Skip to main content

Metro 2.1.1 - FaultMessage leads to ERROR: Policy for the service could not be obtained

1 reply [Last post]
andreasnagel
Offline
Joined: 2008-12-09
Points: 0

I try to upgrade from Metro 2.0 to Metro 2.1.1 and have some problems:

If I send/receive normal Requests/Responses everything is fine, but if teh server repsonds with a fault message, the metro client cannot verify the policy.

This is the error with stacktrace:

02.09.2011 13:41:54 com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier verifyPolicy
SCHWERWIEGEND: Policy is null
02.09.2011 13:41:54 com.sun.xml.wss.jaxws.impl.SecurityClientTube processClientResponsePacket
SCHWERWIEGEND: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
com.sun.xml.wss.impl.PolicyViolationException: ERROR: Policy for the service could not be obtained
at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:134)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:983)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:232)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.verifyInboundMessage(SecurityTubeBase.java:450)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientResponsePacket(SecurityClientTube.java:434)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:651)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482)
at com.sun.xml.ws.client.Stub.process(Stub.java:323)
at com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:192)
at com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:218)
at com.sun.xml.ws.security.trust.impl.TrustPluginImpl.invokeRST(TrustPluginImpl.java:628)
at com.sun.xml.ws.security.trust.impl.TrustPluginImpl.process(TrustPluginImpl.java:174)
at com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.getIssuedTokenContext(STSIssuedTokenProviderImpl.java:144)
at com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.issue(STSIssuedTokenProviderImpl.java:74)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:83)
at xxx.client.idprovider.IssueSamlTokenAction.run(IssueSamlTokenAction.java:42)
at xxx.client.idprovider.IssueSamlTokenAction.run(IssueSamlTokenAction.java:17)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at xxx.client.SimpleClient.issueSAML20(SimpleClient.java:1254)
at xxx.client.SimpleClient.main(SimpleClient.java:170)
Exception in thread "main" javax.xml.ws.WebServiceException: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientResponsePacket(SecurityClientTube.java:439)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processResponse(SecurityClientTube.java:362)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:651)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482)
at com.sun.xml.ws.client.Stub.process(Stub.java:323)
at com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:192)
at com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:218)
at com.sun.xml.ws.security.trust.impl.TrustPluginImpl.invokeRST(TrustPluginImpl.java:628)
at com.sun.xml.ws.security.trust.impl.TrustPluginImpl.process(TrustPluginImpl.java:174)
at com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.getIssuedTokenContext(STSIssuedTokenProviderImpl.java:144)
at com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.issue(STSIssuedTokenProviderImpl.java:74)
at com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:83)
at xxx.client.idprovider.IssueSamlTokenAction.run(IssueSamlTokenAction.java:42)
at xxx.client.idprovider.IssueSamlTokenAction.run(IssueSamlTokenAction.java:17)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at xxx.client.SimpleClient.issueSAML20(SimpleClient.java:1254)
at xxx.client.SimpleClient.main(SimpleClient.java:170)
Caused by: javax.xml.ws.soap.SOAPFaultException: Invalid Security Header
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:696)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:714)
... 20 more
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header
at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:348)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:710)
... 20 more

In the new version of

com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage()

the lines 878 and 879 are commented out, which makes the difference.

These are the lines:

/*if(streamMsg.isFault())
  return streamMsg;*/<br type="_moz" />

The code following these lines verifies the security policies, which fails for a fault message. I understand that verifying the policies is neccessary, but it seems, that the verification is buggy. Or my Policies are ;-)

Any hints?


Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
adrianboimvaser
Offline
Joined: 2011-09-16
Points: 0

Have you find any solution around this? Thanks.