Java 安全Web服务异常：此服务需要<；wsse：安全性>；，哪个不见了

我在web服务消息传递方面有问题

1） Jboss 4.2.3GA

2） 是无状态EJB的Web服务类。它使用加密和注释，如下所示：

@Local
@Stateless
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@SOAPBinding(style = SOAPBinding.Style.RPC)
@WebService

3） Web服务驻留在模块1中

4） 客户端是MBean。它有以下注释：

@Service(name = "MyWebServiceClient")
@Local(MyWebServiceClient.class)
@Management(MyWebServiceClient.class)

5） MyWebServiceClient位于模块2

6） 模块_1具有META-INF目录，其中包含以下WS相关内容：

• jboss-wsse-server.xml
• server.keystore
• server.truststore

jboss wsse server.xml包含以下内容：

<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" 
                   xsi="http://www.w3.org/2001/XMLSchema-instance" 
                   schemaLocation="http://www.jboss.com/ws-security/config 
                   www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

<key-store-file>META-INF/server.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>

<trust-store-file>META-INF/server.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>

<key-passwords>
    <key-password alias="server" password="qwerty"/>
    <key-password alias="client" password="qwerty"/>
</key-passwords>

<config>
    <sign type="x509v3" alias="server"/>
    <encrypt type="x509v3" alias="client"/>
    <requires>
        <signature/>
        <encryption/>
    </requires>
</config>
</jboss-ws-security>

META-INF/server.keystore
qwerty
jks
META-INF/server.truststore
qwerty
jks

7） 模块_2的“META-INF”文件夹包含以下文件：

• jboss-wsse-client.xml
• standard-jaxws-client-config.xml
• 客户端密钥库
• client.truststore

jboss wsse client.xml包含以下内容：

<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://www.jboss.com/ws-security/config  
               http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

<key-store-file>META-INF/client.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>

<trust-store-file>META-INF/client.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>

<key-passwords>
    <key-password alias="server" password="qwerty"/>
    <key-password alias="client" password="qwerty"/>
</key-passwords>

<config>
    <sign type="x509v3" alias="client"/>
    <encrypt type="x509v3" alias="server"/>
    <requires>
        <signature/>
        <encryption/>
    </requires>
</config>
</jboss-ws-security>

<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:javaee="http://java.sun.com/xml/ns/javaee"
              xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">

<client-config>
    <config-name>Standard WSSecurity Client</config-name>
    <post-handler-chains>
        <javaee:handler-chain>
            <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>

            <javaee:handler>
                <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
                <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
                </javaee:handler-class>
            </javaee:handler>
        </javaee:handler-chain>
    </post-handler-chains>
</client-config>

</jaxws-config>

EAR:
...META-INF
...client.jar
......META-INF
.........standard-jaxws-client-config.xml
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................

META-INF/client.keystore
qwerty
jks
META-INF/client.truststore
qwerty
jks

标准jaxws客户端config.xml包含以下内容：

<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://www.jboss.com/ws-security/config  
               http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

<key-store-file>META-INF/client.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>

<trust-store-file>META-INF/client.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>

<key-passwords>
    <key-password alias="server" password="qwerty"/>
    <key-password alias="client" password="qwerty"/>
</key-passwords>

<config>
    <sign type="x509v3" alias="client"/>
    <encrypt type="x509v3" alias="server"/>
    <requires>
        <signature/>
        <encryption/>
    </requires>
</config>
</jboss-ws-security>

<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:javaee="http://java.sun.com/xml/ns/javaee"
              xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">

<client-config>
    <config-name>Standard WSSecurity Client</config-name>
    <post-handler-chains>
        <javaee:handler-chain>
            <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>

            <javaee:handler>
                <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
                <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
                </javaee:handler-class>
            </javaee:handler>
        </javaee:handler-chain>
    </post-handler-chains>
</client-config>

</jaxws-config>

EAR:
...META-INF
...client.jar
......META-INF
.........standard-jaxws-client-config.xml
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................

标准wsecurity客户端
##SOAP11_HTTP
WSSecurityHandlerOutbound
org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient

两个模块在构建过程之后合并到同一个jar中。所以META-INF包含所有这些xml和加密文件

问题是，当我尝试从客户端MBean发送消息时，web服务会生成异常：

org.jboss.ws.core.CommonSOAPFaultException:此服务需要，缺少该选项

据我所知，这意味着传入的soap消息不包含来自客户端的sing头。 在log4j中激活跟踪soap消息后，我看到来自客户端的以下消息体：

<S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'>
<S:Body>
    <ns2:addPoint xmlns:ns2='http://x.y.z.com/'>
        <deviceId>Device 1</deviceId>
        <color>GREEN</color>
    </ns2:addPoint>
</S:Body>
</S:Envelope>

设备1
绿色

但签名属性是在服务器和客户端xmls中指定的（请参见tat）。 所以我不明白为什么结果消息没有被签署

可能的问题是，所有配置文件都驻留在同一个META-INF中？ 这有关系吗

---

需要帮助。

我找到了加密不起作用的原因。 该项目的结构如下：

<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://www.jboss.com/ws-security/config  
               http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

<key-store-file>META-INF/client.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>

<trust-store-file>META-INF/client.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>

<key-passwords>
    <key-password alias="server" password="qwerty"/>
    <key-password alias="client" password="qwerty"/>
</key-passwords>

<config>
    <sign type="x509v3" alias="client"/>
    <encrypt type="x509v3" alias="server"/>
    <requires>
        <signature/>
        <encryption/>
    </requires>
</config>
</jboss-ws-security>

<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:javaee="http://java.sun.com/xml/ns/javaee"
              xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">

<client-config>
    <config-name>Standard WSSecurity Client</config-name>
    <post-handler-chains>
        <javaee:handler-chain>
            <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>

            <javaee:handler>
                <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
                <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
                </javaee:handler-class>
            </javaee:handler>
        </javaee:handler-chain>
    </post-handler-chains>
</client-config>

</jaxws-config>

EAR:
...META-INF
...client.jar
......META-INF
.........standard-jaxws-client-config.xml
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................

问题是客户端找不到standard-jaxws-client-config.xml。消息未加密

当我将此文件复制到EAR/META-INF时，加密成功，消息成功传输到服务器端并在服务器端解密

我认为这是因为JBoss在ear文件的类路径中搜索standard-jaxws-client-config.xml

我使用的新文件结构：

EAR:
...META-INF
......standard-jaxws-client-config.xml            <------- file placed here
...client.jar
......META-INF
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................

EAR:
…META-INF
……standard-jaxws-client-config.xml消息正文未加密-加密不起作用。很奇怪。我在jboss wsse-*.xml文件中发现了一个错误。xml标记的顺序错误。标签必须紧跟在这是xsd结构要求之后。我已经更改了顺序，但加密仍然不起作用。