTokenOverHTTPS error.

izgur Jan 18, 2011 3:12 AM (in response to hugo_g)

What did you specify as com.sun.xml.ws.spi.ProviderImpl ??
Actions
3. Policy not supported for UsernameTokenOverHTTPS error.

izgur Jan 18, 2011 3:18 AM (in response to izgur)

I have the exact same problem using jboss5.1. I imported the host key well but know I get an error:
org.jboss.ws.WSException: Policy not supported!

But after the readings I thought I must some specify sth like this:
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                   xsi:schemaLocation="http://www.jboss.com/ws-security/config
                   http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
(1) <key-store-file>WEB-INF/bob-sign_enc.jks</key-store-file>
    <key-store-password>password</key-store-password>
    <key-store-type>jks</key-store-type>
    <trust-store-file>WEB-INF/wsse10.truststore</trust-store-file>
    <trust-store-password>password</trust-store-password>

    <config>
     <timestamp ttl="300"/>
(2)     <sign type="x509v3" alias="1" includeTimestamp="true"/>
(3)     <encrypt type="x509v3"
              alias="alice"
              algorithm="aes-256"
              keyWrapAlgorithm="rsa_oaep"
              tokenReference="keyIdentifier" />
(4)         <requires>
            <signature/>
              <encryption/>
            </requires>
    </config>
</jboss-ws-security>

Could someone help ?
Actions
4. Policy not supported for UsernameTokenOverHTTPS error.

asoldano Jan 24, 2011 4:30 AM (in response to izgur)

JBossWS-Native does not support WS-SecurityPolicy. Hence you can't expect it automatically consume and understand WS-Security Policy assertions. You need to move to JBossWS-CXF stack for that, or ignore the policies (make your client consume a modified wsdl without the policies) and configure ws-security as you want.

Setting the com.sun.xml.ws.spi.ProviderImpl provider is basically equivalent to directing your client on using the JAXWS RI (iow Metro); that's not necessarily evil, just be aware of that.
Actions
5. Policy not supported for UsernameTokenOverHTTPS error.

izgur Jan 25, 2011 3:08 AM (in response to asoldano)

You wrote:
or ignore the policies (make your client consume a modified wsdl without the policies) and configure ws-security as you want.

Could you explain ?

ignore policies :   i did delete any policy tags from the wsdl... then i get :
08:54:05,917 ERROR[DispatchImpl] Cannot dispatch message
java.io.IOException: Could not transmit message
        at org.jboss.ws.core.client.transport.NettyClient.invokeInternal(NettyClient.java:225)
        atorg.jboss.ws.core.client.transport.NettyClient.invoke(NettyClient.java:119)
        atorg.jboss.ws.core.client.HTTPRemotingConnection.invoke(HTTPRemotingConnection.java:150)
        atorg.jboss.ws.core.client.SOAPProtocolConnectionHTTP.invoke(SOAPProtocolConnectionHTTP.java:69)
        atorg.jboss.ws.core.jaxws.client.DispatchImpl.invokeInternalSOAP(DispatchImpl.java:247)...
Caused by: org.jboss.ws.WSException: Invalid HTTP server response [415] -Cannot process the message because the content type 'text/xml; charset=UTF-8'was not the expected type 'application/soap+xml; charset=utf-8'.
Actions
6. Policy not supported for UsernameTokenOverHTTPS error.

asoldano Jan 25, 2011 3:20 AM (in response to izgur)

text/xml -> SOAP 1.1
application/soap+xml -> SOAP 1.2

Perhaps you had a policy or something in the wsdl that required using SOAP 1.2. Properly specify the soap:binding in the modified wsdl and/or read the doc on soap 1.2 w/ jbossws.
Actions
7. Re: Policy not supported for UsernameTokenOverHTTPS error.

babyboyft Apr 11, 2014 10:20 AM (in response to hugo_g)

Hi Igor , i get the same error as you. Do you remember how was the solution ?
Actions

Go to original post