stackoom
  简体   繁体   中英

Specification of SOAP wsdl for UsernameToken

 原文  2015-12-30 14:29:40       java/ web-services/ soap/ wsdl/ cxf

Question

I'm writing a client to connect to a SOAP webservice using a WSDL first approach. For implementation I am using Apache CXF version 3.1.4

When testing I get the following exception:

12:35:15.492 [main] WARN oacwpawWsdl11AttachmentPolicyProvider - Failed to build the policy 'UsernameToken':sp:UsernameToken must have an inner wsp:Policy element Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: sp:UsernameToken must have an inner wsp:Policy element at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:160) at com.sun.proxy.$Proxy36.getPing(Unknown Source) ... Caused by: java.lang.IllegalArgumentException: sp:UsernameToken must have an inner wsp:Policy element at org.apache.wss4j.policy.builders.UsernameTokenBuilder.build(UsernameTokenBuilder.java:52) at org.apache.wss4j.policy.builders.UsernameTokenBuilder.build(UsernameTokenBuilder.java:34) at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)

The relevant part of the WSDL file looks like this:

<wsp:Policy wsu:Id="UsernameToken"> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>

The error message indicates that CXF expects a policy tag under UsernameToken. And indeed, while researching I came across a comment from CXF bug tracker :

Yes... Per spec, the <sp:UsernameToken> element MUST contain an internal wsp:Policy element. It should look like: <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssUsernameToken11 /> </wsp:Policy> </sp:UsernameToken>

But, the specification says :

/sp:UsernameToken/wsp:Policy This optional element identifies additional requirements for use of the sp:UsernameToken assertion.

Note: Optional.

So which one is it? It seems that CXf requires a policy while the specification says it is optional. Is there another specification I need to look at?

1 answers

solution1
 2 ACCPTED  2016-01-04 12:35:48

Seems the question was fairly unnoticed here on SO, but in google leads someone here, I might as well post the solution.

I posted the same question on the Apache CXF user mailing list and got a reply:

It's a bug in WSS4J which I've just fixed: https://issues.apache.org/jira/browse/WSS-564

WS-SecurityPolicy 1.2 + 1.3 require a policy Element, but 1.1 doesn't. Until the next WSS4J release, your best bet is just to have an empty policy Element.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add SOAP Security Header (UsernameToken) information to code-first Webservice Generated WSDL UserNameToken in soap from Java How to generate UsernameToken for SOAP request? Secure WS client with UsernameToken(SOAP security header) Problem authenticating SOAP usernameToken with Apache CXF SOAP security header with UsernameToken and SecurityContextToken - CXF How to create a SOAP API request with UsernameToken in JAVA? Java Soap Service Add UsernameToken Header webservice SOAP UsernameToken CXF not send username/password on each requests Set the SOAP:Location in WSDL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM