3 Replies Latest reply on Aug 28, 2012 6:34 AM by asoldano

AS7, WS-TrustWithJBossWS-CXFOnJBossAS71 sample: "None of the policy alternatives can be satisfied."

okidoky Aug 22, 2012 3:36 PM

I tried to get the sample found at https://community.jboss.org/wiki/WS-TrustWithJBossWS-CXFOnJBossAS71 to work on JBoss 7.1.1.Final, and ran into all kinds of trouble.

JBoss comes with CXF 2.4.6, and the sample uses a class(es?) that didn't exist until 2.6.2 (latest at this time) or somewhere in between.

I didn't want to run into other unrelated problems, by trying out nightly builds of JBoss, so, I tried adding another verison of CXF like this:

Created a directory called modules/org/apache/cxf-2_6_2/main.
Downloaded a copy of Apache CXF 2.6.2, and copied its modules/*.jar files to that directory.
I copied the default cxf/main/module.xml to cxf-2_6_2/main/module.xml, and set name="org.apache.cxf-2_6_2", and fixed the list of resources to reflect the directory's jar file content.
In my war project, I added to META-INF/MANIFEST.MF: Dependencies: org.apache.cxf-2_6_2

That fixed the class-not-found errors. But now I'm having other trouble. Not on the server side, but on the client side, I get this error:

Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied.

at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)

at $Proxy26.sayHello(Unknown Source)

...

I added logging.properties to my client test app, and changed logging to include ALL:

FINE: Invoke, operation info: [BindingOperationInfo: {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}sayHello], params: [] [Wed Aug 22 15:04:30 EDT 2012]

FINE: set requestContext to message be{ws-security.sts.client=org.apache.cxf.ws.security.trust.STSClient@19d9a7a7, ws-security.encryption.properties=file:/opt/mike/workspace/TrustTest/src/war/META-INF/clientKeystore.properties, ws-security.signature.username=myclientkey, ws-security.callback-handler=trusttest.client.TrustTest$ClientCallbackHandler@208dd233, java.lang.reflect.Method=public abstract java.lang.String trusttest.client.stubs.ServiceIface.sayHello(), ws-security.encryption.username=myservicekey, org.apache.cxf.jaxws.context.WrappedMessageContext.SCOPES={ws-security.sts.client=APPLICATION, ws-security.encryption.properties=APPLICATION, ws-security.signature.username=APPLICATION, ws-security.callback-handler=APPLICATION, ws-security.encryption.username=APPLICATION, ws-security.signature.properties=APPLICATION, org.apache.cxf.message.Message.ENDPOINT_ADDRESS=APPLICATION}, ws-security.signature.properties=file:/opt/mike/workspace/TrustTest/src/war/META-INF/clientKeystore.properties, org.apache.cxf.message.Message.ENDPOINT_ADDRESS=http://localhost:8080/TrustTest/SecurityService} [Wed Aug 22 15:04:30 EDT 2012]

FINE: Interceptors contributed by bus: [org.apache.cxf.ws.policy.PolicyOutInterceptor@7f32a49d] [Wed Aug 22 15:04:30 EDT 2012]

FINE: Interceptors contributed by client: [] [Wed Aug 22 15:04:30 EDT 2012]

FINE: Interceptors contributed by endpoint: [org.apache.cxf.interceptor.MessageSenderInterceptor@55d580a8, org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@33f1c19e, org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@44de86b6, org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@6d5e3a0c] [Wed Aug 22 15:04:30 EDT 2012]

FINE: Interceptors contributed by binding: [org.apache.cxf.interceptor.AttachmentOutInterceptor@453521ec, org.apache.cxf.interceptor.StaxOutInterceptor@23463073, org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@5516e01c, org.apache.cxf.interceptor.WrappedOutInterceptor@50d379e8, org.apache.cxf.interceptor.BareOutInterceptor@6be897cc, org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@7346096c, org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@7b14cc93] [Wed Aug 22 15:04:30 EDT 2012]

FINE: Interceptors contributed by databinding: [] [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.ws.policy.PolicyOutInterceptor@7f32a49d to phase setup [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@55d580a8 to phase prepare-send [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@33f1c19e to phase pre-logical [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@44de86b6 to phase pre-logical [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@6d5e3a0c to phase pre-logical [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor@453521ec to phase pre-stream [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.interceptor.StaxOutInterceptor@23463073 to phase pre-stream [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@5516e01c to phase pre-logical [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.interceptor.WrappedOutInterceptor@50d379e8 to phase marshal [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.interceptor.BareOutInterceptor@6be897cc to phase marshal [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@7346096c to phase post-logical [Wed Aug 22 15:04:30 EDT 2012]

FINE: Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@7b14cc93 to phase write [Wed Aug 22 15:04:30 EDT 2012]

FINE: Trying to locate org/apache/cxf/ws/addressing/jaxb.properties [Wed Aug 22 15:04:30 EDT 2012]

FINE: not found [Wed Aug 22 15:04:30 EDT 2012]

FINE: Checking system property javax.xml.bind.context.factory [Wed Aug 22 15:04:30 EDT 2012]

FINE: not found [Wed Aug 22 15:04:30 EDT 2012]

FINE: Checking system property javax.xml.bind.JAXBContext [Wed Aug 22 15:04:30 EDT 2012]

FINE: not found [Wed Aug 22 15:04:30 EDT 2012]

FINE: Unable to find from OSGi: javax.xml.bind.JAXBContext [Wed Aug 22 15:04:30 EDT 2012]

FINE: Checking META-INF/services [Wed Aug 22 15:04:30 EDT 2012]

FINE: Unable to find: META-INF/services/javax.xml.bind.JAXBContext [Wed Aug 22 15:04:30 EDT 2012]

FINE: Trying to create the platform default provider [Wed Aug 22 15:04:30 EDT 2012]

FINE: Trying to load com.sun.xml.internal.bind.v2.ContextFactory [Wed Aug 22 15:04:30 EDT 2012]

FINE: loaded com.sun.xml.internal.bind.v2.ContextFactory from jar:file:/usr/java/64/jdk1.7.0_05/jre/lib/rt.jar!/com/sun/xml/internal/bind/v2/ContextFactory.class [Wed Aug 22 15:04:30 EDT 2012]

FINE: Property com.sun.xml.internal.bind.XmlAccessorFactoryis not active. Using JAXB's implementation [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected java.lang.String org.apache.cxf.ws.addressing.RelatesToType.value [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected java.lang.String org.apache.cxf.ws.addressing.RelatesToType.relationshipType [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected java.util.List org.apache.cxf.ws.addressing.MetadataType.any [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected java.lang.Object org.apache.cxf.ws.addressing.AttributedAnyType.any [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected org.apache.cxf.ws.addressing.AttributedURIType org.apache.cxf.ws.addressing.EndpointReferenceType.address [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected java.lang.String org.apache.cxf.ws.addressing.AttributedURIType.value [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected org.apache.cxf.ws.addressing.ReferenceParametersType org.apache.cxf.ws.addressing.EndpointReferenceType.referenceParameters [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected java.util.List org.apache.cxf.ws.addressing.ReferenceParametersType.any [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected org.apache.cxf.ws.addressing.MetadataType org.apache.cxf.ws.addressing.EndpointReferenceType.metadata [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected java.util.List org.apache.cxf.ws.addressing.EndpointReferenceType.any [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected javax.xml.namespace.QName org.apache.cxf.ws.addressing.AttributedQNameType.value [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected java.math.BigInteger org.apache.cxf.ws.addressing.AttributedUnsignedLongType.value [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected org.apache.cxf.ws.addressing.AttributedURIType org.apache.cxf.ws.addressing.ProblemActionType.action [Wed Aug 22 15:04:30 EDT 2012]

FINE: Using optimized Accessor for protected java.lang.String org.apache.cxf.ws.addressing.ProblemActionType.soapAction [Wed Aug 22 15:04:30 EDT 2012]

FINE: Alternative {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding is not supported [Wed Aug 22 15:04:30 EDT 2012]

Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied.

at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)

at $Proxy26.sayHello(Unknown Source)

at trusttest.client.TrustTest.main(TrustTest.java:62)

Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.

at org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicyImpl.java:165)

at org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImpl.java:145)

at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:141)

at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:549)

at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:295)

at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:278)

at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)

at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:320)

at org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:305)

at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:250)

at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:228)

at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:235)

at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)

at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare(UpfrontConduitSelector.java:63)

at org.apache.cxf.endpoint.ClientImpl.prepareConduitSelector(ClientImpl.java:851)

at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:526)

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)

at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)

at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)

... 2 more

The WSDL is exactly as provided by the web-page linked to above, except I changed the location of the sts.

I ran a packet-sniffer to see what is getting conversed between client and server, but it didn't get to the contacting the sts part.

GET /TrustTest/SecurityService?wsdl HTTP/1.1 - 200 OK WSDL makes it to the client.

GET /TrustTest/SecurityService?xsd=SecurityService_schema1.xsd HTTP/1.1 - caused by import in wsdl

GET /TrustTest/SecurityService?xsd=SecurityService_schema1.xsd HTTP/1.1 - second time, why?

I'm trying to make heads or tails from this, but I can't figure this out and I need help.

"AsymmetricBinding is not supported"? Does this have anything to do with it using JDK JAX-WS classes instead of CXF classes?

Anything anyone can think of trying or any information I can provide that might help? I can't be the first one that's running into this? All I'm trying to do is take the latest stock JBoss release and the latest sample from the up to date (is it?) document, and I'm trying to get it to run...

1. Re: AS7, WS-TrustWithJBossWS-CXFOnJBossAS71 sample: "None of the policy alternatives can be satisfied."

okidoky Aug 22, 2012 4:04 PM (in response to okidoky)

My current "TrustTest" has this:

Bus bus = BusFactory.newInstance().createBus();
try
{
/*
          List<Interceptor<? extends Message>> interceptors = bus.getOutInterceptors();
          interceptors.add(new Interceptor<Message>()
          {
                    @Override
                    public void handleFault(Message arg0)
                    {
                              System.out.println("?????????? " + arg0);
                    }

                    @Override
                    public void handleMessage(Message arg0) throws Fault
                    {
                              System.out.println("++++++++++ " + arg0);
                    }
          });
*/
          SecurityService securityService = new SecurityService();
          System.out.println("securityService = " + securityService);

          ServiceIface port = securityService.getSecurityServicePort();
          System.out.println("port = " + port);

          Map<String, Object> ctx = ((BindingProvider)port).getRequestContext();
          ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
          ctx.put(SecurityConstants.SIGNATURE_PROPERTIES, TrustTest.class.getClassLoader().getResource("META-INF/clientKeystore.properties"));
          ctx.put(SecurityConstants.ENCRYPT_PROPERTIES, TrustTest.class.getClassLoader().getResource("META-INF/clientKeystore.properties"));
          ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
          ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
          STSClient stsClient = new STSClient(bus);
          stsClient.setWsdlLocation("XYZ" + "?wsdl");
          stsClient.setServiceQName(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "SecurityTokenService"));
          stsClient.setEndpointQName(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "UT_Port"));
          Map<String, Object> props = stsClient.getProperties();
          props.put(SecurityConstants.USERNAME, "alice");
          props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
          props.put(SecurityConstants.ENCRYPT_PROPERTIES, TrustTest.class.getClassLoader().getResource("META-INF/clientKeystore.properties"));
          props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
          props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
          props.put(SecurityConstants.STS_TOKEN_PROPERTIES, TrustTest.class.getClassLoader().getResource("META-INF/clientKeystore.properties"));
          props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
          ctx.put(SecurityConstants.STS_CLIENT, stsClient);

          port.sayHello();
}
finally
{
          bus.shutdown(true);
}
Actions
2. Re: AS7, WS-TrustWithJBossWS-CXFOnJBossAS71 sample: "None of the policy alternatives can be satisfied."

okidoky Aug 24, 2012 9:59 PM (in response to okidoky)

Made the WSTrustTestCase.java run, as-is, without modifying any of its code. Same exception happens. Got latest 7.1.2.Final, compiled, same exception. Got nightly build 7.2.0.Final-SNAPSHOT, same exception.
Actions
3. Re: AS7, WS-TrustWithJBossWS-CXFOnJBossAS71 sample: "None of the policy alternatives can be satisfied."

asoldano Aug 28, 2012 6:34 AM (in response to okidoky)

Have you installed JBossWS-CXF 4.1.0-SNAPSHOT to the target application server? See my latest comment on https://community.jboss.org/wiki/WS-TrustWithJBossWS-CXFOnJBossAS71
Hopefully by the end of this week we'll be installing a new 4.1.0 beta2 release into the AS7 master, so soon you could also try using the latest AS 7.2.0-Final-SNAPSHOT and the new beta maven artifacts on client side.
Actions

Go to original post