Servicemix ws-security policy

Hi I cannot seem to get ws-security policy to work within servicemix 4.2 at all. I've been able to deployed a web service with ws-security policy using CXF/Jaxws deployed on Tomcat but that doesn't translate well into the Osgi/JBI environment in Servicemix 4.2. I've been at this for weeks and its suppose to be cleaner and easier than using WSS4JInInterceptors but I just cannot seem to get past this error. Is there something I'm doing wrong?

Error response:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"&gt;
 <soap:Body>
  <soap:Fault>
     <faultcode>soap:Server</faultcode>
     <faultstring>These policy alternatives can not be satisfied: 
        {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken&lt;/faultstring&gt;
  </soap:Fault>
 </soap:Body>
</soap:Envelope>

My msg:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:typ="http://my.company.com/UserAccount/types"&gt;
   <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2.xsd"&gt;
     <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"&gt;
        <wsse:Username>joe</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"&gt;joespassword&lt;/wsse:Password&gt;
     </wsse:UsernameToken>
   </wsse:Security>
 </soapenv:Header>
 <soapenv:Body>
   ...
 </soapenv:Body>

Here's the policy in the wsdl:

<wsp:Policy wsu:Id="UserAccountBindingPolicy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"&gt;
  <wsp:ExactlyOne>
    <wsp:All>
      <wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2005/08/addressing" wsp:Optional="true" />
       <sp:SupportingToken>
        <wsp:Policy >
          <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"&gt;
          </sp:UsernameToken>
        </wsp:Policy>
       <sp:SupportingToken>
      </wsp:All>
   </wsp:ExactlyOne>
 </wsp:Policy>

beans.xml:

 <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"
    xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://servicemix.apache.org/cxfbc/1.0
http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf-bc/2010.01/servicemix-cxf-bc-2010.01.xsd"&gt;

<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
<import resource="classpath:META-INF/cxf/osgi/cxf-extension-osgi.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-policy.xml" />
    <import resource="classpath:META-INF/cxf/cxf-extension-ws-security.xml" />

    <cxfbc:consumer wsdl="classpath:wsdl/UserAccount.wsdl"
    targetService="UserAccountService" targetEndpoint="endpoint"
    useJBIWrapper="false" useSOAPEnvelope="false" properties="#properties">

    </cxfbc:consumer>

    <util:map id="properties">
        <entry value="com.company.my.useraccount.ServerPasswordCallback">
         <key>
           <util:constant static-field="org.apache.cxf.ws.security.SecurityConstants.CALLBACK_HANDLER" />
         </key>
       </entry>
   </util:map>
  <bean class="org.apache.servicemix.common.osgi.EndpointExporter" />

</beans>

ansaurus

tags:

views:

answers:

Servicemix ws-security policy

related questions