Table of Contents
How to fix – org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:
I encountered this error when trying to call a secure web service which had username password authentication along with Timestamp authentication.
Exception
I got following exception when I was calling secure web service
1 2 3 4 5 6 7 8 9 10 11 | Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is javax.xml.ws.soap.SOAPFaultException: These policy alternatives can not be satisfied: {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TransportBinding: Received Timestamp does not match the requirements {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}IncludeTimestamp] with root cause org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TransportBinding: Received Timestamp does not match the requirements {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}IncludeTimestamp at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179) ~[cxf-rt-ws-policy-3.1.10.jar:3.1.10] at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:102) ~[cxf-rt-ws-policy-3.1.10.jar:3.1.10] |
Following steps helped me fix this problem, hope it helps.
- Getting an instance of PolicyInterceptorProviderRegistry from CXF Bus
- Adding the QNames to IgnorablePolicyInterceptorProvider
- Registering the IgnorablePolicyInterceptorProvider to PolicyInterceptorProviderRegistry
Dependency Check
Make sure that you have relevant POM dependencies
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-frontend-jaxws</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-policy</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-tools-common</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-ws-security</artifactId> <version>${cxf.version}</version> </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-transports-http</artifactId> <version>${cxf.version}</version> </dependency> |
Code Changes
- Get instance of CXF Bus
- From the CXF Bus get the PolicyInterceptorProviderRegistry
- Create a set of QName and add all the failing policy alternatives to IgnorablePolicyInterceptorProvider, in my case it was IncludeTimestamp and TransportBinding so I am adding those 2 only
- Register them with PolicyInterceptorProviderRegistry
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | MyWebservice service = new MyWebService(); Port port = service.getPort(ENDPOINTPortType.class); org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(port); org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint(); Bus bus = client.getBus(); PolicyInterceptorProviderRegistry reg = bus.getExtension(PolicyInterceptorProviderRegistry.class); Set set = new HashSet<>(); set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "IncludeTimestamp") ); set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "TransportBinding")); reg.register(new IgnorablePolicyInterceptorProvider(set)); |