Reputation: 1071
org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied
I would like to write a simple integration test with JUnit and Apache CXF to test some WS-Security-enabled services. While I try to run my code:
MyService myService = new myWsService(MY_SERVICE_WSDL).getMyWs()
Client client = ClientProxy.getClient(myService);
Map<String, Object> ctx = ((BindingProvider) myService).getRequestContext();
ctx.put("ws-security.callback-handler", new KeystorePasswordCallback());
ctx.put("ws-security.signature.crypto", new MyMerlinImpl());
Where MyMerlinImpl simply passes required Merln.* property values in overridden loadProperties method,
I get:
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}WssX509V1Token11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireIssuerSerialReference registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256Sha256 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InclusiveC14N registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Strict registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}OnlySignEntireHeadersAndBody registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}MustSupportRefIssuerSerial registered.
org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.
What am I doing wrong? These seem to be rather standard policies... In fact, I use the same code on a JBoss EAP 6.1 WS client and it works well.
Upvotes: 5
Views: 22981
Answers (7)
Reputation: 21
If you are using Spring Boot, you can disable policy check like this:
@Bean(name = Bus.DEFAULT_BUS_ID)
public SpringBus springBus() {
SpringBus springBus = new SpringBus();
var e = new PolicyEngineBPDefinitionParser.PolicyEngineConfig(springBus);
e.setEnabled(false);
springBus.getFeatures().add(e);
}
Upvotes: 2
Reputation: 1900
Do you have the cxf-rt-ws-security jar on the classpath?
Colm.
Upvotes: 9
Reputation: 1562
My own two cents : in my own special scenario (JAX-WS, WS-Security, WS-SecurityPolicy), this error was occuring when doing client.getConduit(), like below:
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
The above code was running without throwing any exceptions (although I had other problems later), when using Apache CXF 2.7.18 - I started to have problems with assertion builder when upgrading to Apache CXF 3.0.16. Now cxt-rt-ws-security JAR WAS on the classpath, but it seems that WSS4J in this version of CXF was split into multiple JARs, therefore I had to include wss4j-policy JAR from the CXF downloaded bundle to the classpath.
The error remained the same, but at least a long string of WARNings from assertion builder disappeared (No assertion builder for type T registered), being replaced now by:
13:45:55,723 WARN WSSecurityPolicyLoader,main:112 - Could not load or register WS-SecurityPolicy related classes. Please check that (the correct version of) Apache WSS4J is on the classpath: org/apache/wss4j/dom/handler/WSHandler
13:45:55,753 WARN WSSecurityPolicyLoader,main:112 - Could not load or register WS-SecurityPolicy related classes. Please check that (the correct version of) Apache WSS4J is on the classpath: org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor
To make the story short, I received other warnings (I was finding the JARs by doing a blind grep inside the lib directory of the CXF bundle, and including them one by one),
and ended up including all wss4j-*.jar files
And the call to getConduit() now passes at least. Whew.
Upvotes: 1
Reputation: 3054
Answer given by Chetan works, however, if you are getting error for multiple policies you need to add them in a Set
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry reg = bus.getExtension(PolicyInterceptorProviderRegistry.class);
Set <QName> set = new HashSet<>();
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "IncludeTimestamp") );
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "TransportBinding"));
reg.register(new IgnorablePolicyInterceptorProvider(set));
This link explains the solution in detail
Upvotes: 3
Reputation: 1537
If the Policy defined in the WSDL file is non standard, then CXF will not be able resolve it.Hence the error.
There are two way - Either you can ignore it (if its okay to ignore) or provide an alternate provider.
To ignore - create an instance of IgnorablePolicyInterceptorProvider and register it.
Below is example for ignoring NtlmAuthentication policy if defined in your WSDL. Note: NtlmAuthentication should be handled differently than setting soap header.
Client client = ClientProxy.getClient(port);
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry pipr = bus.getExtension(PolicyInterceptorProviderRegistry.class);
QName ntmlIgnore = new QName("http://schemas.microsoft.com/ws/06/2004/policy/http", "NtlmAuthentication");
interceptorRegProvider.register(new IgnorablePolicyInterceptorProvider(ntmlIgnore));
Upvotes: 0
Reputation: 1071
Finally solved this by adding WSS4JOutInterceptor. It seems that in JBoss this interceptor is added automatically...
Client client = ClientProxy.getClient(myService);
Endpoint endpoint = client.getEndpoint()
endpoint.getOutInterceptors().add(new WSS4JOutInterceptor())
Upvotes: 0
Related Questions
- Apache CXF Policy Exception (WS Security)- Security configuration could not be detected
- JAVA - CXF WS-security "A security error was encountered when verifying the message"
- Apache CXF - javax.xml.ws.soap.SOAPFaultException: No security action was defined
- cxf ws-security client does not bind the configuration file
- WS Policy with Apache CXF 3.0
- Apache CXF - None of the policy alternatives can be satisfied
- WS-SecurityPolicy configuration of CXF client
- PolicyVerificationInInterceptor Inbound policy verification failed: These policy alternatives can not be satisfied WSS4J + CXF Client
- WS Security Error: 181001 while trying to access to a web service through Apache CXF
- CXF generated WSDL doesn't contain WS-SecurityPolicy definition