WS-SecureConversation & MTOM Policy cannot be satisfied

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

WS-SecureConversation & MTOM Policy cannot be satisfied

I want to implement a file transfer via Soap. I receive a wsdl and generate my classes via jaxb. I use Apache cxf 3.1.7 with Spring Boot to configure the cxf via java.

The policies (MTOM & WS-Conv.) references to all my methods from the endpoint. The client has to include in his request a security context token (SCT) to fulfil the policy(WS-Conv.). The server side authenticate the client with the SCT and according to the definition the SCT is not encrypting messages. (only to identify the client).
Furthermore, I do not cache the SCT, but I stored it in my database and want to compare it with a simple callback handler. Honestly, I don’t know if this works with a SCT and Apache CXF.

If I disable my WS-SecureConversation policy, my MTOM policy works, which I do not understand. Otherwise, if I enable all policies and send a request to the endpoint like the following one, I receive some errors.

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
       <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc">
<wsc:Identifier xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc">test:f33ba228-dfb6-45ff-ac3a-47ec391ccf7c</wsc:Identifier>
End Request

With the above request I receive the following error message:

These policy alternatives can not be satisfied:
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SecureConversationToken: No SecureConversation token found in message.
        at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)
        at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:102)
        at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

Does anybody know why I am getting these errors? Thx in advance.