安全 Web 服务异常:此服务需要<wsse:security> ,这是缺失的</wsse:security>
[英]Secured Web Service Exception: This service requires <wsse:Security>, which is missing
问题描述
I have a problem with web service messaging.
我对 web 服务消息传递有疑问。
1) Jboss 4.2.3GA 1) Jboss 4.2.3GA
2) Web Service class that is Stateless EJB. 2) Web 服务 class 是无状态 EJB。 It uses encryption and annotated like this:它使用加密并像这样注释:
@Local
@Stateless
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@SOAPBinding(style = SOAPBinding.Style.RPC)
@WebService
3) Web Service resides in Module_1 3) Web 服务驻留在Module_1
4) Client is MBean. 4)客户端是MBean。 It has following annotations:它有以下注释:
@Service(name = "MyWebServiceClient")
@Local(MyWebServiceClient.class)
@Management(MyWebServiceClient.class)
5) MyWebServiceClient resides in Module_2 5) MyWebServiceClient位于Module_2
6) Module_1 has META-INF directory with following WS related content: 6) Module_1具有 META-INF 目录,其中包含以下 WS 相关内容:
- jboss-wsse-server.xml jboss-wsse-server.xml
- server.keystore服务器.keystore
- server.truststore server.truststore
jboss-wsse-server.xml has following content: jboss-wsse-server.xml有以下内容:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xsi="http://www.w3.org/2001/XMLSchema-instance"
schemaLocation="http://www.jboss.com/ws-security/config
www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>META-INF/server.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>
<trust-store-file>META-INF/server.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>
<key-passwords>
<key-password alias="server" password="qwerty"/>
<key-password alias="client" password="qwerty"/>
</key-passwords>
<config>
<sign type="x509v3" alias="server"/>
<encrypt type="x509v3" alias="client"/>
<requires>
<signature/>
<encryption/>
</requires>
</config>
</jboss-ws-security>
7) Module_2 has its' META-INF folder with following files: 7) Module_2的 META-INF 文件夹包含以下文件:
- jboss-wsse-client.xml jboss-wsse-client.xml
- standard-jaxws-client-config.xml标准-jaxws-client-config.xml
- client.keystore客户端.keystore
- client.truststore客户端.truststore
jboss-wsse-client.xml contains following: jboss-wsse-client.xml包含以下内容:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>META-INF/client.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>
<trust-store-file>META-INF/client.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>
<key-passwords>
<key-password alias="server" password="qwerty"/>
<key-password alias="client" password="qwerty"/>
</key-passwords>
<config>
<sign type="x509v3" alias="client"/>
<encrypt type="x509v3" alias="server"/>
<requires>
<signature/>
<encryption/>
</requires>
</config>
</jboss-ws-security>
standard-jaxws-client-config.xml contains following: standard-jaxws-client-config.xml包含以下内容:
<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
<client-config>
<config-name>Standard WSSecurity Client</config-name>
<post-handler-chains>
<javaee:handler-chain>
<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
<javaee:handler>
<javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</post-handler-chains>
</client-config>
</jaxws-config>
Both modules merged after build process to the same jar.两个模块在构建过程后合并到相同的 jar。 So META-INF contains all this xml and encription files.所以 META-INF 包含所有这些 xml 和加密文件。
The problem is that when I try to send a message from Client MBean, web service generates exception:问题是当我尝试从客户端 MBean 发送消息时,web 服务会生成异常:
org.jboss.ws.core.CommonSOAPFaultException: This service requires < wsse:Security >, which is missing.
As I know it means that incoming soap-message doesn't contain sing header from client.据我所知,这意味着传入的肥皂消息不包含来自客户端的 sing header。 After activating tracing soap messaging in log4j I see following message body from client:在 log4j 中激活跟踪 soap 消息后,我看到来自客户端的以下消息正文:
<S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'>
<S:Body>
<ns2:addPoint xmlns:ns2='http://x.y.z.com/'>
<deviceId>Device 1</deviceId>
<color>GREEN</color>
</ns2:addPoint>
</S:Body>
</S:Envelope>
But sign properties are specified in server and client xmls (see tat ).但是在服务器和客户端 xmls 中指定了符号属性(请参阅 tat )。 So I can't understand why result message is not signed off.所以我不明白为什么结果消息没有被注销。
May be problem is that all configuration files reside in the same META-INF?可能的问题是所有配置文件都驻留在同一个 META-INF 中? Does it matter?有关系吗?
Need help.需要帮忙。
1 个解决方案
解决方案1
1 2011-06-23 12:03:56
I've found the reason why encryption did not work.我找到了加密不起作用的原因。 The structure of the project was as following:该项目的结构如下:
EAR:
...META-INF
...client.jar
......META-INF
.........standard-jaxws-client-config.xml
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................
The problem was that client can't find standard-jaxws-client-config.xml.问题是客户端找不到standard-jaxws-client-config.xml。 Message was not encrypted.消息未加密。
When I copied this file to EAR/META-INF the encryption was done successfully, message was successfully transmitted to and decrypted on the server side.当我将此文件复制到 EAR/META-INF 时,加密成功完成,消息成功传输到服务器端并在服务器端解密。
I think it's because JBoss searches standard-jaxws-client-config.xml in the class path of ear file.我认为这是因为 JBoss 在 ear 文件的 class 路径中搜索 standard-jaxws-client-config.xml。
New file structure I use:我使用的新文件结构:
EAR:
...META-INF
......standard-jaxws-client-config.xml <------- file placed here
...client.jar
......META-INF
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................
If server and client are deployed as single files (without ear packaging) then placing this file under client/META-INF works fine.如果服务器和客户端部署为单个文件(没有打包),那么将此文件放在 client/META-INF 下可以正常工作。
As I realised this problem depends on path resolution.我意识到这个问题取决于路径分辨率。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.