Unable to use secured components without using SSL in FSW 6

Solution Verified - Updated -

Issue

We hit an issue with FSW when using secured components without using SSL.

We have deployed the FSW Switchyard demo policy-security-basic-propagate but we’ve removed the CONFIDENTIALITY policy from the BackEndService and WorkServiceBeans. The beans still have the Client Authentication and Authorization policies attached, as per the following change:

@Requires(security = {CONFIDENTIALITY, CLIENT_AUTHENTICATION, AUTHORIZATION})

to

@Requires(security = {CLIENT_AUTHENTICATION, AUTHORIZATION })

Our rational behind this is that FSW would reside behind a SSL terminating firewall but the FSW services still required authentication.

When we run the demo without using SSL we get the following exception :

14:19:12,177 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/192.168.2.10:8080-1) Application {urn:switchyard-quickstart-demo:policy-security-basic-propagate:0.1.0}WorkService#{urn:switchyard-quickstart-demo:policy-security-basic-propagate:0.1.0}doWork has thrown exception, unwinding now: org.apache.cxf.interceptor.Fault: org.switchyard.HandlerException: SWITCHYARD014014: Required policies have not been provided:
at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.createFault(AbstractJAXWSMethodInvoker.java:213) [cxf-rt-frontend-jaxws-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSMethodInvoker.java:178) [cxf-rt-frontend-jaxws-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:66) [cxf-rt-frontend-jaxws-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:129) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [rt.jar:1.7.0_45]
at java.util.concurrent.FutureTask.run(FutureTask.java:262) [rt.jar:1.7.0_45]
at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:107) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:97) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.1.3.Final-redhat-1.jar:2.1.3.Final-redhat-1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
Caused by: org.switchyard.SwitchYardException: org.switchyard.HandlerException: SWITCHYARD014014: Required policies have not been provided:
at org.switchyard.component.soap.InboundHandler.invoke(InboundHandler.java:339) [switchyard-component-soap-1.1.1-p5-redhat-1.jar:1.1.1-p5-redhat-1]
at org.switchyard.component.soap.endpoint.BaseWebService.invoke(BaseWebService.java:112) [switchyard-component-soap-1.1.1-p5-redhat-1.jar:1.1.1-p5-redhat-1]
at org.switchyard.component.soap.endpoint.BaseWebService.invoke(BaseWebService.java:41) [switchyard-component-soap-1.1.1-p5-redhat-1.jar:1.1.1-p5-redhat-1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_45]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_45]
at org.jboss.ws.common.invocation.AbstractInvocationHandlerJSE.invoke(AbstractInvocationHandlerJSE.java:108)
at org.jboss.wsf.stack.cxf.JBossWSInvoker.performInvocation(JBossWSInvoker.java:149) [jbossws-cxf-server-4.1.4.Final-redhat-7.jar:4.1.4.Final-redhat-7]
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]
... 32 more
Caused by: org.switchyard.HandlerException: SWITCHYARD014014: Required policies have not been provided:
at org.switchyard.handlers.PolicyHandler.handleMessage(PolicyHandler.java:61) [switchyard-runtime-1.1.1-p5-redhat-1.jar:1.1.1-p5-redhat-1]
at org.switchyard.bus.camel.processors.HandlerProcessor.process(HandlerProcessor.java:62) [switchyard-bus-camel-1.1.1-p5-redhat-1.jar:1.1.1-p5-redhat-1]
at org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61) [camel-core-2.10.0.redhat-60024.jar:2.10.0.redhat-60024]

Environment

  • Red Hat JBoss Fuse Service Works (FSW)
    • 6.0.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content