简体繁体 English

UsernameToken的SOAP wsdl规范

[英]Specification of SOAP wsdl for UsernameToken

原文 2015-12-30 14:29:40 3 1 java/ web-services/ soap/ wsdl/ cxf

I'm writing a client to connect to a SOAP webservice using a WSDL first approach. 我正在编写一个使用WSDL优先方法连接到SOAP Web服务的客户端。 For implementation I am using Apache CXF version 3.1.4 为了实现，我使用的是Apache CXF版本3.1.4

When testing I get the following exception: 测试时，出现以下异常：

12:35:15.492 [main] WARN oacwpawWsdl11AttachmentPolicyProvider - Failed to build the policy 'UsernameToken':sp:UsernameToken must have an inner wsp:Policy element Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: sp:UsernameToken must have an inner wsp:Policy element at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:160) at com.sun.proxy.$Proxy36.getPing(Unknown Source) ... Caused by: java.lang.IllegalArgumentException: sp:UsernameToken must have an inner wsp:Policy element at org.apache.wss4j.policy.builders.UsernameTokenBuilder.build(UsernameTokenBuilder.java:52) at org.apache.wss4j.policy.builders.UsernameTokenBuilder.build(UsernameTokenBuilder.java:34) at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)

The relevant part of the WSDL file looks like this: WSDL文件的相关部分如下所示：

<wsp:Policy wsu:Id="UsernameToken"> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>

The error message indicates that CXF expects a policy tag under UsernameToken. 错误消息表明CXF需要在UsernameToken下使用策略标记。 And indeed, while researching I came across a comment from CXF bug tracker : 确实，在研究过程中，我遇到了来自CXF Bug Tracker的评论：

Yes... Per spec, the <sp:UsernameToken> element MUST contain an internal wsp:Policy element. It should look like: <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssUsernameToken11 /> </wsp:Policy> </sp:UsernameToken>

But, the specification says : 但是，规范说：

/sp:UsernameToken/wsp:Policy This optional element identifies additional requirements for use of the sp:UsernameToken assertion.

Note: Optional. 注意：可选。

So which one is it? 那么是哪一个呢？ It seems that CXf requires a policy while the specification says it is optional. 似乎CXf需要一个策略，而规范说它是可选的。 Is there another specification I need to look at? 我还需要查看另一个规范吗？

1 个解决方案

Seems the question was fairly unnoticed here on SO, but in google leads someone here, I might as well post the solution. 似乎在SO上这个问题还没有引起人们的注意，但是在google带领下有人在这里，我不妨发布解决方案。

I posted the same question on the Apache CXF user mailing list and got a reply: 我在Apache CXF用户邮件列表中发布了相同的问题，并得到了答复：

It's a bug in WSS4J which I've just fixed: https://issues.apache.org/jira/browse/WSS-564 这是我刚刚修复的WSS4J中的错误： https ://issues.apache.org/jira/browse/WSS-564

WS-SecurityPolicy 1.2 + 1.3 require a policy Element, but 1.1 doesn't. WS-SecurityPolicy 1.2 + 1.3需要一个策略元素，而1.1则不需要。 Until the next WSS4J release, your best bet is just to have an empty policy Element. 在下一个WSS4J版本之前，最好的选择是保留一个空的Policy Element。