0 Replies Latest reply on Oct 2, 2015 5:26 PM by Mafer JI

    Following WS-security Example: javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied.

    Mafer JI Newbie

      Hello everyone!


      I'm doing a test to implement a secure web service, using WS-Security encryption and signature in using this example. The service was deployed in JBoss EAP 6.2 (this AS come with Jboss WS 4.2.3 with default). The service deploys   and I can see the wsdl, but when I try to consume from the client I get the following error:


      INFO: Creating Service {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}SecurityService from WSDL: http://myhost:8080/PCWSEC/SecurityService?wsdl

      Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied.

        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)

        at com.sun.proxy.$Proxy26.sayHello(Unknown Source)

        at org.jboss.jbossws.ws_extensions.wssecuritypolicy.SecurityService.main(SecurityService.java:106)

      Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.

        at org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicyImpl.java:166)

        at org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImpl.java:145)

        at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:141)

        at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:550)

        at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:296)

        at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:279)

        at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61)

        at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:309)

        at org.apache.cxf.transport.http.HTTPConduit.<init>(HTTPConduit.java:295)

        at org.apache.cxf.transport.http.URLConnectionHTTPConduit.<init>(URLConnectionHTTPConduit.java:67)

        at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:258)

        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:238)

        at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:245)

        at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:103)

        at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare(UpfrontConduitSelector.java:63)

        at org.apache.cxf.endpoint.ClientImpl.prepareConduitSelector(ClientImpl.java:886)

        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:560)

        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)

        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)

        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)

        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)

        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)

        ... 2 more

      Java Result: 1


      My service client looks like this:

      package.clientwssec;

       

       

      import poc.clientwssec.ServiceIface;

      import java.io.File;

      import java.net.MalformedURLException;

      import java.net.URL;

      import java.util.Map;

      import java.util.logging.Level;

      import java.util.logging.Logger;

      import javax.xml.namespace.QName;

      import javax.xml.ws.BindingProvider;

      import javax.xml.ws.WebEndpoint;

      import javax.xml.ws.WebServiceClient;

      import javax.xml.ws.WebServiceFeature;

      import javax.xml.ws.Service;

      import org.jboss.jbossws.ws_extensions.wssecuritypolicy.callbackhandler.KeystorePasswordCallback;

      //import  org.apache.cxf.ws.security.*;

       

       

      /**

      * This class was generated by Apache CXF 2.7.7.redhat-1

      * 2015-09-22T16:32:40.400-05:00 Generated source version: 2.7.7.redhat-1

      *

      */

      @WebServiceClient(name = "SecurityService",

              wsdlLocation = "http://myhost:8080/PCWSEC/SecurityService?wsdl",

              targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy")

      public class SecurityService extends Service {

       

       

          public final static URL WSDL_LOCATION;

       

       

          public final static QName SERVICE = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");

          public final static QName SecurityServicePort = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityServicePort");

       

       

          static {

              URL url = null;

              try {

                  url = new URL("http://myhost:8080/PCWSEC/SecurityService?wsdl");

                 // url = new URL("file:///Users/Myuser/Documents/NetBeansProjects/PCWSEC/web/WEB-INF/wsdl/SecurityService.wsdl");

              } catch (MalformedURLException e) {

                  java.util.logging.Logger.getLogger(SecurityService.class.getName())

                          .log(java.util.logging.Level.INFO,

                                  "Can not initialize the default wsdl from {0}", "file:/C:/jboss-eap-6.2/bin/SecurityService.wsdl");

              }

              WSDL_LOCATION = url;

          }

       

       

          public SecurityService(URL wsdlLocation) {

              super(wsdlLocation, SERVICE);

          }

       

       

          public SecurityService(URL wsdlLocation, QName serviceName) {

              super(wsdlLocation, serviceName);

          }

       

       

          public SecurityService() {

              super(WSDL_LOCATION, SERVICE);

          }

       

       

          /**

           *

           * @return returns ServiceIface

           */

          @WebEndpoint(name = "SecurityServicePort")

          public ServiceIface getSecurityServicePort() {

              return super.getPort(SecurityServicePort, ServiceIface.class);

          }

       

       

          /**

           *

           * @param features A list of {@link javax.xml.ws.WebServiceFeature} to

           * configure on the proxy. Supported features not in the

           * <code>features</code> parameter will have their default values.

           * @return returns ServiceIface

           */

          @WebEndpoint(name = "SecurityServicePort")

          public ServiceIface getSecurityServicePort(WebServiceFeature... features) {

              return super.getPort(SecurityServicePort, ServiceIface.class, features);

          }

       

       

          public static void main(String[] args) {

            

              try {

                  Service service = Service.create(WSDL_LOCATION, SERVICE);

                  ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);

                  KeystorePasswordCallback ksCallback = new KeystorePasswordCallback();

                  Map<String,Object> conf =  ((BindingProvider) proxy).getRequestContext();

                  conf.put("ws-security.callback-handler", ksCallback);

                  File file1 = new File("C:/Users/MyUser/Documents/NetBeansProjects/PCWSEC/web/WEB-INF/alice.properties");

                  conf.put("ws-security.signature.properties",file1.toURI().toURL());

                  conf.put("ws-security.encryption.properties",file1.toURI().toURL());

                  conf.put("ws-security.signature.username", "alice");

                  conf.put("ws-security.encryption.username", "bob");

       

       

                  String result = proxy.sayHello();

                  System.out.println("result ="+result  );

              } catch (MalformedURLException ex) {

                  Logger.getLogger(SecurityService.class.getName()).log(Level.SEVERE, null, ex);

             }

             

          }

       

       

      }


      the published WSDL looks like this:


      <?xml version="1.0" encoding="UTF-8" standalone="yes"?>

      <definitions targetNamespace="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy" name="SecurityService"

              xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy"

              xmlns:xsd="http://www.w3.org/2001/XMLSchema"

              xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"

              xmlns="http://schemas.xmlsoap.org/wsdl/"

              xmlns:wsp="http://www.w3.org/ns/ws-policy"

              xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

              xmlns:wsaws="http://www.w3.org/2005/08/addressing"

              xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <types>

        <xsd:schema version="1.0" targetNamespace="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy" xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

       

       

        <xsd:element name="sayHello" type="tns:sayHello"/>

       

       

        <xsd:element name="sayHelloResponse" type="tns:sayHelloResponse"/>

       

       

        <xsd:complexType name="sayHello">

        <xsd:sequence/>

        </xsd:complexType>

       

       

        <xsd:complexType name="sayHelloResponse">

        <xsd:sequence>

        <xsd:element name="return" type="xsd:string" minOccurs="0"/>

        </xsd:sequence>

        </xsd:complexType>

        </xsd:schema>

        </types>

        <message name="sayHello">

        <part name="parameters" element="tns:sayHello"/>

        </message>

        <message name="sayHelloResponse">

        <part name="parameters" element="tns:sayHelloResponse"/>

        </message>

        <portType name="ServiceIface">

        <operation name="sayHello">

        <input message="tns:sayHello"/>

        <output message="tns:sayHelloResponse"/>

        </operation>

        </portType>

        <binding name="SecurityServicePortBinding" type="tns:ServiceIface">

        <wsp:PolicyReference URI="#SecurityServiceSignThenEncryptPolicy"/>

        <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>

        <operation name="sayHello">

        <soap:operation soapAction=""/>

        <input>

        <soap:body use="literal"/>

        </input>

        <output>

        <soap:body use="literal"/>

        </output>

        </operation>

        </binding>

        <service name="SecurityService">

        <port name="SecurityServicePort" binding="tns:SecurityServicePortBinding">

        <soap:address location="http://localhost:8080/jaxws-samples-wssePolicy-sign-encrypt"/>

        </port>

        </service>

       

       

        <wsp:Policy wsu:Id="SecurityServiceSignThenEncryptPolicy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <wsp:ExactlyOne>

        <wsp:All>

        <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <wsp:Policy>

        <sp:InitiatorToken>

        <wsp:Policy>

        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">

        <wsp:Policy>

        <sp:WssX509V1Token11/>

        </wsp:Policy>

        </sp:X509Token>

        </wsp:Policy>

        </sp:InitiatorToken>

        <sp:RecipientToken>

        <wsp:Policy>

        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">

        <wsp:Policy>

        <sp:WssX509V1Token11/>

        </wsp:Policy>

        </sp:X509Token>

        </wsp:Policy>

        </sp:RecipientToken>

        <sp:AlgorithmSuite>

        <wsp:Policy>

        <sp:TripleDes/>

        </wsp:Policy>

        </sp:AlgorithmSuite>

        <sp:Layout>

        <wsp:Policy>

        <sp:Lax/>

        </wsp:Policy>

        </sp:Layout>

        <sp:IncludeTimestamp/>

        <sp:EncryptSignature/>

        <sp:OnlySignEntireHeadersAndBody/>

        <sp:SignBeforeEncrypting/>

        </wsp:Policy>

        </sp:AsymmetricBinding>

        <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <sp:Body/>

        </sp:SignedParts>

        <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <sp:Body/>

        </sp:EncryptedParts>

        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

        <wsp:Policy>

        <sp:MustSupportRefIssuerSerial/>

        </wsp:Policy>

        </sp:Wss10>

        </wsp:All>

        </wsp:ExactlyOne>

        </wsp:Policy>

      </definitions>


      I had created and configured the keystores for the server and client keytool and made the respective exchanges of certificates.


      Anyone have any idea we can solve this problem and consume the service successfully ?. I tried a lot of configurations of libraries in my client. Someone can helpe to know wich libraries or what can i do to solve this problem?

      Thank you very much in advance!