0 Replies Latest reply on Oct 2, 2015 6:05 PM by maferjizaya

    Error consuming Ws-secure service: javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied.

    maferjizaya
    maferjizaya Oct 2, 2015 6:05 PM

      Hello everyone! I'm doing a test to implement a secure web service, using WS-Security encryption and signature. Im following this example. The service was deployed in JBoss EAP 6.2 (this AS come with Jboss WS 4.2.3 with default).


      The service deploys   and I can see the wsdl, but when I try to consume from the client I get the following error:


      INFO: Creating Service {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}SecurityService from WSDL: http://myhost:8080/PCWSEC/SecurityService?wsdl

      oct 02, 2015 4:06:27 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL

      INFO: Creating Service {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}SecurityService from WSDL: http://myhostj:8080/PCWSEC/SecurityService?wsdl

      Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied.

        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)

        at com.sun.proxy.$Proxy26.sayHello(Unknown Source)

        at org.jboss.jbossws.ws_extensions.wssecuritypolicy.SecurityService.main(SecurityService.java:106)

      Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.

        at org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicyImpl.java:166)

        at org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImpl.java:145)

        at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:141)

        at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:550)

        at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:296)

        at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:279)

        at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)

        at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:309)

        at org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:295)

        at org.apache.cxf.transport.http.URLConnectionHTTPConduit.<init>(URLConnectionHTTPConduit.java:67)

        at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:258)

        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:238)

        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:245)

        at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)

        at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare(UpfrontConduitSelector.java:63)

        at org.apache.cxf.endpoint.ClientImpl.prepareConduitSelector(ClientImpl.java:886)

        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:560)

        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)

        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)

        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)

        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)

        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)

        ... 2 more

      Java Result: 1


      My client looks look this:


      package org.jboss.jbossws.ws_extensions.wssecuritypolicy;

       

       

      import java.io.File;

      import java.net.MalformedURLException;

      import java.net.URL;

      import java.util.Map;

      import java.util.logging.Level;

      import java.util.logging.Logger;

      import javax.xml.namespace.QName;

      import javax.xml.ws.BindingProvider;

      import javax.xml.ws.WebEndpoint;

      import javax.xml.ws.WebServiceClient;

      import javax.xml.ws.WebServiceFeature;

      import javax.xml.ws.Service;

      import org.jboss.jbossws.ws_extensions.wssecuritypolicy.callbackhandler.KeystorePasswordCallback;

      //import  org.apache.cxf.ws.security.*;

      import org.apache.ws.security.handler.WSHandlerConstants;

       

       

      /**

      * This class was generated by Apache CXF 2.7.7.redhat-1

      * 2015-09-22T16:32:40.400-05:00 Generated source version: 2.7.7.redhat-1

      *

      */

      @WebServiceClient(name = "SecurityService",

              wsdlLocation = "http://myhost:8080/PCWSEC/SecurityService?wsdl",

              targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy")

      public class SecurityService extends Service {

       

       

          public final static URL WSDL_LOCATION;

       

       

          public final static QName SERVICE = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");

          public final static QName SecurityServicePort = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityServicePort");

       

       

          static {

              URL url = null;

              try {

                  url = new URL("http://myhost:8080/PCWSEC/SecurityService?wsdl");

               

              } catch (MalformedURLException e) {

                  java.util.logging.Logger.getLogger(SecurityService.class.getName())

                          .log(java.util.logging.Level.INFO,

                                  "Can not initialize the default wsdl from {0}", "file:/C:/jboss-eap-6.2/bin/SecurityService.wsdl");

              }

              WSDL_LOCATION = url;

          }

       

       

          public SecurityService(URL wsdlLocation) {

              super(wsdlLocation, SERVICE);

          }

       

       

          public SecurityService(URL wsdlLocation, QName serviceName) {

              super(wsdlLocation, serviceName);

          }

       

       

          public SecurityService() {

              super(WSDL_LOCATION, SERVICE);

          }

       

       

          /**

           *

           * @return returns ServiceIface

           */

          @WebEndpoint(name = "SecurityServicePort")

          public ServiceIface getSecurityServicePort() {

              return super.getPort(SecurityServicePort, ServiceIface.class);

          }

       

       

          /**

           *

           * @param features A list of {@link javax.xml.ws.WebServiceFeature} to

           * configure on the proxy. Supported features not in the

           * <code>features</code> parameter will have their default values.

           * @return returns ServiceIface

           */

          @WebEndpoint(name = "SecurityServicePort")

          public ServiceIface getSecurityServicePort(WebServiceFeature... features) {

              return super.getPort(SecurityServicePort, ServiceIface.class, features);

          }

       

       

          public static void main(String[] args) {

           

              try {

                  Service service = Service.create(WSDL_LOCATION, SERVICE);

                  ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);

                  KeystorePasswordCallback ksCallback = new KeystorePasswordCallback();

                  Map<String,Object> conf =  ((BindingProvider) proxy).getRequestContext();

                  conf.put("ws-security.callback-handler", ksCallback);

                  File file1 = new File("C:/Users/myuser/Documents/NetBeansProjects/PCWSEC/web/WEB-INF/alice.properties");

                  conf.put("ws-security.signature.properties",file1.toURI().toURL());

                  conf.put("ws-security.encryption.properties",file1.toURI().toURL());

                  conf.put("ws-security.signature.username", "alice");

                  conf.put("ws-security.encryption.username", "bob");

            

       

       

                  String result = proxy.sayHello();

                  System.out.println("result ="+result  );

              } catch (MalformedURLException ex) {

                  Logger.getLogger(SecurityService.class.getName()).log(Level.SEVERE, null, ex);

             }

            

          }

       

       

      }


      The web service has the following wsdl:

      <?xml version="1.0" encoding="UTF-8" standalone="yes"?>

      <definitions targetNamespace="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy" name="SecurityService"

              xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy"

              xmlns:xsd="http://www.w3.org/2001/XMLSchema"

              xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"

              xmlns="http://schemas.xmlsoap.org/wsdl/"

              xmlns:wsp="http://www.w3.org/ns/ws-policy"

              xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

              xmlns:wsaws="http://www.w3.org/2005/08/addressing"

              xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <types>

        <xsd:schema version="1.0" targetNamespace="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy" xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

       

       

        <xsd:element name="sayHello" type="tns:sayHello"/>

       

       

        <xsd:element name="sayHelloResponse" type="tns:sayHelloResponse"/>

       

       

        <xsd:complexType name="sayHello">

        <xsd:sequence/>

        </xsd:complexType>

       

       

        <xsd:complexType name="sayHelloResponse">

        <xsd:sequence>

        <xsd:element name="return" type="xsd:string" minOccurs="0"/>

        </xsd:sequence>

        </xsd:complexType>

        </xsd:schema>

        </types>

        <message name="sayHello">

        <part name="parameters" element="tns:sayHello"/>

        </message>

        <message name="sayHelloResponse">

        <part name="parameters" element="tns:sayHelloResponse"/>

        </message>

        <portType name="ServiceIface">

        <operation name="sayHello">

        <input message="tns:sayHello"/>

        <output message="tns:sayHelloResponse"/>

        </operation>

        </portType>

        <binding name="SecurityServicePortBinding" type="tns:ServiceIface">

        <wsp:PolicyReference URI="#SecurityServiceSignThenEncryptPolicy"/>

        <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>

        <operation name="sayHello">

        <soap:operation soapAction=""/>

        <input>

        <soap:body use="literal"/>

        </input>

        <output>

        <soap:body use="literal"/>

        </output>

        </operation>

        </binding>

        <service name="SecurityService">

        <port name="SecurityServicePort" binding="tns:SecurityServicePortBinding">

        <soap:address location="http://localhost:8080/jaxws-samples-wssePolicy-sign-encrypt"/>

        </port>

        </service>

       

       

        <wsp:Policy wsu:Id="SecurityServiceSignThenEncryptPolicy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <wsp:ExactlyOne>

        <wsp:All>

        <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <wsp:Policy>

        <sp:InitiatorToken>

        <wsp:Policy>

        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">

        <wsp:Policy>

        <sp:WssX509V1Token11/>

        </wsp:Policy>

        </sp:X509Token>

        </wsp:Policy>

        </sp:InitiatorToken>

        <sp:RecipientToken>

        <wsp:Policy>

        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">

        <wsp:Policy>

        <sp:WssX509V1Token11/>

        </wsp:Policy>

        </sp:X509Token>

        </wsp:Policy>

        </sp:RecipientToken>

        <sp:AlgorithmSuite>

        <wsp:Policy>

        <sp:TripleDes/>

        </wsp:Policy>

        </sp:AlgorithmSuite>

        <sp:Layout>

        <wsp:Policy>

        <sp:Lax/>

        </wsp:Policy>

        </sp:Layout>

        <sp:IncludeTimestamp/>

        <sp:EncryptSignature/>

        <sp:OnlySignEntireHeadersAndBody/>

        <sp:SignBeforeEncrypting/>

        </wsp:Policy>

        </sp:AsymmetricBinding>

        <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <sp:Body/>

        </sp:SignedParts>

        <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <sp:Body/>

        </sp:EncryptedParts>

        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <wsp:Policy>

        <sp:MustSupportRefIssuerSerial/>

        </wsp:Policy>

        </sp:Wss10>

        </wsp:All>

        </wsp:ExactlyOne>

        </wsp:Policy>

      </definitions>



      I had created and configured the  keystores for the server and client keytool  and made the respective exchanges of certificates.


      Anyone have any idea we can solve this problem and consume the service successfully ?. I tryed a lot of library configurations in my client .


      Thank you very much in advance.