Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/google-apps-script/6.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
如何在WSO2 ESB 4.9.0中启用传出WS-Security?_Wso2_Wso2esb_Esb_Ws Security - Fatal编程技术网
Fatal编程技术网
  • wso2/
  • 如何在WSO2 ESB 4.9.0中启用传出WS-Security?

如何在WSO2 ESB 4.9.0中启用传出WS-Security?

wso2

如何在WSO2 ESB 4.9.0中启用传出WS-Security?,wso2,wso2esb,esb,ws-security,Wso2,Wso2esb,Esb,Ws Security,我需要在WSO2 ESB(4.9.0)中创建一个代理,以将安全的后端Web服务公开为安全的Web服务中的Web服务,如下图所示: 我想使用“使用X.509身份验证进行签名和加密”WS-Security策略 这是我的代理“源代码视图”: 有什么线索吗 提前谢谢 上面的链接(WSO2 ESB的示例100)没有实现密码回调处理程序。您需要为您的签名和加密策略创建所需的密码回调处理程序。以下是如何创建PWCB的信息 问候 我已经查看了,使用传出WS-Security的示例实现了密码回调处理程序。我有点

我需要在WSO2 ESB(4.9.0)中创建一个代理,以将安全的后端Web服务公开为安全的Web服务中的Web服务,如下图所示:

我想使用“使用X.509身份验证进行签名和加密”WS-Security策略

这是我的代理“源代码视图”:

有什么线索吗

提前谢谢

上面的链接(WSO2 ESB的示例100)没有实现密码回调处理程序。您需要为您的签名和加密策略创建所需的密码回调处理程序。以下是如何创建PWCB的信息

问候

我已经查看了,使用传出WS-Security的示例实现了密码回调处理程序。我有点困惑。。。所以我被迫使用回调处理程序来处理传出的WS-S?为什么?我有一个完全相反的代理(一个取消请求安全性并将其发送到普通后端WS的代理),它使用相同的策略,并且没有密码回调处理程序。您可以发布soapui项目以进行测试吗???@JorgeInfanteOsorio不幸的是,我不允许上载soapui项目 
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="OutgoingSecurityProxy"
       transports="http,https"
       statistics="enable"
       trace="enable"
       startOnLoad="true">
   <target>
      <inSequence>
         <send>
            <endpoint>
               <address uri="http://mylocalIP:80/mock_serverTest">
                  <enableAddressing/>
                  <enableSec policy="SecurityPolicyOut"/>
               </address>
            </endpoint>
         </send>
      </inSequence>
      <outSequence>
         <header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                 name="wsse:Security"
                 action="remove"/>
         <send/>
      </outSequence>
   </target>
   <publishWSDL uri="http://mylocalIP:80/mock_serverTest?WSDL"/>
   <description/>
</proxy>

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SigEncr">
      <wsp:ExactlyOne>
         <wsp:All>
            <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
               <wsp:Policy>
                  <sp:InitiatorToken>
                     <wsp:Policy>
                        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                           <wsp:Policy>
                              <sp:RequireThumbprintReference/>
                              <sp:WssX509V3Token10/>
                           </wsp:Policy>
                        </sp:X509Token>
                     </wsp:Policy>
                  </sp:InitiatorToken>
                  <sp:RecipientToken>
                     <wsp:Policy>
                        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                           <wsp:Policy>
                              <sp:RequireThumbprintReference/>
                              <sp:WssX509V3Token10/>
                           </wsp:Policy>
                        </sp:X509Token>
                     </wsp:Policy>
                  </sp:RecipientToken>
                  <sp:AlgorithmSuite>
                     <wsp:Policy>
                        <sp:Basic256/>
                     </wsp:Policy>
                  </sp:AlgorithmSuite>
                  <sp:Layout>
                     <wsp:Policy>
                        <sp:Strict/>
                     </wsp:Policy>
                  </sp:Layout>
                  <sp:IncludeTimestamp/>
                  <sp:OnlySignEntireHeadersAndBody/>
               </wsp:Policy>
            </sp:AsymmetricBinding>
            <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
               <wsp:Policy>
                  <sp:MustSupportRefKeyIdentifier/>
                  <sp:MustSupportRefIssuerSerial/>
                  <sp:MustSupportRefThumbprint/>
                  <sp:MustSupportRefEncryptedKey/>
                  <sp:RequireSignatureConfirmation/>
               </wsp:Policy>
            </sp:Wss11>
            <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
               <wsp:Policy>
                  <sp:MustSupportRefKeyIdentifier/>
                  <sp:MustSupportRefIssuerSerial/>
               </wsp:Policy>
            </sp:Wss10>
            <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
               <sp:Body/>
            </sp:SignedParts>
            <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
               <sp:Body/>
            </sp:EncryptedParts>
         </wsp:All>
      </wsp:ExactlyOne>
      <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
         <rampart:user>service</rampart:user>
         <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
         <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
         <rampart:timestampTTL>300</rampart:timestampTTL>
         <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
         <rampart:timestampStrict>false</rampart:timestampStrict>
         <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore
        </rampart:tokenStoreClass>
         <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
         <rampart:encryptionCrypto>
            <rampart:crypto cryptoKey="org.wso2.carbon.security.crypto.privatestore" provider="org.wso2.carbon.security.util.ServerCrypto">
               <rampart:property name="org.wso2.carbon.security.crypto.alias">client</rampart:property>
               <rampart:property name="org.wso2.carbon.security.crypto.privatestore">mykeystore.jks</rampart:property>
               <rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property>
               <rampart:property name="org.wso2.carbon.security.crypto.truststores">mykeystore.jks</rampart:property>
               <rampart:property name="rampart.config.user">service</rampart:property>
            </rampart:crypto>
         </rampart:encryptionCrypto>
         <rampart:signatureCrypto>
            <rampart:crypto cryptoKey="org.wso2.carbon.security.crypto.privatestore" provider="org.wso2.carbon.security.util.ServerCrypto">
               <rampart:property name="org.wso2.carbon.security.crypto.alias">service</rampart:property>
               <rampart:property name="org.wso2.carbon.security.crypto.privatestore">mykeystore.jks</rampart:property>
               <rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property>
               <rampart:property name="org.wso2.carbon.security.crypto.truststores">mykeystore.jks</rampart:property>
               <rampart:property name="rampart.config.user">service</rampart:property>
            </rampart:crypto>
         </rampart:signatureCrypto>
      </rampart:RampartConfig>
   </wsp:Policy>

16:17:45,465 [-] [PassThroughMessageProcessor-1]  WARN TRACE_LOGGER Executing fault handler due to exception encountered
16:17:45,466 [-] [PassThroughMessageProcessor-1]  WARN TRACE_LOGGER ERROR_CODE : 0
16:17:45,466 [-] [PassThroughMessageProcessor-1]  WARN TRACE_LOGGER ERROR_MESSAGE : Unexpected error during sending message out
16:17:45,471 [-] [PassThroughMessageProcessor-1]  WARN TRACE_LOGGER ERROR_DETAIL : org.apache.synapse.SynapseException: Unexpected error during sending message out
    at org.apache.synapse.core.axis2.Axis2Sender.handleException(Axis2Sender.java:247)
    at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:91)
    at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:461)
    at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:372)
    at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:65)
    at org.apache.synapse.mediators.builtin.SendMediator.mediate(SendMediator.java:105)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:81)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:48)
    at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:149)
    at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:185)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
    at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:395)
    at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:142)
    at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.axis2.AxisFault: Password CallbackHandler not specified in rampart configuration policy or the CallbackHandler instance not available in the MessageContext
    at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:76)
    at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
    at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:426)
    at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:185)
    at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:167)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
    at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:542)
    at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:79)
    ... 15 more
Caused by: org.apache.rampart.RampartException: Password CallbackHandler not specified in rampart configuration policy or the CallbackHandler instance not available in the MessageContext
    at org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:312)
    at org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:265)
    at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:761)
    at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:457)
    at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:97)
    at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
    at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
    ... 24 more