Java 尝试获取SAML2令牌时发生SOAPFaultException_Java_Soap_Saml 2.0_Opensaml

Java 尝试获取SAML2令牌时发生SOAPFaultException

java soap

Java 尝试获取SAML2令牌时发生SOAPFaultException,java,soap,saml-2.0,opensaml,Java,Soap,Saml 2.0,Opensaml,在尝试运行下面的代码以获取SAML令牌（取自VMWare示例以通过SSO服务器进行身份验证）时，我遇到了以下异常由于某些原因，不支持请求版本“”和命名空间“” 谢谢你的帮助 Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Request version 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' and namespace 'http:

在尝试运行下面的代码以获取SAML令牌（取自VMWare示例以通过SSO服务器进行身份验证）时，我遇到了以下异常

由于某些原因，不支持请求版本“”和命名空间“”

谢谢你的帮助

Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Request version 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' and namespace 'http://docs.oasis-open.org/ws-sx/ws-trust/200512' are not supported
    at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
    at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:125)
    at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
    at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
    at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
    at com.sun.proxy.$Proxy40.issue(Unknown Source)
    at com.vmware.sso.client.samples.AcquireBearerTokenByUserCredentialSample.getToken(AcquireBearerTokenByUserCredentialSample.java:178)
    at com.vmware.sso.client.samples.AcquireBearerTokenByUserCredentialSample.main(AcquireBearerTokenByUserCredentialSample.java:210)



package com.vmware.sso.client.samples;

import java.util.GregorianCalendar;
import java.util.Map;
import java.util.TimeZone;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.ws.BindingProvider;

import org.oasis_open.docs.ws_sx.ws_trust._200512.LifetimeType;
import org.oasis_open.docs.ws_sx.ws_trust._200512.RenewingType;
import org.oasis_open.docs.ws_sx.ws_trust._200512.RequestSecurityTokenType;
import org.oasis_open.docs.wss._2004._01.oasis_200401_wss_wssecurity_utility_1_0.AttributedDateTime;
import org.w3c.dom.Element;

import com.rsa.names._2009._12.product.riat.wsdl.STSService;
import com.rsa.names._2009._12.product.riat.wsdl.STSServicePortType;
import com.vmware.sso.client.soaphandlers.HeaderHandlerResolver;
import com.vmware.sso.client.soaphandlers.SamlTokenExtractionHandler;
import com.vmware.sso.client.soaphandlers.TimeStampHandler;
import com.vmware.sso.client.soaphandlers.UserCredentialHandler;
import com.vmware.sso.client.utils.Utils;

/**
 * This sample illustrates acquiring a bearer token from SSO server by passing
 * the username and password of the user
 * 
 * <pre>
 * <b>Usage:</b>
 * run.bat com.vmware.sso.client.samples.AcquireBearerTokenByUserCredentialSample [sso url] [username] [password]
 * </pre>
 * 
 * @author Ecosystem Engineering
 */
public class AcquireBearerTokenByUserCredentialSample {

    /**
     * @param args
     *            {@link String} array containing the following values in the
     *            below order: <li>SSO server url e.g. https://[Host Name or IP
     *            Address]:8444/ims/STSService</li> <li>username</li> <li>
     *            password</li>
     * @return {@link Element} representing the Token issued
     * @throws DatatypeConfigurationException
     */
    public static Element getToken(String[] args)
            throws DatatypeConfigurationException {

        /* Instantiating the STSService */
        STSService stsService = new STSService();

        /*
         * Instantiating the HeaderHandlerResolver. This is required to provide
         * the capability of modifying the SOAP headers and the SOAP message in
         * general for various requests via the different handlers. For
         * different kinds of requests to SSO server one needs to follow the
         * WS-Trust guidelines to provide the required SOAP message structure.
         */
        HeaderHandlerResolver headerResolver = new HeaderHandlerResolver();

        /*
         * For this specific case we need the following header elements wrapped
         * in the security tag.
         * 
         * 1. Timestamp containing the request's creation and expiry time
         * 
         * 2. UsernameToken containing the username/password
         */

        /* Adding the Timestamp via TimeStampHandler */
        headerResolver.addHandler(new TimeStampHandler());

        /* Adding the UsernameToken via UserCredentialHandler */
        UserCredentialHandler ucHandler = new UserCredentialHandler(args[1],
                args[2]);
        SamlTokenExtractionHandler sbHandler = new SamlTokenExtractionHandler();
        headerResolver.addHandler(ucHandler);
        headerResolver.addHandler(sbHandler);

        /*
         * Set the handlerResolver for the STSService to the
         * HeaderHandlerResolver created above
         */
        stsService.setHandlerResolver(headerResolver);

        /*
         * Retrieve the STSServicePort from the STSServicePortType object Note:
         * All the required handlerResolvers need to be set in the
         * STSServicePortType object before you retrieve the STSService instance
         */
        STSServicePortType stsPort = stsService.getSTSServicePort();

        /*
         * Construct the SOAP body for the request. RequestSecurityTokenType is
         * the parameter type that is passed to the "acquire" method. However,
         * based on what kind of token (bearer or holder-of-key type) and by
         * what means (aka username/password, certificate, or existing token) we
         * want to acquire the token, different elements need to be populated
         */
        RequestSecurityTokenType tokenType = new RequestSecurityTokenType();

        /*
         * For this request we need at least the following element in the
         * RequestSecurityTokenType set
         * 
         * 1. Lifetime - represented by LifetimeType which specifies the
         * lifetime for the token to be issued
         * 
         * 2. Tokentype - "urn:oasis:names:tc:SAML:2.0:assertion", which is the
         * class that models the requested token
         * 
         * 3. RequestType -
         * "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue", as we want
         * to get a token issued
         * 
         * 4. KeyType -
         * "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer",
         * representing the kind of key the token will have. There are two
         * options namely bearer and holder-of-key
         * 
         * 5. SignatureAlgorithm -
         * "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", representing the
         * algorithm used for generating signature
         * 
         * 6. Renewing - represented by the RenewingType which specifies whether
         * the token is renewable or not
         */
        LifetimeType lifetime = new LifetimeType();

        DatatypeFactory dtFactory = DatatypeFactory.newInstance();
        GregorianCalendar cal = new GregorianCalendar(
                TimeZone.getTimeZone("GMT"));
        XMLGregorianCalendar xmlCalendar = dtFactory
                .newXMLGregorianCalendar(cal);
        AttributedDateTime created = new AttributedDateTime();
        created.setValue(xmlCalendar.toXMLFormat());

        AttributedDateTime expires = new AttributedDateTime();
        xmlCalendar.add(dtFactory.newDuration(30 * 60 * 1000));
        expires.setValue(xmlCalendar.toXMLFormat());

        lifetime.setCreated(created);
        lifetime.setExpires(expires);

        tokenType.setTokenType("urn:oasis:names:tc:SAML:2.0:assertion");
        tokenType
                .setRequestType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue");
        tokenType.setLifetime(lifetime);
        tokenType
                .setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
        tokenType
                .setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");

        RenewingType renewing = new RenewingType();
        renewing.setAllow(Boolean.FALSE);
        renewing.setOK(Boolean.FALSE); // WS-Trust Profile: MUST be set to false
        tokenType.setRenewing(renewing);

        /* Set the endpoint address for the request */
        Map<String, Object> reqContext = ((BindingProvider) stsPort)
                .getRequestContext();
        reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, args[0]);

        /*
         * Invoke the "issue" method on the STSService object to acquire the
         * token from SSO Server
         */
        stsPort.issue(tokenType);

        // SamlTokenExtractionHandler will now contain the raw SAML token for
        // further consumption
        return sbHandler.getToken();
    }

    private static void printUsage() {
        System.out
                .println("run.bat com.vmware.sso.client.samples.AcquireBearerTokenByUserCredentialSample [sso url] [username] [password]");
    }

    public static void main(String[] args)
            throws DatatypeConfigurationException {
        if (args.length < 3) {
            printUsage();
            return;
        }
        HostnameVerifier hv = new HostnameVerifier() {
            @Override
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        };
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
        Utils.trustAllHttpsCertificates();
        System.out.println("Aquiring a bearer token by using user credentials");
        Utils.printToken(getToken(args));
    }
}

线程“main”javax.xml.ws.soap.SOAPFaultException中的异常：请求版本'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'和名称空间'http://docs.oasis-open.org/ws-sx/ws-trust/200512'不受支持位于com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException（SOAP11Fault.java:178）位于com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException（SOAPFaultBuilder.java:125）位于com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke（SyncMethodHandler.java:108）位于com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke（SyncMethodHandler.java:78）位于com.sun.xml.internal.ws.client.sei.SEIStub.invoke（SEIStub.java:135）位于com.sun.proxy.$Proxy40.issue（未知来源）位于com.vmware.sso.client.samples.AcquireBearTokenByUserCredentialSample.getToken（AcquireBearTokenByUserCredentialSample.java:178）位于com.vmware.sso.client.samples.AcquireBearTokenByUserCredentialSample.main（AcquireBearTokenByUserCredentialSample.java:210）包com.vmware.sso.client.samples；导入java.util.GregorianCalendar；导入java.util.Map；导入java.util.TimeZone；导入javax.net.ssl.HostnameVerifier；导入javax.net.ssl.HttpsURLConnection；导入javax.net.ssl.SSLSession；导入javax.xml.datatype.DatatypeConfigurationException；导入javax.xml.datatype.DatatypeFactory；导入javax.xml.datatype.XMLGregorianCalendar；导入javax.xml.ws.BindingProvider；导入org.oasis\u open.docs.ws\u sx.ws\u trust.\u 200512.LifetimeType；导入org.oasis\u open.docs.ws\u sx.ws\u trust.\u 200512.RenewingType；导入org.oasis_open.docs.ws_sx.ws_trust.\u 200512.RequestSecurityTokenType；导入org.oasis\u open.docs.wss.\u 2004.\u 01.oasis\u 200401\u wss\u wssecurity\u utility\u 1\u 0.AttributedDateTime；导入org.w3c.dom.Element；导入com.rsa.names._2009._12.product.riat.wsdl.STSService；导入com.rsa.names._2009._12.product.riat.wsdl.STSServicePortType；导入com.vmware.sso.client.soaphandlers.HeaderHandlerResolver；导入com.vmware.sso.client.soaphandlers.SamlTokenExtractionHandler；导入com.vmware.sso.client.soaphandlers.TimeStampHandler；导入com.vmware.sso.client.soaphandlers.UserCredentialHandler；导入com.vmware.sso.client.utils.utils； /** *此示例演示如何通过传递从SSO服务器获取承载令牌 *用户的用户名和密码 * * *用法： *run.bat com.vmware.sso.client.samples.AcquireBearerTokenByUserCredentialSample[sso url][用户名][密码] * * *@author生态系统工程 */ 公共类获取者TokenbyUserCredentialSample{ /** *@param args *{@link String}数组，在 *以下顺序：

SSO服务器url，例如https://[主机名或IP *地址]：8444/ims/STSService

用户名

*密码

*@return{@link Element}表示已颁发的令牌 *@引发DatatypeConfigurationException */ 公共静态元素getToken（字符串[]args）抛出DatatypeConfigurationException{ /*实例化STSService*/ STSService STSService=新的STSService（）； /* *正在实例化HeaderHandlerResolver。这是提供 *在中修改SOAP头和SOAP消息的功能 *通过不同的处理程序处理各种请求的常规。对于 *对SSO服务器的不同类型的请求需要遵循 *WS-Trust指南提供所需的SOAP消息结构。 */ HeaderHandlerResolver headerResolver=新的HeaderHandlerResolver（）； /* *对于这种特殊情况，我们需要包装以下标题元素 *在安全标签中。 * *1.包含请求的创建和到期时间的时间戳 * *2.包含用户名/密码的UsernameToken */ /*通过TimeStampHandler添加时间戳*/ addHandler（新的TimeStampHandler（））； /*通过UserCredentialHandler添加UsernameToken*/ UserCredentialHandler ucHandler=新的UserCredentialHandler（参数[1]， args[2]）； SamlTokenExtractionHandler sbHandler=新的SamlTokenExtractionHandler（）； headerResolver.addHandler（ucHandler）； headerResolver.addHandler（sbHandler）； /* *将STS服务的handlerResolver设置为 *上面创建的HeaderHandlerResolver */ stsService.setHandlerResolver（前端解决方案）； /* *从STSServicePortType对象检索STSServicePort注意： *所有需要的HandlerResolver都需要在 *检索STSService实例之前的STSServicePortType对象 */ STSServicePortType stsPort=stsService.getSTSServicePort（）； /* *为请求构造SOAP主体。RequestSecurityTokenType为 *传递给“acquire”方法的参数类型。但是， *基于什么类型的令牌（持有者或密钥类型的持有者）和 *我们的意思是什么（又名用户名/密码、证书或现有令牌） *要获取令牌，需要填充不同的元素 */ RequestSecurityTokenType tokenType=新的RequestSecurityTokenType（）； /* *对于这个请求，我们至少需要 *RequestSecurityTokenType集合 * *1.Lifetime-由LifetimeType表示，指定 *要颁发的令牌的生存期 * *2.托克

https://SSO-SERVER:7444/ims/STSService