如何忽略CXF Web服务中的ws-security标头
[英]How to ignore the ws-security header in my CXF web service
问题描述
我使用wsdl2java工具和独立的http服务器创建了CXF Web服务。 wsdl具有指定的ws-security。
我不想强制执行ws-security标头,因为我并不真正在乎它们,但是客户端将按以下方式发送ws-security标头。 请注意,没有密码,只有用户名。
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>USER</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
我有什么选择来处理呢?
更新:好的,我现在有了这个:
EndpointImpl impl = (EndpointImpl)Endpoint.publish(address, implementor);
impl.getInInterceptors().add(new LoggingInInterceptor());
impl.getOutInterceptors().add(new LoggingOutInterceptor());
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN_NO_PASSWORD);
inProps.put(WSHandlerConstants.USER, "USER");
impl.getOutInterceptors().add(new WSS4JInInterceptor(inProps));
客户端发送标头,如下所示:
<soapenv:Header>
<wsa:To>http://www.test.com/Namespace/testb</wsa:To>
<wsa:ReplyTo>
<wsa:Address>http://www.test.com/Namespace/testa</wsa:Address>
</wsa:ReplyTo>
<wsa:Action>http://www.test.com/test</wsa:Action>
<wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing"
>6158a795-46d5-4481-8467-da8ffda95664</wsa:MessageID>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>USER</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
wsdl中的策略是:
<wsp:Policy wsu:Id="RequestPolicy">
<wsp:PolicyReference URI="#RequestAddressingPolicy"/>
</wsp:Policy>
<wsp:Policy wsu:Id="ResponsePolicy">
<!--<wsp:PolicyReference URI="#ResponseAddressingPolicy"/>-->
</wsp:Policy>
<wsp:Policy wsu:Id="RequestAddressingPolicy">
<wsp:All>
<sp:RequiredElements>
<!-- wsa:MessageID -->
<sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'MessageID' and namespace-uri() =
'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
</sp:RequiredElements>
<sp:RequiredElements>
<!-- wsa:Action -->
<sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'Action' and namespace-uri() =
'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
</sp:RequiredElements>
</wsp:All>
</wsp:Policy>
<wsp:Policy wsu:Id="ResponseAddressingPolicy">
<wsp:All>
<sp:RequiredElements>
<!-- wsa:MessageID -->
<sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'MessageID' and namespace-uri() =
'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
</sp:RequiredElements>
<sp:RequiredElements>
<!-- wsa:Action -->
<sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'Action' and namespace-uri() =
'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
</sp:RequiredElements>
<sp:RequiredElements>
<!-- wsa:RelatesTo -->
<sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'RelatesTo' and namespace-uri() =
'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
</sp:RequiredElements>
</wsp:All>
</wsp:Policy>
但是我得到这个错误:
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.frontend.WSDLGetInterceptor@17e83562
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@577080e9
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@5100a0c1
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@322346e
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@14429e20
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor@14446563
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack@47663389
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.interceptor.DocLiteralInInterceptor@8b3f859
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor@7e7fcf24
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.interceptor.OneWayProcessorInterceptor@69e03797
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.WrapperClassInInterceptor@6a0aae79
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.SwAInInterceptor@7fdcf981
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.HolderInInterceptor@4caf756f
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyVerificationInInterceptor@624bc1dc
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyVerificationInInterceptor@624bc1dc
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.HolderInInterceptor@4caf756f
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.SwAInInterceptor@7fdcf981
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.WrapperClassInInterceptor@6a0aae79
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.interceptor.OneWayProcessorInterceptor@69e03797
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor@7e7fcf24
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.interceptor.DocLiteralInInterceptor@8b3f859
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack@47663389
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor@14446563
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@14429e20
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@322346e
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@5100a0c1
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@577080e9
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.frontend.WSDLGetInterceptor@17e83562
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.interceptor.StaxInInterceptor@795d674
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.transport.https.CertConstraintsInterceptor@629ec714
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.interceptor.AttachmentInInterceptor@1f9d24f7
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.interceptor.LoggingInInterceptor@28ae3880
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@23c405af
WARN [qtp1254651534-15 - /Identity/] (LogUtils.java:443) - Interceptor for CENSORED has thrown exception, unwinding now
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequiredElements
at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167)
at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)
at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1074)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1010)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:361)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:485)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:926)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:988)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:642)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Unknown Source)
1 个解决方案
解决方案1
0 2016-10-24 10:42:24
您可以在CXF中配置WSS4JInInterceptor以期望不包含密码的UsernameToken。 此处的配置: http : //cxf.apache.org/docs/ws-security.html-您需要指定的“操作”是“ UsernameTokenNoPassword”。
如何通过自签名证书(使用Java keytool创建)将WS-Security添加到SOAP Web服务中?
[英]How do you add WS-Security to a SOAP web service with self signed certificates (created with Java keytool)?
java - Apache CXF将签名证书作为BinarySecurityToken添加到WS-security头中
[英]java - Apache CXF add signing certificate as BinarySecurityToken into WS-security header
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
CXF,WS-Security和Spring:UserToken
cxf ws-security timestamp格式
使用拦截器的CXF进行ws-security
CXF客户端+ WS-Security + MTOM =麻烦吗?
使用Apache CXF的WS-Security UsernameToken
Apache CXF和WS-Security - 密码回调
使用C#客户端调用WS-Security Java Web服务
从Java调用.NET Web服务(WSE 2/3,WS-Security)
如何通过自签名证书(使用Java keytool创建)将WS-Security添加到SOAP Web服务中?
java - Apache CXF将签名证书作为BinarySecurityToken添加到WS-security头中
相关标签