具有安全策略的WSO2代理安全web服务
再次向WSO2社区问好 我们是新手,我们正在努力理解和学习WSO2 ESB的诀窍。这是我们的第一个项目。 我们必须调用具有安全策略的web服务。 我们已经在该端点中定义了序列具有安全策略的WSO2代理安全web服务,wso2,esb,Wso2,Esb,再次向WSO2社区问好 我们是新手,我们正在努力理解和学习WSO2 ESB的诀窍。这是我们的第一个项目。 我们必须调用具有安全策略的web服务。 我们已经在该端点中定义了序列 <proxy name=........> <inSequence> <header name="Action" scope="default" value="urn:rc"/> <header name="wsse:Security"
<proxy name=........>
<inSequence>
<header name="Action" scope="default" value="urn:rc"/>
<header name="wsse:Security" scope="default" value="" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
<send>
<endpoint>
<address statistics="enable" trace="enable" uri="https://urlToEndPoint">
<enableSec policy="gov:policy/policy.xml"/>
</address>
</endpoint>
</send>
</inSequence>
<outSequence>
<send/>
</outSequence>
<faultSequence/>
</proxy>
这是我的安全政策
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10/>
<!-- sp:WssX509V3Token10/ -->
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
<!-- sp:WssX509V3Token10/ -->
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:ProtectTokens/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:user>XXXXXXXXXXXXXXXX</rampart:user>
<rampart:encryptionUser>XXXXXXXXXXXXXXXX</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:passwordCallbackClass>XX.XXXX.XX.XXXX.XXXXX.PWCBHandler</rampart:passwordCallbackClass>
<rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
<rampart:encryptionCrypto>
<rampart:crypto
cryptoKey="org.wso2.carbon.security.crypto.privatestore" provider="org.wso2.carbon.security.util.ServerCrypto">
<rampart:property name="org.wso2.carbon.security.crypto.alias">XXXXXXXXXXXXXXXX</rampart:property>
<rampart:property name="org.wso2.carbon.security.crypto.privatestore">XXXXXXXX.jks</rampart:property>
<rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property>
<rampart:property name="org.wso2.carbon.security.crypto.truststores">XXXXXXXX.jks</rampart:property>
<rampart:property name="rampart.config.user">XXXXXXXXXXXXXX</rampart:property>
</rampart:crypto>
</rampart:encryptionCrypto>
<rampart:signatureCrypto>
<rampart:crypto
cryptoKey="org.wso2.carbon.security.crypto.privatestore" provider="org.wso2.carbon.security.util.ServerCrypto">
<rampart:property name="org.wso2.carbon.security.crypto.alias">XXXXXXXXXXXXXXXX</rampart:property>
<rampart:property name="org.wso2.carbon.security.crypto.privatestore">XXXXXXXX.jks</rampart:property>
<rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property>
<rampart:property name="org.wso2.carbon.security.crypto.truststores">XXXXXXXX.jks</rampart:property>
<rampart:property name="rampart.config.user">XXXXXXXXXXXXXXXX</rampart:property>
</rampart:crypto>
</rampart:signatureCrypto>
</rampart:RampartConfig>
</wsp:Policy>
XXXXXXXXXXXXXX
XXXXXXXXXXXXXX
真的
300
300
假的
二十、 XXXX.XX.XXXX.XXXXX.PWCBHandler
org.wso2.carbon.security.util.SecurityTokenStore
300
XXXXXXXXXXXXXX
XXXXXXXX.jks
-1234
XXXXXXXX.jks
XXXXXXXXXXXXX
XXXXXXXXXXXXXX
XXXXXXXX.jks
-1234
XXXXXXXX.jks
XXXXXXXXXXXXXX
这就是终点
<proxy name="Proxy" startOnLoad="true" transports="http https" xmlns="http://ws.apache.org/ns/synapse">
<target>
<inSequence>
<header name="Action" scope="default" value="urn:operacion"/>
<header name="wsse:Security" scope="default" value="" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
<send>
<endpoint>
<address statistics="enable" trace="enable" uri="https://URLtoWebService">
<enableSec policy="gov:ws-policy/policy.xml"/>
</address>
</endpoint>
</send>
</inSequence>
<outSequence/>
<faultSequence/>
</target>
</proxy>
我们通过http/s连接发送这种soap消息
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://xx.xxx">
<soapenv:Header/>
<soapenv:Body>
<xx:operacion>
<!--Optional:-->
<ws:xml>
<mensaje id="002" date="2003-07-09-08-58-39">
<data>............</data>
</mensaje>
</xx:xml>
</xx:operacion>
</soapenv:Body>
</soapenv:Envelope>
............
有人知道这个错误的原因以及如何修复它吗
提前感谢。这与大多数情况下设置正确的标题有关。你能将你发送的信息添加到你的帖子中让人们看到吗?请分享你的安全策略和你发送到后端服务的完整请求我刚刚修改了这个问题。我添加了安全策略和代理端点定义。
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://xx.xxx">
<soapenv:Header/>
<soapenv:Body>
<xx:operacion>
<!--Optional:-->
<ws:xml>
<mensaje id="002" date="2003-07-09-08-58-39">
<data>............</data>
</mensaje>
</xx:xml>
</xx:operacion>
</soapenv:Body>
</soapenv:Envelope>