Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5335

Incorrect handle of ws-policy 1.1 (Incorrect inclusion value: null)

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.7.6
    • Fix Version/s: 2.7.8, 2.6.11
    • Component/s: WS-* Components
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      I created of JAX-WS client for working with "third-party" web service.
      Web service provides the WSDL with ws-policy settings:

      <sp:AsymmetricBinding
      	xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      	<wsp:Policy>
      		<sp:InitiatorToken>
      			<wsp:Policy>
      				<sp:X509Token
      					sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
      					<wsp:Policy>
      						<sp:WssX509V3Token10 />
      					</wsp:Policy>
      				</sp:X509Token>
      			</wsp:Policy>
      		</sp:InitiatorToken>
      		<sp:RecipientToken>
      			<wsp:Policy>
      				<sp:X509Token
      					sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator">
      					<wsp:Policy>
      						<sp:WssX509V3Token10 />
      					</wsp:Policy>
      				</sp:X509Token>
      			</wsp:Policy>
      		</sp:RecipientToken>
      		<sp:AlgorithmSuite>
      

      During of the client execution I got next exception:

      org.apache.cxf.binding.soap.SoapFault: Incorrect inclusion value: null
      Caused by: java.lang.RuntimeException: Incorrect inclusion value: null
      	at org.apache.cxf.ws.security.policy.model.Token.setInclusion(Token.java:70)
      	at org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:69)
      	at org.apache.cxf.ws.security.policy.builders.X509TokenBuilder.build(X509TokenBuilder.java:40)
      	at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
      	at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117)
      	at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224)
      	at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174)
      	at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124)
      . . .
      

      After examining the documentation for WS-Policy specification v.1.1, I found a difference in the list of X.509 token inclusions. Specification Errata contains token inclusion as in WSDL: <...>/AlwaysToInitiator. "Base" specification is not contains of that inclusion.

      CXF implementation of ws-policy 1.1 is not contains the constant for "Errata" version of the specification (i.e. not contains constant for http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator) and as result the code throw RuntimeException.

      In runtime after executing the method from class org.apache.cxf.ws.security.policy.SP11Constants:

      public IncludeTokenType getInclusionFromAttributeValue(String value) {
         
              if (INCLUDE_ALWAYS.equals(value)) {
                  return IncludeTokenType.INCLUDE_TOKEN_ALWAYS;
              } else if (INCLUDE_ALWAYS_TO_RECIPIENT.equals(value)) {
                  return IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT;
              } else if (INCLUDE_NEVER.equals(value)) {
                  return IncludeTokenType.INCLUDE_TOKEN_NEVER;
              } else if (INCLUDE_ONCE.equals(value)) {
                  return IncludeTokenType.INCLUDE_TOKEN_ONCE;
              }
              return StringUtils.isEmpty(value) ? IncludeTokenType.INCLUDE_TOKEN_ALWAYS : null;
          }
      

      return result is NULL and next code from class org.apache.cxf.ws.security.policy.model.Token:

      public void setInclusion(IncludeTokenType inclusion) {
              if (IncludeTokenType.INCLUDE_TOKEN_ALWAYS == inclusion
                  || IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == inclusion
                  || IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR == inclusion
                  || IncludeTokenType.INCLUDE_TOKEN_NEVER == inclusion 
                  || IncludeTokenType.INCLUDE_TOKEN_ONCE == inclusion) {
                  this.inclusion = inclusion;
              } else {
                  // TODO replace this with a proper (WSSPolicyException) exception
                  throw new RuntimeException("Incorrect inclusion value: " + inclusion);
              }
          }
      

      throws of RuntimeException...

      Please help me solve this problem!

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              Guhbers Kirill Sokolov
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: