Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1191864

Summary: (6.0.x) WSS UsernameToken fails to propagate at SOAP reference binding with WSS Policy
Product: [JBoss] JBoss Fuse Service Works 6 Reporter: Tadayoshi Sato <tasato>
Component: SwitchYardAssignee: tcunning
Status: CLOSED UPSTREAM QA Contact: ppecka <ppecka>
Severity: high Docs Contact:
Priority: high    
Version: 6.0.0 GACC: gvarsami, oskutka, ppecka, rcernich, soa-p-jira, toigaras
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1191862 Environment:
Last Closed: 2025-02-10 03:44:03 UTC Type: Support Patch
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1191862    
Bug Blocks: 1183067    
Attachments:
Description Flags
Reproducer (camel-soap-proxy.zip) none

Description Tadayoshi Sato 2015-02-12 07:20:12 UTC 
Created attachment 990754 [details]
Reproducer (camel-soap-proxy.zip)

+++ This bug was initially created as a clone of Bug #1191862 +++

Description of problem:

Platform BZ for https://issues.jboss.org/browse/SWITCHYARD-2520

SOAPContextMapper's soapHeadersType attribute (SWITCHYARD-710) allows you to propagate WS-Security SOAP headers from a SOAP service binding to a SOAP reference binding:

  <contextMapper includes=".*" soapHeadersType="XML"/>

However, when the reference binding is defined with WSDL that has a WS-Security Policy portion like the following one:

  <binding name="ReverseServiceBinding" type="tns:ReverseService">
    <wsp:PolicyReference URI="#ReverseServicePolicy"/>
    ...
  </binding>
  <wsp:Policy wsu:Id="ReverseServicePolicy">
    <wsp:ExactlyOne>
      <wsp:All>
        <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
          <wsp:Policy>
            <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
              <wsp:Policy>
                <sp:WssUsernameToken10/>
              </wsp:Policy>
            </sp:UsernameToken>
          </wsp:Policy>
        </sp:SupportingTokens>
      </wsp:All>
    </wsp:ExactlyOne>
  </wsp:Policy>

the reference fails to send a SOAP request raising the following warning:

15:01:40,139 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/127.0.0.1:8080-1) Interceptor for {urn:switchyard-quickstart:camel-soap-proxy:1.0}ReverseService#{http://cxf.apache.org/jaxws/dispatch}Invoke has thrown exception, unwinding now: org.apache.cxf.ws.policy.PolicyException: No username available
	at org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor.policyNotAsserted(AbstractTokenInterceptor.java:229) [cxf-rt-ws-security-2.7.11.redhat-3.jar:2.7.11.redhat-3]
	at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addUsernameToken(UsernameTokenInterceptor.java:361) [cxf-rt-ws-security-2.7.11.redhat-3.jar:2.7.11.redhat-3]
	at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addToken(UsernameTokenInterceptor.java:307) [cxf-rt-ws-security-2.7.11.redhat-3.jar:2.7.11.redhat-3]
	at org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor.handleMessage(AbstractTokenInterceptor.java:95) [cxf-rt-ws-security-2.7.11.redhat-3.jar:2.7.11.redhat-3]
	at org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor.handleMessage(AbstractTokenInterceptor.java:61) [cxf-rt-ws-security-2.7.11.redhat-3.jar:2.7.11.redhat-3]


Version-Release number of selected component (if applicable):
N/A


How reproducible:
Always


Steps to Reproduce:
1. Deploy the attached quickstart (reproducer)
2. Run `mvn exec:java`


Actual results:
Get the above warning and the process fails.


Expected results:
The process should complete successfully.


Additional info:
N/A
Comment 2 Tadayoshi Sato 2015-04-07 07:11:14 UTC 
At SWITCHYARD-2520, I've agreed that this issue can be resolved based on SY 2.0 cxf.xml support for SOAP reference binding. The flip side of this is that we require the cxf.xml support to fix the issue, but it shouldn't be so easy nor necessary to backport the cxf.xml support into FSW 6.0.

At least we have a workaround (though unpleasant) for the issue in FSW 6.0, so I will close this BZ for FSW 6.0.
Comment 3 Tadayoshi Sato 2015-04-08 03:29:51 UTC 
In fact, if SWITCHYARD-2049 [1] is backported to FSW 6.0, this issue can be resolved by just creating a custom CXF out interceptor as proposed in [1].

[1] https://issues.jboss.org/browse/SWITCHYARD-2049
Comment 4 JBoss JIRA Server 2015-04-10 04:32:01 UTC 
Tadayoshi Sato <tadayosi> updated the status of jira SWITCHYARD-2520 to Resolved
Comment 5 tcunning 2015-04-14 19:56:20 UTC 
Processed pull requests from SWITCHYARD-2654.
Comment 6 Tadayoshi Sato 2015-06-16 02:48:26 UTC 
Hi Tom and Magesh,

Please check if SWITCHYARD-2503 has been also backported along with SWITCHYARD-2049.
https://issues.jboss.org/browse/SWITCHYARD-2503

Thank you.
Comment 10 Red Hat Bugzilla 2025-02-10 03:44:03 UTC 
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.