org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied
Solution 1
Finally solved this by adding WSS4JOutInterceptor. It seems that in JBoss this interceptor is added automatically...
Client client = ClientProxy.getClient(myService);
Endpoint endpoint = client.getEndpoint()
endpoint.getOutInterceptors().add(new WSS4JOutInterceptor())
Solution 2
Do you have the cxf-rt-ws-security jar on the classpath?
Colm.
Solution 3
My own two cents : in my own special scenario (JAX-WS, WS-Security, WS-SecurityPolicy), this error was occuring when doing client.getConduit(), like below:
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
The above code was running without throwing any exceptions (although I had other problems later), when using Apache CXF 2.7.18 - I started to have problems with assertion builder when upgrading to Apache CXF 3.0.16. Now cxt-rt-ws-security JAR WAS on the classpath, but it seems that WSS4J in this version of CXF was split into multiple JARs, therefore I had to include wss4j-policy JAR from the CXF downloaded bundle to the classpath.
The error remained the same, but at least a long string of WARNings from assertion builder disappeared (No assertion builder for type T registered), being replaced now by:
13:45:55,723 WARN WSSecurityPolicyLoader,main:112 - Could not load or register WS-SecurityPolicy related classes. Please check that (the correct version of) Apache WSS4J is on the classpath: org/apache/wss4j/dom/handler/WSHandler
13:45:55,753 WARN WSSecurityPolicyLoader,main:112 - Could not load or register WS-SecurityPolicy related classes. Please check that (the correct version of) Apache WSS4J is on the classpath: org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor
To make the story short, I received other warnings (I was finding the JARs by doing a blind grep inside the lib directory of the CXF bundle, and including them one by one),
and ended up including all wss4j-*.jar files
And the call to getConduit() now passes at least. Whew.
Solution 4
Answer given by Chetan works, however, if you are getting error for multiple policies you need to add them in a Set
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry reg = bus.getExtension(PolicyInterceptorProviderRegistry.class);
Set <QName> set = new HashSet<>();
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "IncludeTimestamp") );
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "TransportBinding"));
reg.register(new IgnorablePolicyInterceptorProvider(set));
Kamil Roman
Updated on June 05, 2022Comments
-
Kamil Roman almost 2 years
I would like to write a simple integration test with JUnit and Apache CXF to test some WS-Security-enabled services. While I try to run my code:
MyService myService = new myWsService(MY_SERVICE_WSDL).getMyWs() Client client = ClientProxy.getClient(myService); Map<String, Object> ctx = ((BindingProvider) myService).getRequestContext(); ctx.put("ws-security.callback-handler", new KeystorePasswordCallback()); ctx.put("ws-security.signature.crypto", new MyMerlinImpl());Where MyMerlinImpl simply passes required Merln.* property values in overridden
loadPropertiesmethod,I get:
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}WssX509V1Token11 registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireIssuerSerialReference registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256Sha256 registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InclusiveC14N registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Strict registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}OnlySignEntireHeadersAndBody registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11 registered. sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}MustSupportRefIssuerSerial registered. org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.What am I doing wrong? These seem to be rather standard policies... In fact, I use the same code on a JBoss EAP 6.1 WS client and it works well.