Web服务-用户名令牌-根据安全策略验证消息时出错,错误代码:1000
[英]web services - username token - Error on verifying message against security policy Error code:1000
问题描述
我正在尝试调用在wsdl中配置了用户名令牌的Web服务:
<sp:SupportingTokens><wsp:Policy><sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword/>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
soap请求包含以下身份验证信息:
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
我收到以下错误:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>Error on verifying message against security policy Error code:1000</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
有人可以告诉我我在做什么错吗?
谢谢。
2 个解决方案
解决方案1
1 2012-10-08 05:52:42
致电Web服务时是否提供了用户名和密码? 似乎未提供或用户名/密码不正确。
解决方案2
1 2015-09-24 15:58:23
通过使用weblogic.jws.jaxws.ClientPolicyFeature和weblogic.wsee.security.unt.ClientUNTCredentialProvider从Weblogic中部署的servlet调用Webservice时,存在相同的问题,如下所示:
import weblogic.jws.jaxws.ClientPolicyFeature;
import weblogic.jws.jaxws.policy.InputStreamPolicySource;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
ClientPolicyFeature cpf = new ClientPolicyFeature();
InputStream inputStream = ChangeLogBean.class.getClassLoader().getResourceAsStream("usernametoken.xml");
cpf.setEffectivePolicy(new InputStreamPolicySource(new InputStream[]{inputStream}));
MyServiceWSPortImplService service = new MyServiceWSPortImplService(new URL(myEndpoint.getUrl()), new QName("http://myhost/myservice/V1", "MyServiceWSPortImplService"));
MyService port = service.getMyServicePort(new WebServiceFeature[]{cpf});
ArrayList credentialProviders = new ArrayList();
ClientUNTCredentialProvider untCredentialProvider = new ClientUNTCredentialProvider(myEndpoint.getUser().getBytes(), myEndpoint.getPassword().getBytes());
credentialProviders.add(untCredentialProvider);
Map context = ((BindingProvider)port).getRequestContext();
context.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credentialProviders);
但是,我们的应用程序使用的WebServices堆栈实际上是Apache CXF,它具有另一种指定策略的方式(通过使用org.apache.neethi.Policy ),如下所述:
因此,CXF堆栈基本上忽略了WSSecurityContext.CREDENTIAL_PROVIDER_LIST,而我们得到了错误:针对安全策略验证消息时出错:错误代码:1000
在这种情况下,正确的解决方案是使用CXF文档中描述的步骤:
- 从外部位置获取策略,并为当前消息构建策略。
- 使用Neethi库解析WS-Policy XML。
- 将结果Policy对象存储到PolicyConstants.POLICY_OVERRIDE消息内容属性中。
我只是在这里提到这一点,以防其他人将CXF与Weblogic混合使用时出错。 :)
JAVA - CXF WS-security “验证消息时遇到安全错误”
[英]JAVA - CXF WS-security “A security error was encountered when verifying the message”
CXF:javax.xml.ws.soap.SOAPFaultException:验证消息的安全性时出错
[英]CXF: javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the message
WS-Security策略和saml2令牌,带有自定义令牌的签名错误
[英]WS-Security policy and saml2 token, Error in signature with a custom token
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.