Hello,
I have been trying to migrate a secure web service deployed in JBoss AS 5.1 to AS7.1. Having realized that the process is quite different now, I decided to start small and follow the WS-Security for AS7.1 documentation.Unfortunately, I did not manage to get the service working as expected (sign & encrypt). I keep getting errors like this:
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding" was evaluated as "UNKNOWN".
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss10" was evaluated as "UNKNOWN".
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:129)
at $Proxy22.sayHello(Unknown Source)
at Test.main(Test.java:22)
or this (with a slightly altered WSDL):
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding" was evaluated as "UNKNOWN".
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss10" was evaluated as "UNKNOWN".
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp: Received Timestamp does not match the requirements
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:129)
at $Proxy22.sayHello(Unknown Source)
at Test.main(Test.java:22)
I have tried changing the ws-securitypolicy configuration in my WSDL - as described in the WS-SecurityPolicy standard - but to no avail.
Are the sample web services described in the above WS-Security link located anywhere? I would very much like to download them, and try to deploy them as they are. Perhaps I might get a better idea of what I might be doing wrong.
Regards,
Dimitris