I am a client to a SOAP service I do not control (implemented in .NET). The service provides a WSDL. I use Apache CXF to generate the java client from the WSDL (specifically, I am using the cxf-codegen-plugin for Maven, which uses wsdl2java under the hood).
However, when I instantiate the generated service class, the following warnings are logged:
Sep 04, 2014 5:18:00 PM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TransportBinding" was evaluated as "UNKNOWN".
Sep 04, 2014 5:18:00 PM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
However the client works correctly--I don't have any problem using the service. However, I am puzzled by these errors.
The error is about this security policy in the WSDL, which I think it says it cannot understand:
<wsp:Policy wsu:Id="soap11_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
However as far as I can tell this is a perfectly ordinary policy with nothing unusual about it. Surely it should be understood? How can I fix this warning?
For the record, here is how wsdl2java is being invoked (excerpt from pom.xml).
The -exsh true
arg and cxf-rt-bindings-soap
dependency are because the WSDL uses some implicit soap headers in its arguments, and I need this so they are included properly in the generated service class methods.
I added the cxf-rt-ws-security
and cxf-rt-ws-policy
dependencies to try and fix this warning, thinking that maybe the security and policy information were not included. However, this did not fix anything (didn't break anything either, though).
<plugin>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-codegen-plugin</artifactId>
<version>3.0.1</version>
<executions>
<execution>
<id>rh-soap-client-ssi</id>
<phase>generate-sources</phase>
<configuration>
<sourceRoot>${project.build.directory}/generated/cxf</sourceRoot>
<wsdlOptions>
<wsdlOption>
<wsdl>https://example.org/ssi?wsdl</wsdl>
<extraargs>
<extraarg>-verbose</extraarg>
<extraarg>-client</extraarg>
<extraarg>-mark-generated</extraarg>
<extraarg>-exsh</extraarg>
<extraarg>true</extraarg>
<extraarg>-autoNameResolution</extraarg>
</extraargs>
</wsdlOption>
</wsdlOptions>
</configuration>
<goals>
<goal>wsdl2java</goal>
</goals>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-bindings-soap</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-policy</artifactId>
<version>3.0.1</version>
</dependency>
</dependencies>
</plugin>