JAVA-CXF WS-security“验证消息时遇到安全错误” [英] JAVA - CXF WS-security "A security error was encountered when verifying the message"
问题描述
对于这个问题,很抱歉,我完全被阻止了。
我正在尝试在 CXF 框架之上实现Web服务服务器。 Jax-ws 对处理Web服务非常有帮助,它很容易实现。
但是,当您想要引入安全性时会遇到问题。
Sorry for this question, it can appear recurrent by I'm completely blocked. I'm trying to implement a Web Service Server on top of CXF framework. Jax-ws is very helpful to handle a web service, it's easy to implement it. But, the problem come when you want to introduce security.
要实现安全性,请执行以下源代码:
To handle security in implement the following source code :
EndpointImpl jaxWsEndpoint = (EndpointImpl) Endpoint.publish(endPointAddress, httpWebService);
inProps.put("action", "UsernameToken Timestamp");
inProps.put("passwordType", "PasswordText");
inProps.put("passwordCallbackClass", "com.company.webService.PasswordListener");
jaxWsEndpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps));
我将以下 SOAP 请求推送到此Web服务:
I push to this Web Service the following SOAP request :
...
<soapenv:Header>
<wsse:Security soapenv:mustunderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Usernametoken wsu:id="UsernameToken-27777511" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>admin</wsse:Username>
<wsse:Password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass</wsse:Password>
</wsse:Usernametoken>
</wsse:Security>
</soapenv:Header>
...
CXF 框架收到我的请求试试处理安全部分并抛出以下异常:
The CXF framework received my request try to handle the security part and throw me the following exception:
Jun 08, 2016 10:48:24 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor checkActions
WARNING: Security processing failed (actions mismatch)
Jun 08, 2016 10:48:24 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://httpAbstractHandlerImplementation.webService.company.co /}HttpWebServiceService has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:218)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:316)
如果有人知道我在哪里做错了。
If somebody have an idea where i have done an error.
谢谢
推荐答案
你有 inProps.put(action,UsernameToken Timestamp);
但安全标头中没有时间戳。从您的操作中删除时间戳或添加匹配的安全标头。
You have inProps.put("action", "UsernameToken Timestamp");
but no Timestamp in your security header. Either remove "Timestamp" from your actions or add the matching security header.
编辑
消息非常明确安全处理失败(操作不匹配)所以查看您的请求会发现另一个错误:它应该是 wsse:UsernameToken
而不是 wsse :Usernametoken
截至官方规格。
EDIT
The message is quite clear "Security processing failed (actions mismatch)" So looking at your request reveals another mistake: It should be wsse:UsernameToken
instead of wsse:Usernametoken
as of the official spec.
这篇关于JAVA-CXF WS-security“验证消息时遇到安全错误”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!