Getting “Policy alternatives can not be satisfied” from cxf enpoint

Question

I created a web service with cxf and camel from wsdl. Below are my bean configs:

@Bean
open fun cxfServlet(): ServletRegistrationBean<CXFServlet> {
    val servlet = ServletRegistrationBean(CXFServlet(), "/ws/*")
    servlet.setLoadOnStartup(1)
    servlet.setName("cxfServlet")
    return servlet
}

@Bean
open fun cxf(): Bus {
    return BusFactory.newInstance().createBus()
}

@Bean("endpoint")
open fun endpoint(bus: Bus): CxfEndpoint {
    val endpoint = CxfEndpoint()
    endpoint.address = "/endpoint"
    endpoint.serviceClass = IWebService::class.java
    endpoint.wsdlURL = "wsdl/mywsdl.wsdl"
    endpoint.dataFormat = DataFormat.POJO
    endpoint.bindingId = SOAPBinding.SOAP11HTTP_BINDING
    endpoint.isLoggingFeatureEnabled = true
    endpoint.loggingSizeLimit = -1
    return endpoint
}

Also I configured ssl. I use springBoot and my properties file is:

server.port=8442
security.require-ssl=true
server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=123456
server.ssl.key-alias=testalias

Service's wsdl is available at the address:

https://localhost:8442/ws/endpoint?wsdl

It worked fine until the moment I used WSDl with block "Policy":

<wsp:Policy wsu:Id="id">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:TransportToken>
                        <wsp:Policy>
                            <sp:HttpsToken RequireClientCertificate="false"/>
                        </wsp:Policy>
                    </sp:TransportToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic256/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Strict/>
                        </wsp:Policy>
                    </sp:Layout>
                </wsp:Policy>
            </sp:TransportBinding>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

And now the app runs correct, but when I send message an exception appears:

org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TransportToken
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}HttpsToken
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AlgorithmSuite
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Basic256
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Layout
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Strict

But if I create server in soapUI it works fine.
I tried some advices about creating interceptors and other from stackoverflow but nothing changed. How can I solve the problem?

burki burki · Accepted Answer · 2019-10-01T08:40:27

Is your Webservice secured with SSL? The error complains that the declared security policy in the WSDL is not fulfilled.

Notice that the WSDL policy assertions do not set up the HTTPS transport between the requestor and provider! They ensure only that the declared mechanisms are in place when the web service with the defined policy is called.

And for SoapUI I don't really know but I assume that it ignores the policy.

Getting “Policy alternatives can not be satisfied” from cxf enpoint

2 Answers