Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5405

WS-RM with anonymous endpoint throwing security policy validation exception for SequenceAck

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Unknown

      Description

      When WS-RM with an anonoymous endpoint is used in conjuction with a policy based WS-Security configuration, the sequence acknoledgement response to the client is rejected by the policy validator.

      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}

      X509Token: The received token does not match the token inclusion requirement
      org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:

      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}

      X509Token: The received token does not match the token inclusion requirement
      at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)
      at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
      at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
      at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:835)
      at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1606)

      The cause of this issue is in the RM processing to reset the requestor role, whose value will subsequently be used by the policy validator to choose the correct configuration value. The requestor role for the SequenceAck messages should not be reset.

        Attachments

          Activity

            People

            • Assignee:
              ay Akitoshi Yoshida
              Reporter:
              ay Akitoshi Yoshida
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: