7 Replies Latest reply on Apr 11, 2014 10:20 AM by babyboyft

    Policy not supported for UsernameTokenOverHTTPS error.

      Hi,

       

      I am new to JBossWS and have run into a problem with WS-Security.  I am after some pointers on how to get around the problem.  I am obviously doing something very wrong!  I have encountered this problem with JBoss 4.2.3.GA + jbossws-native-3.1.1.GA and JBoss 5.0.1.GA + jbossws-native-3.2.2.GA.

       

      When calling an endpoint I get the following error.

       

      org.jboss.ws.WSException: Policy not supported! #UsernameTokenOverHTTPS
          at org.jboss.ws.WSException.rethrow(WSException.java:60)
          at org.jboss.ws.extensions.policy.metadata.PolicyMetaDataBuilder.deployPolicyClientSide(PolicyMetaDataBuilder.java:316)
          at org.jboss.ws.extensions.policy.metadata.PolicyMetaDataBuilder.deployPolicy(PolicyMetaDataBuilder.java:274)
          at org.jboss.ws.extensions.policy.metadata.PolicyMetaDataBuilder.processPolicies(PolicyMetaDataBuilder.java:220)
          at org.jboss.ws.extensions.policy.metadata.PolicyMetaDataBuilder.processPolicyExtensions(PolicyMetaDataBuilder.java:203)
          at org.jboss.ws.metadata.builder.jaxws.JAXWSClientMetaDataBuilder.buildMetaData(JAXWSClientMetaDataBuilder.java:93)
          at org.jboss.ws.core.jaxws.spi.ServiceDelegateImpl.<init>(ServiceDelegateImpl.java:146)
          at org.jboss.ws.core.jaxws.spi.ServiceDelegateImpl.<init>(ServiceDelegateImpl.java:117)
          at org.jboss.ws.core.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:111)
          at org.jboss.ws.core.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)
          at javax.xml.ws.Service.<init>(Service.java:56)

      ...

      Caused by: org.jboss.ws.extensions.policy.deployer.exceptions.UnsupportedPolicy
          at org.jboss.ws.extensions.policy.deployer.PolicyDeployer.deployClientSide(PolicyDeployer.java:174)
          at org.jboss.ws.extensions.policy.metadata.PolicyMetaDataBuilder.deployPolicyClientSide(PolicyMetaDataBuilder.java:307)

       

      The wsdl fragment showing the security policy is below.

       

      <wsp:Policy wsu:Id="UsernameTokenOverHTTPS" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
          <wsp:ExactlyOne>
            <wsp:All>
              <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
      ...
                </wsp:Policy>
              </sp:TransportBinding>
              <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                  <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
                </wsp:Policy>
              </sp:SupportingTokens>
            </wsp:All>
          </wsp:ExactlyOne>
        </wsp:Policy>

       

      I noticed that org.jboss.ws.extensions.policy.deployer.PolicyDeployer does not support "http://schemas.xmlsoap.org/ws/2004/09/policy".  Is this the problem?  How to get support for UsernameTokenOverHTTPS?

       

      Thanks,

        Hugo

        • 1. Re: Policy not supported for UsernameTokenOverHTTPS error.

          Solved by specifying com.sun.xml.ws.spi.ProviderImpl in META_INF/services/javax.xml.ws.spi.Provider.

           

          See http://java.sun.com/javase/6/docs/api/javax/xml/ws/spi/Provider.html#Provider()

          • 2. Policy not supported for UsernameTokenOverHTTPS error.
            izgur

            What did you specify as  com.sun.xml.ws.spi.ProviderImpl ??

            • 3. Policy not supported for UsernameTokenOverHTTPS error.
              izgur

              I have the exact same problem using jboss5.1. I imported the host key well but know I get an error:

              org.jboss.ws.WSException: Policy not supported!

               

              But after the readings I thought I must some specify sth like this:

              <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"

                                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

                                 xsi:schemaLocation="http://www.jboss.com/ws-security/config

                                 http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

              (1) <key-store-file>WEB-INF/bob-sign_enc.jks</key-store-file>

                  <key-store-password>password</key-store-password>

                  <key-store-type>jks</key-store-type>

                  <trust-store-file>WEB-INF/wsse10.truststore</trust-store-file>

                  <trust-store-password>password</trust-store-password>

               

                  <config>

                   <timestamp ttl="300"/>

              (2)     <sign type="x509v3" alias="1" includeTimestamp="true"/>

              (3)     <encrypt type="x509v3"

                            alias="alice"

                            algorithm="aes-256"

                            keyWrapAlgorithm="rsa_oaep"

                            tokenReference="keyIdentifier" />

              (4)         <requires>

                          <signature/>

                            <encryption/>     

                          </requires>

                  </config>

              </jboss-ws-security>

               

              Could someone help ?

               


              • 4. Policy not supported for UsernameTokenOverHTTPS error.
                asoldano

                JBossWS-Native does not support WS-SecurityPolicy. Hence you can't expect it automatically consume and understand WS-Security Policy assertions. You need to move to JBossWS-CXF stack for that, or ignore the policies (make your client consume a modified wsdl without the policies) and configure ws-security as you want.

                 

                Setting the com.sun.xml.ws.spi.ProviderImpl provider is basically equivalent to directing your client on using the JAXWS RI (iow Metro); that's not necessarily evil, just be aware of that.

                • 5. Policy not supported for UsernameTokenOverHTTPS error.
                  izgur

                  You wrote:

                  or ignore the policies (make your client consume a modified wsdl without the policies) and configure ws-security as you want.

                   

                   

                  Could you explain ?

                   

                  ignore policies :   i did delete any policy tags from the wsdl... then i get :

                  08:54:05,917 ERROR[DispatchImpl] Cannot dispatch message
                  java.io.IOException: Could not transmit message
                          at org.jboss.ws.core.client.transport.NettyClient.invokeInternal(NettyClient.java:225)
                          atorg.jboss.ws.core.client.transport.NettyClient.invoke(NettyClient.java:119)
                          atorg.jboss.ws.core.client.HTTPRemotingConnection.invoke(HTTPRemotingConnection.java:150)
                          atorg.jboss.ws.core.client.SOAPProtocolConnectionHTTP.invoke(SOAPProtocolConnectionHTTP.java:69)
                          atorg.jboss.ws.core.jaxws.client.DispatchImpl.invokeInternalSOAP(DispatchImpl.java:247)...
                  Caused by: org.jboss.ws.WSException: Invalid HTTP server response [415] -Cannot process the message because the content type 'text/xml; charset=UTF-8'was not the expected type 'application/soap+xml; charset=utf-8'.

                   


                  • 6. Policy not supported for UsernameTokenOverHTTPS error.
                    asoldano

                    text/xml -> SOAP 1.1

                    application/soap+xml -> SOAP 1.2

                     

                    Perhaps you had a policy or something in the wsdl that required using SOAP 1.2. Properly specify the soap:binding in the modified wsdl and/or read the doc on soap 1.2 w/ jbossws.

                    • 7. Re: Policy not supported for UsernameTokenOverHTTPS error.
                      babyboyft

                      Hi Igor , i get the same error as you. Do you remember how was the solution ?