简体   繁体   English

在具有Web安全性的HTTPS上调用SOAP服务时获取异常

[英]getting exception while invoking a SOAP service on HTTPS with web security

Please help me in resolving this issue. 请帮助我解决此问题。

I'm writing a java SOAP client to hit a SOAP service of some third party that is working on HTPPS & accepts web-security in header. 我正在编写一个Java SOAP客户端来访问正在HTPPS上运行的某些第三方的SOAP服务,并接受标头中的Web安全。 The soap service called-operation in turn returns a class object. 肥皂服务称为-operation,然后返回一个类对象。 I have written a class, while invoking the service, I'm getting below exception. 我编写了一个类,在调用服务时遇到了异常。 I tried to get SOAP Envelop that is sent to the service & executed it with SOAP UI tool & got successful response. 我试图获取发送到服务的SOAP Envelop并使用SOAP UI工具执行它并获得成功的响应。 I'm a bit confused whats wrong as in , when I send SOAP envelop with my JAVA SOAP Client I get below exception while running same SOAP envelop with SOAP UI tool , I get successful response. 我有些困惑,因为当我使用JAVA SOAP客户端发送SOAP信封时,当我使用SOAP UI工具运行相同的SOAP信封时,出现以下异常,我得到了成功的响应。

Exception in thread "main" AxisFault 线程“主” AxisFault中的异常
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}MustUnderstand faultCode:{http://schemas.xmlsoap.org/soap/envelope/}必须了解
faultSubcode: faultString: Did not understand "MustUnderstand" header(s): faultSubcode:faultString: 无法理解“ MustUnderstand”标头:
faultActor: faultActor:
faultNode: faultNode:
faultDetail: faultDetail:
{http://xml.apache.org/axis/}stackTrace: {http://xml.apache.org/axis/}stackTrace:
at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:96) 在org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:96)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206) 在org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784) 在org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767) 在org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:1910) 在org.apache.axis.client.Call.invoke(Call.java:1910)
at fibonacci.testing.TestService.main(TestService.java:92) 在fibonacci.testing.TestService.main(TestService.java:92)

{http://xml.apache.org/axis/}hostname:localhost

Did not understand "MustUnderstand" header(s): 不了解“ MustUnderstand”标头:
at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:96) 在org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:96)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206) 在org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784) 在org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767) 在org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:1910) 在org.apache.axis.client.Call.invoke(Call.java:1910)
at fibonacci.testing.TestService.main(TestService.java:92) 在fibonacci.testing.TestService.main(TestService.java:92)

i faced this problem and i have solved it in my job... this type of message is set when there is no handler for security on you server.xsdd 我遇到了这个问题,我已经在工作中解决了它。当您的服务器上没有用于安全性的处理程序时,将设置此类型的消息。

in my case the xsdd implementation was built on axis 1.4, using java.rmi and javax.xml.rpc.Service 在我的情况下,xsdd实现是使用java.rmi和javax.xml.rpc.Service在轴1.4上构建的

if that is your case, you will have 2 xsdd one for the server (ns declaration of your service) and a deploy.xsdd for other settings of your call. 如果是这种情况,您将在服务器上使用2个xsdd(服务的ns声明),并在调用的其他设置中使用deploy.xsdd。

first i add to my ns:operation this references to oasis security, after that i added to my service a requestflow 首先,我将其添加到ns:operation中以引用绿洲安全性,之后我将其请求流添加至我的服务

it should be something like this 应该是这样的

 <ns1:service name="YOUR SERVICE"> <!-- wss_username_token_over_ssl --> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="passwordCallbackClass" value=" YOUR PASSWORD HANDLER JAVA PATH LOCATION"/> <parameter name="action" value="UsernameToken"/> </handler> </requestFlow> 
 <ns1:operation name="YOUR OPERATION NAME" 
 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
 .... other declarations ... />

depending of your security levels to create, in your passwordCallbackClassHandler, you must/or not validate the user and the password the handler should be something like this 根据要创建的安全级别,在passwordCallbackClassHandler中,您必须/或者不验证用户和处理程序的密码,该密码应类似于以下内容

public class PWCallback implements CallbackHandler { 公共类PWCallback实现CallbackHandler {

  private static final byte[] key = {
    (byte)0x31, (byte)0xfd, (byte)0xcb, (byte)0xda,
    (byte)0xfb, (byte)0xcd, (byte)0x6b, (byte)0xa8,
    (byte)0xe6, (byte)0x19, (byte)0xa7, (byte)0xbf,
    (byte)0x51, (byte)0xf7, (byte)0xc7, (byte)0x3e,
    (byte)0x80, (byte)0xae, (byte)0x98, (byte)0x51,
    (byte)0xc8, (byte)0x51, (byte)0x34, (byte)0x04,
  };

public void handle(Callback[] callbacks)
        throws IOException, UnsupportedCallbackException {
    System.out.println("DENTROOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO");
        for (int i = 0; i < callbacks.length; i++) {
          if (callbacks[i] instanceof WSPasswordCallback) {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
            /*
             * here call a function/method to lookup the password for
             * the given identifier (e.g. a user name or keystore alias)
             * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
             * for testing we supply a fixed name/fixed key here.
             */
            if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
              pc.setKey(key);
            }
            else {
              pc.setPassword("security");
            }
          } else {
            throw new UnsupportedCallbackException(
              callbacks[i], "Unrecognized Callback");
          }
        }
      }

} }

hope this helps you regards 希望这可以帮助您

You probably have checked the below link discussing the mustUnderstand error specifically in the context of Axis http://wso2.org/library/tutorials/understand-famous-did-not-understand-mustunderstand-header-s-error 您可能已经检查了下面的链接,特别是在Axis的上下文中讨论了mustUnderstand错误:http://wso2.org/library/tutorials/understand-famous-did-not-understand-mustunderstand-header-s-error

Have you confirmed the entire SOAP envelope from your code and the one used by SOAP is the same? 您是否已从代码中确认了整个SOAP信封,并且SOAP使用的信封是相同的? is mustUnderstand set to 1 in both the cases? 在两种情况下都必须将mustUnderstand设置为1吗?

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM