带有SpringWS的WSS4J:(WSSecurityEngine:无效时间戳消息的安全语义已过期)
我基于Wss4jSecurityInterceptor的Spring实现开发了一个ws(soap) 配置如下: ... securementActions=Timestamp Signature Encrypt ... securementSignatureParts={Element}{...schemas.xmlsoap.org/soap/envelope/}Body;{Element}...www.w3.org/2005/08/addressing}To;{Element}{...www.w3.org/2005/08/addressing}Action;{Element}{...www.w3.org/2005/08/addressing}MessageID;{Element}{...www.w3.org/2005/08/addressing}RelatesTo;{Element}{...docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp ... securementActions=时间戳签名加密 ... securementSignatureParts={Element}{…schemas.xmlsoap.org/soap/envelope/}Body;{Element}…www.w3.org/2005/08/addressing}To;{Element}{……www.w3.org/2005/08/addressing}行动;{Element}{……www.w3.org/2005/08/addressing}MessageID;{Element}{……www.w3.org/2005/08/addressing}RelatesTo;{Element}{…docs.oasis open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}时间戳 当我从客户端调用ws时,当时钟设置为比服务器时钟晚2分钟(或更长)时,我得到以下消息: org.apache.ws.security.WSSecurityException:消息已过期 (WSSecurityEngine: 消息(已过期) 我使用SoapUI测试ws。 在我得到的响应中,无法在客户端对主体块进行解密 时钟同步时的响应 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> ... </SOAP-ENV:Header> <SOAP-ENV:Body wsu:Id="id-148" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Server</faultcode> <faultstring xml:lang="en">error label</faultstring> <detail> <submissionFault xmlns="xxxxxx"> <error xmlns="xxxxxxx"> <errorCode>error code here</errorCode> <errorDescription>error description here</errorDescription> <errorDetail>errro detail here</errorDetail> </error> </submissionFault> </detail> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope> <SOAP-ENV:Envelope xmlns:SOAP-ENV="..." xmlns:xenc="...#"> <SOAP-ENV:Header xmlns:wsa="..."> ... </SOAP-ENV:Header> <SOAP-ENV:Body wsu:Id="id-157" xmlns:wsu="..."> <xenc:EncryptedData Id="EncDataId-162" Type="..."> <xenc:EncryptionMethod Algorithm="...#aes256-cbc"/> <ds:KeyInfo xmlns:ds="...#"> <wsse:SecurityTokenReference xmlns:wsse="..."> <wsse:Reference URI="#EncKeyId-xxxxxxxxxxxxxhhhhhyyyy"/> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>PMam8TSjmX9gHDE7+/fekt575W+qWFC2xcMAXzAlTPfxoQ3ctBG9bUPUAsnMNQm41G9ya0EZaQtV zRL59IFW0wrowbJXhUHXvW0YPkAbIUSnnmWreQpHwy5oKA5DQWJ+nZTnyMdXq8ukxDPCP5ALlvGD wv685Fs14YmWupzXVBGufcu4XSGFI ... XhUkjHrOlrBL4PHiZ9imt nWLswfcay6friGSfkN2Z0U5oJ3XW034sVCONFBdZVNwia51nNmGTGwsMXJFxXLXCxv/lVP1p3tMq StoR11Otn8d/gcc06q+jBJDu5KXTgI5V6fHyW17jvV924AorYA44BiZ6ym5u4dti8fvCSFfj8shg /4DhGS16ATWFFfZ+QzTxaGEik1+d/+AbMc031wrO60hm7dIMasOegqD0BKUkEgkBbk0totU4TI55 C3BHPmv44QPGpoOSmkGAjYYzfbv9GE6HeaUBVXviJqaA1q0BiIIklINMmnry9KU53mi59swqBNKz pF6cNDjKFGDNeRW9JLGNJq8dsnqK8nn7zE/sE2PxFGwJ+3qk40TuE6mjhA==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </SOAP-ENV:Body> </SOAP-ENV:Envelope> ... SOAP-ENV:服务器 错误标签 这里有错误代码 此处有错误描述 这里有详细信息 两个时钟不同步时的响应 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> ... </SOAP-ENV:Header> <SOAP-ENV:Body wsu:Id="id-148" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Server</faultcode> <faultstring xml:lang="en">error label</faultstring> <detail> <submissionFault xmlns="xxxxxx"> <error xmlns="xxxxxxx"> <errorCode>error code here</errorCode> <errorDescription>error description here</errorDescription> <errorDetail>errro detail here</errorDetail> </error> </submissionFault> </detail> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope> <SOAP-ENV:Envelope xmlns:SOAP-ENV="..." xmlns:xenc="...#"> <SOAP-ENV:Header xmlns:wsa="..."> ... </SOAP-ENV:Header> <SOAP-ENV:Body wsu:Id="id-157" xmlns:wsu="..."> <xenc:EncryptedData Id="EncDataId-162" Type="..."> <xenc:EncryptionMethod Algorithm="...#aes256-cbc"/> <ds:KeyInfo xmlns:ds="...#"> <wsse:SecurityTokenReference xmlns:wsse="..."> <wsse:Reference URI="#EncKeyId-xxxxxxxxxxxxxhhhhhyyyy"/> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>PMam8TSjmX9gHDE7+/fekt575W+qWFC2xcMAXzAlTPfxoQ3ctBG9bUPUAsnMNQm41G9ya0EZaQtV zRL59IFW0wrowbJXhUHXvW0YPkAbIUSnnmWreQpHwy5oKA5DQWJ+nZTnyMdXq8ukxDPCP5ALlvGD wv685Fs14YmWupzXVBGufcu4XSGFI ... XhUkjHrOlrBL4PHiZ9imt nWLswfcay6friGSfkN2Z0U5oJ3XW034sVCONFBdZVNwia51nNmGTGwsMXJFxXLXCxv/lVP1p3tMq StoR11Otn8d/gcc06q+jBJDu5KXTgI5V6fHyW17jvV924AorYA44BiZ6ym5u4dti8fvCSFfj8shg /4DhGS16ATWFFfZ+QzTxaGEik1+d/+AbMc031wrO60hm7dIMasOegqD0BKUkEgkBbk0totU4TI55 C3BHPmv44QPGpoOSmkGAjYYzfbv9GE6HeaUBVXviJqaA1q0BiIIklINMmnry9KU53mi59swqBNKz pF6cNDjKFGDNeRW9JLGNJq8dsnqK8nn7zE/sE2PxFGwJ+3qk40TuE6mjhA==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </SOAP-ENV:Body> </SOAP-ENV:Envelope>带有SpringWS的WSS4J:(WSSecurityEngine:无效时间戳消息的安全语义已过期),spring,timestamp,ws-security,wss4j,Spring,Timestamp,Ws Security,Wss4j,我基于Wss4jSecurityInterceptor的Spring实现开发了一个ws(soap) 配置如下: ... securementActions=Timestamp Signature Encrypt ... securementSignatureParts={Element}{...schemas.xmlsoap.org/soap/envelope/}Body;{Element}...www.w3.org/2005/08/addressing}To;{Element}{...www.
这是预期的,您的服务器和客户端时钟应该同步,否则默认WSS4J时间戳将抛出异常
“org.apache.ws.security.WSSecurityException:消息已过期(WSSecurityEngine:Invalid timestamp消息的安全语义已过期)”可能tomcat(或您的web应用服务器)和/或其服务已关闭。请全部核对一下。我今天也遇到了同样的问题,我的tomcat服务已经关闭(我不知道为什么),然后我重新启动了服务,问题就永远消失了。它按预期工作,spring允许从客户端到服务器的请求最大延迟300秒。如果花费的时间超过此值,它将抛出“消息已过期”异常。它在Spring的Wss4jSecurityInterceptor文件中提供。因此,理想情况下,您的服务器与客户端之间的速度应在0到300秒之间。Hmmm…有趣的是,最大延迟为5分钟?这就像charm一样。出于开发目的,可以禁用时间戳约束吗?因为我尝试了
setTimestampStrict(false)