Fatal编程技术网
  • java/
  • Java 使用拦截器的CXF的ws-security

Java 使用拦截器的CXF的ws-security

java

Java 使用拦截器的CXF的ws-security,java,cxf,Java,Cxf,我试图学习CXF,并希望通过一个简单的hello world示例实现ws-security。 我采用自底向上的方法创建了一个正在运行的cxf服务,并使用soap ui进行了测试。我写了一个spring客户端,它也工作得很好 然后我尝试添加时间戳。我补充说 WSS4J和saaj拦截器位于服务器和clent spring bean配置文件中。我关注这个博客 我完全按照相同的步骤添加了时间戳操作。当我运行客户端时,我得到了这个 我得到这个例外 org.apache.ws.security.WSSec

我试图学习CXF,并希望通过一个简单的hello world示例实现ws-security。 我采用自底向上的方法创建了一个正在运行的cxf服务,并使用soap ui进行了测试。我写了一个spring客户端,它也工作得很好

然后我尝试添加时间戳。我补充说 WSS4J和saaj拦截器位于服务器和clent spring bean配置文件中。我关注这个博客

我完全按照相同的步骤添加了时间戳操作。当我运行客户端时,我得到了这个

我得到这个例外

org.apache.ws.security.WSSecurityException: An error was discovered processing the 
<wsse:Security> header

org.apache.ws.security.WSSecurityException:在处理
标题
我的wsdl没有任何关于安全性或我添加的拦截器的条目

SOAP请求与添加拦截器之前的请求相同。我发现请求中缺少标题。在这种情况下,如何在请求中添加标头

请检查下面的堆栈跟踪

ID: 4
Address: http://localhost:8080/HelloWorldWithSecurity/services/HelloWorldImplPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], Content-Length=[294], content-type=[text/xml;charset=UTF-8], host=[localhost:8080], SOAPAction=[""], user-agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.spring.demo/">
   <soapenv:Header/>
   <soapenv:Body>
      <ser:sayHi>
         <!--Optional:-->
         <arg0>Yamini</arg0>
      </ser:sayHi>
   </soapenv:Body>
</soapenv:Envelope>
--------------------------------------
Sep 21, 2012 10:53:51 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor checkActions
WARNING: Security processing failed (actions mismatch)
Sep 21, 2012 10:53:51 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING: 
org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:359)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:312)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:89)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)
Sep 21, 2012 10:53:51 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://service.spring.demo/}HelloWorldImplService has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the <wsse:Security> header
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:733)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:89)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:359)
    at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:312)
    ... 27 more
Sep 21, 2012 10:53:51 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Outbound Message
---------------------------
ID: 4
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode><faultstring>An error was discovered processing the &lt;wsse:Security> header</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
Sep 21, 2012 11:31:29 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Inbound Message
----------------------------
ID: 5
Address: http://localhost:8080/HelloWorldWithSecurity/services/HelloWorldImplPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], Content-Length=[610], content-type=[text/xml; charset=UTF-8], host=[localhost:8080], pragma=[no-cache], SOAPAction=[""], user-agent=[Apache CXF 2.4.9]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-1"><wsu:Created>2012-09-21T16:31:29.958Z</wsu:Created><wsu:Expires>2012-09-21T16:36:29.958Z</wsu:Expires></wsu:Timestamp></wsse:Security></soap:Header><soap:Body><ns2:sayHi xmlns:ns2="http://service.spring.demo/"><arg0>Yamini</arg0></ns2:sayHi></soap:Body></soap:Envelope>
--------------------------------------
sayHi called
Sep 21, 2012 11:31:29 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Outbound Message
---------------------------
ID: 5
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:sayHiResponse xmlns:ns2="http://service.spring.demo/"><return>Hello   Yamini</return></ns2:sayHiResponse></soap:Body></soap:Envelope>
--------------------------------------

ID:4
地址:http://localhost:8080/HelloWorldWithSecurity/services/HelloWorldImplPort
编码:UTF-8
Http方法:POST
内容类型:text/xml;字符集=UTF-8
标题:{accept encoding=[gzip,deflate],connection=[Keep Alive],Content Length=[294],Content type=[text/xml;charset=UTF-8],host=[localhost:8080],SOAPAction=[“”],user agent=[Apache-HttpClient/4.1.1(java 1.5)]
有效载荷:
亚米尼
--------------------------------------
2012年9月21日上午10:53:51 org.apache.cxf.ws.security.wss4j.wss4jin拦截器检查操作
警告:安全处理失败(操作不匹配)
2012年9月21日上午10:53:51 org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
警告:
org.apache.ws.security.WSSecurityException:处理标头时发现错误
位于org.apache.cxf.ws.security.wss4j.wss4jinterceptor.checkActions(wss4jinterceptor.java:359)
位于org.apache.cxf.ws.security.wss4j.wss4jinterceptor.handleMessage(wss4jinterceptor.java:312)
位于org.apache.cxf.ws.security.wss4j.wss4jinterceptor.handleMessage(wss4jinterceptor.java:89)
位于org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
位于org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
位于org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
位于org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
位于org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
位于org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
位于org.apache.cxf.transport.servlet.AbstractHTTPServlet.HandlerRequest(AbstractHTTPServlet.java:185)
位于org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
位于javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
位于org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
位于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
位于org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
位于org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
位于org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
位于org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
位于org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
位于org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
位于org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
位于org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
位于org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
位于org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
位于org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
位于org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
位于java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
位于java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
运行(Thread.java:662)
2012年9月21日上午10:53:51 org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
警告:拦截器用于{http://service.spring.demo/}HelloWorldImplService已引发异常,正在解除
org.apache.cxf.binding.soap.SoapFault:处理标头时发现错误
位于org.apache.cxf.ws.security.wss4j.wss4jinterceptor.createSoapFault(wss4jinterceptor.java:733)
位于org.apache.cxf.ws.security.wss4j.wss4jinterceptor.handleMessage(wss4jinterceptor.java:333)
位于org.apache.cxf.ws.security.wss4j.wss4jinterceptor.handleMessage(wss4jinterceptor.java:89)
位于org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
位于org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
位于org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
位于org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
位于org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
位于org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
位于org.apache.cxf.transport.servlet.AbstractHTTPServlet.HandlerRequest(AbstractHTTPServlet.java:185)
位于org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
位于javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
在org.apache.cxf.transport上。

<soapenv:envelope ...
     <soapenv:header>
        <wsse:security soapenv:mustunderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <wsse:usernametoken wsu:id="UsernameToken-27777511" xmlns:wsu="http://Pdocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
          <wsse:username>admin</wsse:username>
          <wsse:password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass</wsse:password>
         </wsse:usernametoken>
        </wsse:security>
       </soapenv:header>

<soapenv:body>
--
   </soapenv:body>
</soapenv:envelope>



<soap:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
        <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security>
</soap:Header>