使用拦截器的CXF进行ws-security
[英]ws-security with CXF using interceptors
问题描述
I'm trying to learn CXF and want to implement ws security with a simple hello world example. 
我正在尝试学习CXF,并希望通过一个简单的hello world示例来实现ws安全。 I followed bottom up approach to create a cxf service which is runing and I tested with soap ui. 我遵循自下而上的方法来创建正在运行的cxf服务,并使用soap ui进行了测试。 I wrote a spring client and it is working fine too. 我写了一个春季客户,它也运行良好。
Then I tried to add the timestamp. 然后,我尝试添加时间戳。 I added the WSS4J and saaj interceptors in both server and clent spring bean config files. 我在服务器和clent spring bean配置文件中都添加了WSS4J和saaj拦截器。 I followed this blog. 我关注了这个博客。
cxf-spring-and-ws-security-putting-it cxf弹簧和ws安全投入
I exactly followed the same steps and I added timestamp action. 我完全遵循相同的步骤,并添加了时间戳记操作。 When I run the client I get this 当我运行客户端时,我得到了
I get this exception 我得到这个例外
org.apache.ws.security.WSSecurityException: An error was discovered processing the
<wsse:Security> header
My wsdl does not have any entries concerning the security or the interceptors I added. 我的wsdl没有与我添加的安全性或拦截器有关的任何条目。
The SOAP request is the same as the one before interceptors were added. SOAP请求与添加拦截器之前的请求相同。 I figured out that the header is missing from the request. 我发现请求中缺少标题。 How can I add header in the request in this scenario? 在这种情况下,如何在请求中添加标头?
Please check below for stack trace. 请检查下面的堆栈跟踪。
ID: 4
Address: http://localhost:8080/HelloWorldWithSecurity/services/HelloWorldImplPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], Content-Length=[294], content-type=[text/xml;charset=UTF-8], host=[localhost:8080], SOAPAction=[""], user-agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.spring.demo/">
<soapenv:Header/>
<soapenv:Body>
<ser:sayHi>
<!--Optional:-->
<arg0>Yamini</arg0>
</ser:sayHi>
</soapenv:Body>
</soapenv:Envelope>
--------------------------------------
Sep 21, 2012 10:53:51 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor checkActions
WARNING: Security processing failed (actions mismatch)
Sep 21, 2012 10:53:51 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:359)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:312)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:89)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Sep 21, 2012 10:53:51 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://service.spring.demo/}HelloWorldImplService has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:733)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:89)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:359)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:312)
... 27 more
Sep 21, 2012 10:53:51 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Outbound Message
---------------------------
ID: 4
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode><faultstring>An error was discovered processing the <wsse:Security> header</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
Sep 21, 2012 11:31:29 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Inbound Message
----------------------------
ID: 5
Address: http://localhost:8080/HelloWorldWithSecurity/services/HelloWorldImplPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], Content-Length=[610], content-type=[text/xml; charset=UTF-8], host=[localhost:8080], pragma=[no-cache], SOAPAction=[""], user-agent=[Apache CXF 2.4.9]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-1"><wsu:Created>2012-09-21T16:31:29.958Z</wsu:Created><wsu:Expires>2012-09-21T16:36:29.958Z</wsu:Expires></wsu:Timestamp></wsse:Security></soap:Header><soap:Body><ns2:sayHi xmlns:ns2="http://service.spring.demo/"><arg0>Yamini</arg0></ns2:sayHi></soap:Body></soap:Envelope>
--------------------------------------
sayHi called
Sep 21, 2012 11:31:29 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Outbound Message
---------------------------
ID: 5
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:sayHiResponse xmlns:ns2="http://service.spring.demo/"><return>Hello Yamini</return></ns2:sayHiResponse></soap:Body></soap:Envelope>
--------------------------------------
I do not see any security headers in the request. 我在请求中看不到任何安全标头。 So I'm getting the exception when the response is getting processed for them. 因此,在为他们处理响应时遇到了异常。 What I want to get an idea is how to add security headers in the case when the web service is developed in java first approach. 我想了解的是在以Java优先方法开发Web服务的情况下如何添加安全标头。
Thank you so much. 非常感谢。
2 个解决方案
解决方案1
4 2014-08-22 16:30:49
Your header should look like this... 您的标题应如下所示:
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
解决方案2
2 2013-06-07 03:59:38
You would need to add wsse:Security header in your SOAP request 您需要在SOAP请求中添加wsse:Security标头
<soapenv:envelope ...
<soapenv:header>
<wsse:security soapenv:mustunderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:usernametoken wsu:id="UsernameToken-27777511" xmlns:wsu="http://Pdocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:username>admin</wsse:username>
<wsse:password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass</wsse:password>
</wsse:usernametoken>
</wsse:security>
</soapenv:header>
<soapenv:body>
--
</soapenv:body>
</soapenv:envelope>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
CXF,WS-Security和Spring:UserToken - CXF, WS-Security and Spring : UserToken
cxf ws-security timestamp格式 - cxf ws-security timestamp format
CXF客户端+ WS-Security + MTOM =麻烦吗? - CXF Client + WS-Security + MTOM = Trouble?
使用Apache CXF的WS-Security UsernameToken - WS-Security UsernameToken with Apache CXF
Apache CXF和WS-Security - 密码回调 - Apache CXF and WS-Security - Password Callback
将WS-Security与JAX-WS一起使用 - Using WS-Security with JAX-WS
使用Apache CXF注释的UsernameToken WS-Security(WSS4J) - UsernameToken WS-Security with Apache CXF Annotations (WSS4J)
“未找到用于解密的证书”(Apache CXF,WS-Security) - “No certificates were found for decryption” (Apache CXF, WS-Security)
如何忽略CXF Web服务中的ws-security标头 - How to ignore the ws-security header in my CXF web service
使用Metro的Ws-Security标头 - Ws-Security headers using Metro
相关标签