[jboss-user] [JBoss Web Services] - Problem with WS-SecurityPolicy username token in CXF

[Mikael Beermann]

Mikael Beermann [http://community.jboss.org/people/mikael_beermann] created the discussion

"Problem with WS-SecurityPolicy username token in CXF"

To view the discussion, visit: http://community.jboss.org/message/563875#563875

--------------------------------------------------------------
I have a problem using WS-SecurityPolicy in the WSDL. I want to use authentication with username token 
and have declared that using ws-policy in the WSDL file.
in the jbossws-cxf.xml file I have declared properties for a callback validating the password.

When calling the web service with the correct username and password the callback is called, 
but I still get thhe fault: 
<soap:Fault>
         <faultcode>soap:Server</faultcode>
         <faultstring>These policy alternatives can not be satisfied:

{ http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702 http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens
{ http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702 http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken</faultstring>
      </soap:Fault>


The following policy is used:

<wsp:Policy wsu:Id="servicePolicy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:SupportingTokens>
                    <wsp:Policy>
                        <sp:UsernameToken
                                sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                            <wsp:Policy>
                                <sp:WssUsernameToken10/>
                            </wsp:Policy>
                        </sp:UsernameToken>
                    </wsp:Policy>
                </sp:SupportingTokens>
            </wsp:All>
        </wsp:ExactlyOne>
   </wsp:Policy> 

and this is the endpoint declaration:

 <jaxws:endpoint  id="TestServiceImpl"
                     address="/services/Organization/TestService"
                     implementor="com.ebuilder.service.Test.TestServiceImpl"
                     wsdlLocation="META-INF/wsdl/TestService.wsdl">
              <jaxws:properties>
                  <entry key="action"  value="UsernameToken"/>
                  <entry key="passwordType" value="PasswordText"/>
               <entry key="ws-security.callback-handler" value="com.mycompany.ws.wsse.ServerPasswordCallback">

                 </entry>
        </jaxws:properties>
        <jaxws:invoker>
            <bean class='org.jboss.wsf.stack.cxf.InvokerEJB3'/>
        </jaxws:invoker>
        <jaxws:features>
            <bean class="org.apache.cxf.feature.LoggingFeature"/>
        </jaxws:features>
    </jaxws:endpoint >

/Mikael
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/563875#563875]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100929/6a9c85a2/attachment.html