Множественные алгоритмыSuite Политики WS-SecurityPolicy CXF

Question

При определении нескольких политик в AlgorithmSuite в WSDL я получаю исключение.

<sp:AlgorithmSuite> 
    <wsp:Policy> 
     <sp:Basic128Rsa15/> 
     <sp:Basic256Rsa15/> 
     <sp:TripleDesRsa15/> 
    </wsp:Policy> 
</sp:AlgorithmSuite> 

Исключение:

2016-05-04 12:49:52,393 WARNING [org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider] (default task-3) Failed to build the policy 'X509EndpointPolicy':Invalid Policy 
2016-05-04 12:49:52,398 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-3) Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@44076866 
2016-05-04 12:49:52,398 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default task-3) Invoking handleFault on interceptor org.jboss.wsf.stack.cxf.client.configuration.SecurityProviderConfig$Interceptor@cd2ca8f 
2016-05-04 12:49:52,399 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-3) Interceptor for {http://logius.nl/digipoort/wus/2.0/aanleverservice/1.2/}AanleverService_V1_2 has thrown exception, unwinding now: java.lang.IllegalArgumentException: Invalid Policy 
    at org.apache.wss4j.policy.model.AlgorithmSuite.parseNestedPolicy(AlgorithmSuite.java:494) 
    at org.apache.wss4j.policy.model.AlgorithmSuite.<init>(AlgorithmSuite.java:448) 
    at org.apache.cxf.ws.security.policy.custom.DefaultAlgorithmSuiteLoader$GCMAlgorithmSuite.<init>(DefaultAlgorithmSuiteLoader.java:118) 
    at org.apache.cxf.ws.security.policy.custom.DefaultAlgorithmSuiteLoader.getAlgorithmSuite(DefaultAlgorithmSuiteLoader.java:68) 
    at org.apache.cxf.ws.security.policy.custom.AlgorithmSuiteBuilder.build(AlgorithmSuiteBuilder.java:59) 
    at org.apache.cxf.ws.security.policy.custom.AlgorithmSuiteBuilder.build(AlgorithmSuiteBuilder.java:37) 
    at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138) 
    at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117) 
    at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224) 
    at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174) 
    at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:108) 
    at org.apache.wss4j.policy.builders.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:44) 
    at org.apache.wss4j.policy.builders.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:34) 
    at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138) 
    at org.apache.neethi.AssertionBuilderFactoryImpl.build(AssertionBuilderFactoryImpl.java:117) 
    at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:224) 
    at org.apache.neethi.PolicyBuilder.getAllOperator(PolicyBuilder.java:184) 
    at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:217) 
    at org.apache.neethi.PolicyBuilder.getExactlyOneOperator(PolicyBuilder.java:180) 
    at org.apache.neethi.PolicyBuilder.processOperationElement(PolicyBuilder.java:215) 
    at org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:174) 
    at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:124) 
    at org.apache.cxf.ws.policy.attachment.reference.LocalServiceModelReferenceResolver.resolveReference(LocalServiceModelReferenceResolver.java:53) 
    at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveLocal(Wsdl11AttachmentPolicyProvider.java:292) 
    at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.resolveReference(Wsdl11AttachmentPolicyProvider.java:272) 
    at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:220) 
    at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:168) 
    at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getElementPolicy(Wsdl11AttachmentPolicyProvider.java:161) 
    at org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvider.getEffectivePolicy(Wsdl11AttachmentPolicyProvider.java:98) 
    at org.apache.cxf.ws.policy.PolicyEngineImpl.getAggregatedEndpointPolicy(PolicyEngineImpl.java:451) 
    at org.apache.cxf.ws.policy.EndpointPolicyImpl.initializePolicy(EndpointPolicyImpl.java:152) 
    at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:140) 
    at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:584) 
    at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:313) 
    at org.apache.cxf.ws.policy.PolicyEngineImpl.getServerEndpointPolicy(PolicyEngineImpl.java:299) 
    at org.apache.cxf.ws.policy.PolicyInInterceptor.handle(PolicyInInterceptor.java:116) 
    at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44) 
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) 
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) 
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251) 
    at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:108) 
    at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134) 
    at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88) 
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293) 
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:217) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) 
    at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136) 
    at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) 
    at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) 
    at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) 
    at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) 
    at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) 
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 
    at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) 
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) 
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) 
    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) 
    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) 
    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) 
    at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) 
    at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) 
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 
    at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) 
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) 
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) 
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) 
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174) 
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) 
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
    at java.lang.Thread.run(Thread.java:745) 

Когда я определить один из политики он работает нормально.

<sp:AlgorithmSuite> 
    <wsp:Policy> 
     <sp:Basic256Rsa15/> 
    </wsp:Policy> 
</sp:AlgorithmSuite> 

Данный WSDL: http://pastebin.com/mmZdiwYL

ли обозначение политики в AlgorithmSuite действует?

В org.apache.wss4j.policy.model.AlgorithmSuite политики - это процесс. После успешной обработки первой политики исключение выдается в строке 494 во время процесса второй политики. Поскольку алгоритмSuiteType уже задан во время обработки первой политики, проверка, если algorithmSuiteType имеет значение null, не работает.

Я использую Wildfly 10.

Answer 1

кажется, что вам нужно поместить алгоритмы внутри <wsp:ExactlyOne> тегов. Это заставило его работать на меня:

<sp:AlgorithmSuite> 
    <wsp:Policy> 
    <wsp:ExactlyOne> 
     <sp:Basic256Rsa15 /> 
     <sp:TripleDesRsa15/> 
    </wsp:ExactlyOne> 
    </wsp:Policy> 
</sp:AlgorithmSuite>