[英]web services - username token - Error on verifying message against security policy Error code:1000
我正在尝试调用在wsdl中配置了用户名令牌的Web服务:
<sp:SupportingTokens><wsp:Policy><sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword/>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
soap请求包含以下身份验证信息:
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
我收到以下错误:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>Error on verifying message against security policy Error code:1000</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
有人可以告诉我我在做什么错吗?
谢谢。
致电Web服务时是否提供了用户名和密码? 似乎未提供或用户名/密码不正确。
通过使用weblogic.jws.jaxws.ClientPolicyFeature和weblogic.wsee.security.unt.ClientUNTCredentialProvider从Weblogic中部署的servlet调用Webservice时,存在相同的问题,如下所示:
import weblogic.jws.jaxws.ClientPolicyFeature;
import weblogic.jws.jaxws.policy.InputStreamPolicySource;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
ClientPolicyFeature cpf = new ClientPolicyFeature();
InputStream inputStream = ChangeLogBean.class.getClassLoader().getResourceAsStream("usernametoken.xml");
cpf.setEffectivePolicy(new InputStreamPolicySource(new InputStream[]{inputStream}));
MyServiceWSPortImplService service = new MyServiceWSPortImplService(new URL(myEndpoint.getUrl()), new QName("http://myhost/myservice/V1", "MyServiceWSPortImplService"));
MyService port = service.getMyServicePort(new WebServiceFeature[]{cpf});
ArrayList credentialProviders = new ArrayList();
ClientUNTCredentialProvider untCredentialProvider = new ClientUNTCredentialProvider(myEndpoint.getUser().getBytes(), myEndpoint.getPassword().getBytes());
credentialProviders.add(untCredentialProvider);
Map context = ((BindingProvider)port).getRequestContext();
context.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credentialProviders);
但是,我们的应用程序使用的WebServices堆栈实际上是Apache CXF,它具有另一种指定策略的方式(通过使用org.apache.neethi.Policy ),如下所述:
因此,CXF堆栈基本上忽略了WSSecurityContext.CREDENTIAL_PROVIDER_LIST,而我们得到了错误:针对安全策略验证消息时出错:错误代码:1000
在这种情况下,正确的解决方案是使用CXF文档中描述的步骤:
我只是在这里提到这一点,以防其他人将CXF与Weblogic混合使用时出错。 :)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.