Fatal编程技术网
  • java/
  • Java 错误:未强制实施用户名令牌创建策略

Java 错误:未强制实施用户名令牌创建策略

java web-services security

Java 错误:未强制实施用户名令牌创建策略,java,web-services,security,cxf,cxf-client,Java,Web Services,Security,Cxf,Cxf Client,我正在从事基于CXF的服务和客户。 并使用wsdl中定义的策略文件在服务器端实现用户名密码安全。以下是配置: <wsp:Policy wsu:Id="policy.Security" xmlns:wsp="http://www.w3.org/ns/ws-policy"> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens> <wsp:Policy&

我正在从事基于CXF的服务和客户。 并使用wsdl中定义的策略文件在服务器端实现用户名密码安全。以下是配置:

<wsp:Policy wsu:Id="policy.Security" xmlns:wsp="http://www.w3.org/ns/ws-policy">
  <wsp:ExactlyOne>
    <wsp:All>
        <sp:SupportingTokens>
            <wsp:Policy>
                <sp:UsernameToken
                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"
                    wsp:Optional="false" wsp:Ignorable="false">
                    <wsp:Policy>
                        <sp:WssUsernameToken10 />
                        <sp13:Created />
                        <sp13:Nonce />
                    </wsp:Policy>
                </sp:UsernameToken>
            </wsp:Policy>
        </sp:SupportingTokens>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

<jaxws:client
    xmlns:tns="http://ws.soa.com/service/offer/XYZ/"
    name="XYZPort" address="${xyz.endPoint}"
    serviceClass="com.soa.ws.service.offer.XYZ.XYZPortType"
    wsdlLocation="${xyz.wsdlLocation}" serviceName="tns:xyzService" >
    <jaxws:properties>
        <entry key="ws-security.username" value="${xyz.auth.username}" />
        <entry key="ws-security.callback-handler" value-ref="xyzPasswordCallback" />
    </jaxws:properties>
    <jaxws:inInterceptors>
    <ref bean="logInBound" />
    </jaxws:inInterceptors>
    <jaxws:outInterceptors>
    <ref bean="logOutBound" />      
    </jaxws:outInterceptors>
</jaxws:client>
客户端配置:

<wsp:Policy wsu:Id="policy.Security" xmlns:wsp="http://www.w3.org/ns/ws-policy">
  <wsp:ExactlyOne>
    <wsp:All>
        <sp:SupportingTokens>
            <wsp:Policy>
                <sp:UsernameToken
                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"
                    wsp:Optional="false" wsp:Ignorable="false">
                    <wsp:Policy>
                        <sp:WssUsernameToken10 />
                        <sp13:Created />
                        <sp13:Nonce />
                    </wsp:Policy>
                </sp:UsernameToken>
            </wsp:Policy>
        </sp:SupportingTokens>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

<jaxws:client
    xmlns:tns="http://ws.soa.com/service/offer/XYZ/"
    name="XYZPort" address="${xyz.endPoint}"
    serviceClass="com.soa.ws.service.offer.XYZ.XYZPortType"
    wsdlLocation="${xyz.wsdlLocation}" serviceName="tns:xyzService" >
    <jaxws:properties>
        <entry key="ws-security.username" value="${xyz.auth.username}" />
        <entry key="ws-security.callback-handler" value-ref="xyzPasswordCallback" />
    </jaxws:properties>
    <jaxws:inInterceptors>
    <ref bean="logInBound" />
    </jaxws:inInterceptors>
    <jaxws:outInterceptors>
    <ref bean="logOutBound" />      
    </jaxws:outInterceptors>
</jaxws:client>
尝试访问服务时收到以下错误:

原因:javax.xml.ws.soap.SOAPFaultException:无法满足以下策略备选方案: {}UsernameToken:未强制执行创建的用户名令牌策略 位于org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)

有人能给出解决这个问题的方法吗?

您可能正在使用旧版本的CXF。这是固定在这里的:

您可能正在使用旧版本的CXF。这是固定在这里的:

看起来它需要在soap请求中创建wsse:created和wsse:Nonce。不确定如何填充它们。两者都是反重放攻击措施
wsu:Created
是一个请求时间戳,
wsse:Nonce
是一个resquest唯一id。文档中描述了它们的格式:看起来它需要soap请求中的wsse:Created和wsse:Nonce。不确定如何填充它们。两者都是反重放攻击措施
wsu:Created
是一个请求时间戳,
wsse:Nonce
是一个resquest唯一id。文档中描述了它们的格式: