I was using AIA server on my local box for some soa development work.
I created a JMS consumer service and deployed to the server.
When i tried to test the service it was getting failed every time with below error message.
java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:813) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:385) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:302) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:187) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:297) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at
To my surprise i have not added any security policies to my service but it was still getting failed with security error.
I checked the wsdl file for my service and found that the following code is automatically attached to my service
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" wsu:Id="aia_wss_saml_or_username_token_service_policy_OPT_ON">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:SamlToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssSamlV11Token10/>
</wsp:Policy>
</sp:SamlToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
<wsp:All>
<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Checked oracle documentation -http://docs.oracle.com/cd/E50268_01/doc.115/e40004/appd.htm
And i found that this policy gets attached automatically if one follows the AIA naming convention of ABCS standard.
In order to get rid of this issue you either use a non ABCS naming standard or you can remove the policy itself from the weblogic domain.
Log in to the em console
Expand WebLogic Domain and right click on your domain.
Navigate to Web Services--> Policies
It will list down all the policies attached to your domain
Select the policy and delete it
Now if you check in the wsdl file you can find that the policy is removed.
Try to test the code again and this time you will get the following error
java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: Client received SOAP Fault from server : PolicySet Invalid: WSM-06102 PolicyReference The policy reference URI "oracle/aia_wss_saml_or_username_token_service_policy_OPT_ON" is not valid. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:813) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:385) at oracle
This is because you need to restart your server once you have removed the policy.
Restart the server and this issue will be resolved.
The other option is create a new service without ABCS naming convention and the policies will not be attached to it automatically.
So as a work around you can go ahead with creation of a service without ABCS standard to get rid of this issue.
2 comments:
Great blog!! Solution helped
Great Blog!! Solution Helped
Post a Comment