Java 安全Web服务异常:此服务需要<;wsse:安全性>;,哪个不见了
我在web服务消息传递方面有问题 1) Jboss 4.2.3GA 2) 是无状态EJB的Web服务类。它使用加密和注释,如下所示:Java 安全Web服务异常:此服务需要<;wsse:安全性>;,哪个不见了,java,web-services,security,encryption,jboss,Java,Web Services,Security,Encryption,Jboss,我在web服务消息传递方面有问题 1) Jboss 4.2.3GA 2) 是无状态EJB的Web服务类。它使用加密和注释,如下所示: @Local @Stateless @EndpointConfig(configName = "Standard WSSecurity Endpoint") @SOAPBinding(style = SOAPBinding.Style.RPC) @WebService 3) Web服务驻留在模块1中 4) 客户端是MBean。它有以下注释: @Service(n
@Local
@Stateless
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@SOAPBinding(style = SOAPBinding.Style.RPC)
@WebService
3) Web服务驻留在模块1中
4) 客户端是MBean。它有以下注释:
@Service(name = "MyWebServiceClient")
@Local(MyWebServiceClient.class)
@Management(MyWebServiceClient.class)
5) MyWebServiceClient位于模块2
6) 模块_1具有META-INF目录,其中包含以下WS相关内容:
- jboss-wsse-server.xml
- server.keystore
- server.truststore
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xsi="http://www.w3.org/2001/XMLSchema-instance"
schemaLocation="http://www.jboss.com/ws-security/config
www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>META-INF/server.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>
<trust-store-file>META-INF/server.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>
<key-passwords>
<key-password alias="server" password="qwerty"/>
<key-password alias="client" password="qwerty"/>
</key-passwords>
<config>
<sign type="x509v3" alias="server"/>
<encrypt type="x509v3" alias="client"/>
<requires>
<signature/>
<encryption/>
</requires>
</config>
</jboss-ws-security>
META-INF/server.keystore
qwerty
jks
META-INF/server.truststore
qwerty
jks
7) 模块_2的“META-INF”文件夹包含以下文件:
- jboss-wsse-client.xml
- standard-jaxws-client-config.xml
- 客户端密钥库
- client.truststore
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>META-INF/client.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>
<trust-store-file>META-INF/client.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>
<key-passwords>
<key-password alias="server" password="qwerty"/>
<key-password alias="client" password="qwerty"/>
</key-passwords>
<config>
<sign type="x509v3" alias="client"/>
<encrypt type="x509v3" alias="server"/>
<requires>
<signature/>
<encryption/>
</requires>
</config>
</jboss-ws-security>
<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
<client-config>
<config-name>Standard WSSecurity Client</config-name>
<post-handler-chains>
<javaee:handler-chain>
<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
<javaee:handler>
<javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</post-handler-chains>
</client-config>
</jaxws-config>
EAR:
...META-INF
...client.jar
......META-INF
.........standard-jaxws-client-config.xml
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................
META-INF/client.keystore
qwerty
jks
META-INF/client.truststore
qwerty
jks
标准jaxws客户端config.xml包含以下内容:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>META-INF/client.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>
<trust-store-file>META-INF/client.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>
<key-passwords>
<key-password alias="server" password="qwerty"/>
<key-password alias="client" password="qwerty"/>
</key-passwords>
<config>
<sign type="x509v3" alias="client"/>
<encrypt type="x509v3" alias="server"/>
<requires>
<signature/>
<encryption/>
</requires>
</config>
</jboss-ws-security>
<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
<client-config>
<config-name>Standard WSSecurity Client</config-name>
<post-handler-chains>
<javaee:handler-chain>
<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
<javaee:handler>
<javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</post-handler-chains>
</client-config>
</jaxws-config>
EAR:
...META-INF
...client.jar
......META-INF
.........standard-jaxws-client-config.xml
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................
标准wsecurity客户端
##SOAP11_HTTP
WSSecurityHandlerOutbound
org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
两个模块在构建过程之后合并到同一个jar中。所以META-INF包含所有这些xml和加密文件
问题是,当我尝试从客户端MBean发送消息时,web服务会生成异常:
org.jboss.ws.core.CommonSOAPFaultException:此服务需要<S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'>
<S:Body>
<ns2:addPoint xmlns:ns2='http://x.y.z.com/'>
<deviceId>Device 1</deviceId>
<color>GREEN</color>
</ns2:addPoint>
</S:Body>
</S:Envelope>
设备1
绿色
但签名属性是在服务器和客户端xmls中指定的(请参见tat)。
所以我不明白为什么结果消息没有被签署
可能的问题是,所有配置文件都驻留在同一个META-INF中?
这有关系吗
需要帮助。我找到了加密不起作用的原因。 该项目的结构如下:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>META-INF/client.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>
<trust-store-file>META-INF/client.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>
<key-passwords>
<key-password alias="server" password="qwerty"/>
<key-password alias="client" password="qwerty"/>
</key-passwords>
<config>
<sign type="x509v3" alias="client"/>
<encrypt type="x509v3" alias="server"/>
<requires>
<signature/>
<encryption/>
</requires>
</config>
</jboss-ws-security>
<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
<client-config>
<config-name>Standard WSSecurity Client</config-name>
<post-handler-chains>
<javaee:handler-chain>
<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
<javaee:handler>
<javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</post-handler-chains>
</client-config>
</jaxws-config>
EAR:
...META-INF
...client.jar
......META-INF
.........standard-jaxws-client-config.xml
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................
问题是客户端找不到standard-jaxws-client-config.xml。消息未加密
当我将此文件复制到EAR/META-INF时,加密成功,消息成功传输到服务器端并在服务器端解密
我认为这是因为JBoss在ear文件的类路径中搜索standard-jaxws-client-config.xml
我使用的新文件结构:
EAR:
...META-INF
......standard-jaxws-client-config.xml <------- file placed here
...client.jar
......META-INF
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................
EAR:
…META-INF
……standard-jaxws-client-config.xml消息正文未加密-加密不起作用。很奇怪。我在jboss wsse-*.xml文件中发现了一个错误。xml标记的顺序错误。标签必须紧跟在这是xsd结构要求之后。我已经更改了顺序,但加密仍然不起作用。