WSP0075: Policy assertion “TransportBinding” was evaluated as “UNKNOWN”. Why?

后端 未结 4 1765
佛祖请我去吃肉
佛祖请我去吃肉 2021-02-19 00:27

I am a client to a SOAP service I do not control (implemented in .NET). The service provides a WSDL. I use Apache CXF to generate the java client from the WSDL (specifically, I

4条回答
  •  不思量自难忘°
    2021-02-19 01:20

    I can reproduce this issue with the Express-1 label service:

    2014-09-10 22:15:29.601  WARN 6564 --- [           main] c.s.x.i.w.w.EffectiveAlternativeSelector : WSP0075: Policy assertion "{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TransportBinding" was evaluated as "UNKNOWN".                                              
    2014-09-10 22:15:29.602  WARN 6564 --- [           main] c.s.x.i.w.w.EffectiveAlternativeSelector : WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".                                                                                  
    

    I believe the problem is that the policy you inline above requires Basic256 message encryption, but the service's SSL encryption is weaker.

    For example, check out this WSDL:

    https://service.express1.com/Services/EwsLabelService.svc?wsdl

    At the very top you will see a policy identical to the one you give. But then if you look at the site's SSL cert, it is using AES_128_CBC, which is only 128-bit encryption.

    See http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf, sections 7.1, 8.1 and 8.3 for information about TransportBinding policies and algorithm suites. I believe that the warning is saying is that the policy requires 256-bit encryption, but because the service doesn't support it, the client is choosing a weaker encryption algorithm in its place.

    As this is a problem on the service side, probably the best way to fix it is to notify the party responsible for the service of the issue.

提交回复
热议问题