0 Replies Latest reply on Sep 28, 2010 5:39 AM by Mikael Beermann

    Problem with WS-SecurityPolicy username token in CXF

    Mikael Beermann Newbie

      I have a problem using WS-SecurityPolicy in the WSDL. I want to use authentication with username token
      and have declared that using ws-policy in the WSDL file.
      in the jbossws-cxf.xml file I have declared properties for a callback validating the password.

       

      When calling the web service with the correct username and password the callback is called,
      but I still get thhe fault:
      <soap:Fault>
               <faultcode>soap:Server</faultcode>
               <faultstring>These policy alternatives can not be satisfied:

       

      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken</faultstring>
            </soap:Fault>

       

       

      The following policy is used:


      <wsp:Policy wsu:Id="servicePolicy">
              <wsp:ExactlyOne>
                  <wsp:All>
                      <sp:SupportingTokens>
                          <wsp:Policy>
                              <sp:UsernameToken
                                      sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                                  <wsp:Policy>
                                      <sp:WssUsernameToken10/>
                                  </wsp:Policy>
                              </sp:UsernameToken>
                          </wsp:Policy>
                      </sp:SupportingTokens>
                  </wsp:All>
              </wsp:ExactlyOne>
         </wsp:Policy>

       

      and this is the endpoint declaration:


      <jaxws:endpoint  id="TestServiceImpl"
                           address="/services/Organization/TestService"
                           implementor="com.ebuilder.service.Test.TestServiceImpl"
                           wsdlLocation="META-INF/wsdl/TestService.wsdl">
                    <jaxws:properties>
                        <entry key="action"  value="UsernameToken"/>
                        <entry key="passwordType" value="PasswordText"/>
                     <entry key="ws-security.callback-handler" value="com.mycompany.ws.wsse.ServerPasswordCallback">

                       </entry>

              </jaxws:properties>

              <jaxws:invoker>
                  <bean class='org.jboss.wsf.stack.cxf.InvokerEJB3'/>
              </jaxws:invoker>
              <jaxws:features>
                  <bean class="org.apache.cxf.feature.LoggingFeature"/>
              </jaxws:features>
          </jaxws:endpoint >

       

      /Mikael