[jira] [Updated] (CXF-5405) WS-RM with anonymous endpoint throwing security policy validation exception for SequenceAck

Wed, 20 Nov 2013 02:13:49 -0800 

     [ 
https://issues.apache.org/jira/browse/CXF-5405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Aki Yoshida updated CXF-5405:
-----------------------------

    Fix Version/s: 2.7.9
                   2.6.12

> WS-RM with anonymous endpoint throwing security policy validation exception 
> for SequenceAck
> -------------------------------------------------------------------------------------------
>
>                 Key: CXF-5405
>                 URL: https://issues.apache.org/jira/browse/CXF-5405
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.7.7
>            Reporter: Aki Yoshida
>            Assignee: Aki Yoshida
>             Fix For: 2.6.12, 2.7.9
>
>
> When WS-RM with an anonoymous endpoint is used in conjuction with a policy 
> based WS-Security configuration, the sequence acknoledgement response to the 
> client is rejected by the policy validator.
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The 
> received token does not match the token inclusion requirement
> org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not 
> be satisfied: 
> {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The 
> received token does not match the token inclusion requirement
>       at 
> org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)
>       at 
> org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
>       at 
> org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
>       at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
>       at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:835)
>       at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1606)
> The cause of this issue is in the RM processing to reset the requestor role, 
> whose value will subsequently be used by the policy validator to choose the 
> correct configuration value. The requestor role for the SequenceAck messages 
> should not be reset.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to