当我尝试使用Axis2和Rampart发布SOAP消息时,“请求中缺少wsse:Security标头”
[英]“Missing wsse:Security header in request” when I try posting a SOAP message with Axis2 and Rampart
问题描述
I feel like I've been looking at this issue forever. 
我觉得我一直在研究这个问题。
Background: I have to call a secured third party web service. 背景:我必须调用安全的第三方Web服务。 The body and a header block both need to be signed with a client certificate. 主体和标头块都需要使用客户端证书签名。 If I disable Rampart and use tcpmon and capture the outgoing envelope, I can configure SOAPUI to send the message (by configuring SOAPUI to use the cert to sign the important parts discussed earlier). 如果禁用Rampart并使用tcpmon并捕获传出的信封,则可以配置SOAPUI发送消息(通过配置SOAPUI以使用cert签名前面讨论的重要部分)。 That tells me the message isn't the issue. 这告诉我消息不是问题。
If I enable Rampart and capture the outgoing message, it looks correct (the two elements are signed, the security elements are all in place). 如果启用Rampart并捕获传出消息,则它看起来是正确的(两个元素都已签名,安全元素都在适当的位置)。
I get the following stack when I try calling the service with Rampart: 当我尝试使用Rampart调用服务时,得到以下堆栈:
org.apache.axis2.AxisFault: Missing wsse:Security header in request
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:254)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at org.apache.axis2.axis2userguide.RetrieveCurrentBidResults_v20090801ServiceStub.retrieveCurrentBidResults_v20090801(RetrieveCurrentBidResults_v20090801ServiceStub.java:225)
at org.transalta.weezer.soap.client.RetrieveCleanBidsClient.main(RetrieveCleanBidsClient.java:64)
and here is the policy.xml file I'm using: 这是我正在使用的policy.xml文件:
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="SigEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V1Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="CAISOWSHeader" Namespace="http://www.caiso.com/soa/2006-09-30/CAISOWSHeader.xsd" />
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
So what I want to know is what the heck is Rampart trying to tell me? 所以我想知道的是Rampart试图告诉我什么呢? I know the component it doesn't think is present IS there. 我知道那里不存在它认为不存在的组件。
3 个解决方案
解决方案1
0 2012-05-02 17:39:32
I solved this by modifying the rampart module to skip the 'security' phase and all phases after for the inflow. 我通过修改垒模块来跳过“安全”阶段以及之后的所有阶段来解决此问题。
private static void modifyRampartModule(ServiceClient serviceClient) {
AxisConfiguration axisConfig = serviceClient.getAxisConfiguration();
List<Phase> phases = axisConfig.getInFlowPhases();
List<Phase> newPhases = new ArrayList<Phase>();
for (Phase phase : phases) {
if (!phase.getName().equalsIgnoreCase("security"))
newPhases.add(phase);
if (phase.getName().equalsIgnoreCase("security"))
break;
}
axisConfig.setInPhasesUptoAndIncludingPostDispatch(newPhases);
}
解决方案2
0 2012-06-28 18:17:01
It is better if you have posted one of the captured request-response messages too. 最好也张贴捕获的请求-响应消息之一。 Since you are saying expected elements that are defined in the policy are singed, please check if the TimeStamp element is there in the request message. 由于您说的是在策略中定义的预期元素,因此请检查请求消息中是否存在TimeStamp元素。 If the timestamp is there, then it MUST be signed too, in that case this might be the reason for the failure. 如果时间戳存在,则也必须对其进行签名,在这种情况下,这可能是失败的原因。
解决方案3
0 2019-05-14 22:57:12
I applied the method "modifyRampartModule" of "Tambu", in my code, and it began to work fine. 我在代码中应用了“ Tambu”的方法“ modifyRampartModule”,它开始正常工作。 I had tried to do the same through configurations in the axis2.xml, but I should have done something wrong, because for me, didn't work. 我曾尝试通过axis2.xml中的配置执行相同的操作,但是我应该做错了,因为对我而言,它不起作用。
The point is that the header must travel in the request and also in the response... but if you have a "Solution Provider", maybe will remove the header from the response... and You will be facing this issue. 关键是,标头必须在请求中以及响应中都行进……但是,如果您有“解决方案提供者”,则可能会从响应中删除标头……而您将面临这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.