WSP0075：将策略断言“ TransportBinding”传递给客户端。被评价为“未知”。为什么？ [英] WSP0075: Policy assertion "TransportBinding" was evaluated as "UNKNOWN". Why?

问题描述

我是不受控制的SOAP服务的客户端（在.NET中实现）。该服务提供了WSDL。我使用Apache CXF从WSDL生成Java客户端（具体来说，我在Maven中使用cxf-codegen-plugin，在后台使用wsdl2java）。

但是，当我实例化生成的服务类时，会记录以下警告：

  2014年9月4日5:18:00 PM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives 
警告：WSP0075：已评估策略断言 {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TransportBinding为未知。 
 2014年9月4日下午5:18:00 [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives 
警告：WSP0019：在客户端选择了适应性不佳的次优策略未知 。 
  

但是客户端可以正常工作-我使用该服务没有任何问题。但是，我对这些错误感到困惑。

该错误与WSDL中的此安全策略有关，我认为它表明它无法理解：

 < wsp：Policy wsu：Id = soap11_policy xmlns：wsu = http：//docs.oasis- open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd xmlns：wsp = http://schemas.xmlsoap.org/ws/2004/09/policy> 
< wsp：ExactlyOne> 
< wsp：All> 
< sp：TransportBinding xmlns：sp = http://schemas.xmlsoap.org/ws/2005/07/securitypolicy> 
< wsp：Policy> 
< sp：TransportToken> 
< wsp：Policy> 
< sp：HttpsToken RequireClientCertificate = false /> 
< / wsp：Policy> 
< / sp：TransportToken> 
< sp：AlgorithmSuite> 
< wsp：Policy> 
< sp：Basic256 /> 
< / wsp：Policy> 
< / sp：AlgorithmSuite> 
< sp：Layout> 
< wsp：Policy> 
< sp：严格/> 
< / wsp：Policy> 
< / sp：布局> 
< / wsp：Policy> 
< / sp：TransportBinding> 
< / wsp：All> 
< / wsp：ExactlyOne> 
< / wsp：Policy> 
  

但是据我所知，这是一项完全普通的政策，没有什么不寻常的地方。当然应该理解吗？我该如何解决此警告？

根据记录，这是wsdl2java的调用方式（摘自pom.xml）。

-exsh true arg和 cxf-rt-bindings-soap 依赖关系是因为WSDL在其参数中使用一些隐式的肥皂头，我需要这样做，以便它们正确地包含在生成的服务类方法中。

我添加了 cxf -rt-ws-security 和 cxf-rt-ws-policy 依赖项来尝试修复此警告，认为可能是安全性和策略信息不包括在内。但是，这并不能解决任何问题（虽然也没有破坏任何内容。）。

 < ; plugin> 
< groupId> org.apache.cxf< / groupId> 
< artifactId> cxf-codegen-plugin< / artifactId> 
< version> 3.0.1< / version> 
< executions> 
< execution> 
< id> rh-soap-client-ssi< / id> 
< phase> generate-sources< / phase> 
< configuration> 
< sourceRoot> $ {project.build.directory} / generation / cxf< / sourceRoot> 
< wsdlOptions> 
< wsdlOption> 
< wsdl> https：//example.org/ssi？wsdl< / wsdl> 
< extraargs> 
< extraarg> -verbose< / extraarg> 
< extraarg> -client< / extraarg> 
< extraarg>-标记生成的< / extraarg> 
< extraarg> -exsh< / extraarg> 
< extraarg> true< / extraarg> 
< extraarg> -autoNameResolution< / extraarg> 
< / extraargs> 
< / wsdlOption> 
< / wsdlOptions> 
< / configuration> 
< goals> 
< goal> wsdl2java< / goal> 
< / goals> 
< / execution> 
< / executions> 
< dependencies> 
< dependency> 
< groupId> org.apache.cxf< / groupId> 
< artifactId> cxf-rt-bindings-soap< / artifactId> 
< version> 3.0.1< / version> 
< / dependency> 
< dependency> 
< groupId> org.apache.cxf< / groupId> 
< artifactId> cxf-rt-ws-security< / artifactId> 
< version> 3.0.1< / version> 
< / dependency> 
< dependency> 
< groupId> org.apache.cxf< / groupId> 
< artifactId> cxf-rt-ws-policy< / artifactId> 
< version> 3.0.1< / version> 
< / dependency> 
< / dependencies> 
< / plugin> 
  

解决方案

通过猜测并查看Maven Central中的工件，我

事实证明，为了实际理解和评估wsdl中的策略，必须提供缺少的运行时依赖项。对我来说是 org.apache.cxf / cxf -rt-frontend-jaxws 。我在任何地方都找不到此文档。

一旦引入了这个依赖关系，我将不再得到它的支持。

实例化客户端对象时出现警告。 （而且，实例化需要更长的时间！）

但是，当我尝试使用该服务时，我得到了一个例外：

  javax.xml.ws.soap.SOAPFaultException：无法满足任何其他策略。 
在org.apache.cxf.jaxws.JaxWsClientProxy.invoke（JaxWsClientProxy.java:159）
 ... 
  

这很可能是因为Willie Wheeler的答案指出：该策略要求传输上使用256位加密，但是此服务的SSL使用128位加密。但是，使用带有 Base128 的wsdl不能解决此异常，因此我没有做进一步的研究。

使用此服务的每个人都有可能收到此警告或类似警告，并且如果实际检查了安全策略，则不可能使用此服务。我想我会忍受警告了。

I am a client to a SOAP service I do not control (implemented in .NET). The service provides a WSDL. I use Apache CXF to generate the java client from the WSDL (specifically, I am using the cxf-codegen-plugin for Maven, which uses wsdl2java under the hood).

However, when I instantiate the generated service class, the following warnings are logged:

Sep 04, 2014 5:18:00 PM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}TransportBinding" was evaluated as "UNKNOWN".
Sep 04, 2014 5:18:00 PM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".

However the client works correctly--I don't have any problem using the service. However, I am puzzled by these errors.

The error is about this security policy in the WSDL, which I think it says it cannot understand:

<wsp:Policy wsu:Id="soap11_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
  <wsp:ExactlyOne>
    <wsp:All>
      <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        <wsp:Policy>
          <sp:TransportToken>
            <wsp:Policy>
              <sp:HttpsToken RequireClientCertificate="false"/>
            </wsp:Policy>
          </sp:TransportToken>
          <sp:AlgorithmSuite>
            <wsp:Policy>
              <sp:Basic256/>
            </wsp:Policy>
          </sp:AlgorithmSuite>
          <sp:Layout>
            <wsp:Policy>
              <sp:Strict/>
            </wsp:Policy>
          </sp:Layout>
        </wsp:Policy>
      </sp:TransportBinding>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

However as far as I can tell this is a perfectly ordinary policy with nothing unusual about it. Surely it should be understood? How can I fix this warning?

For the record, here is how wsdl2java is being invoked (excerpt from pom.xml).

The -exsh true arg and cxf-rt-bindings-soap dependency are because the WSDL uses some implicit soap headers in its arguments, and I need this so they are included properly in the generated service class methods.

I added the cxf-rt-ws-security and cxf-rt-ws-policy dependencies to try and fix this warning, thinking that maybe the security and policy information were not included. However, this did not fix anything (didn't break anything either, though).

<plugin>
  <groupId>org.apache.cxf</groupId>
  <artifactId>cxf-codegen-plugin</artifactId>
  <version>3.0.1</version>
  <executions>
    <execution>
      <id>rh-soap-client-ssi</id>
      <phase>generate-sources</phase>
      <configuration>
        <sourceRoot>${project.build.directory}/generated/cxf</sourceRoot>
        <wsdlOptions>
          <wsdlOption>
            <wsdl>https://example.org/ssi?wsdl</wsdl>
            <extraargs>
              <extraarg>-verbose</extraarg>
              <extraarg>-client</extraarg>
              <extraarg>-mark-generated</extraarg>
              <extraarg>-exsh</extraarg>
              <extraarg>true</extraarg>
              <extraarg>-autoNameResolution</extraarg>
            </extraargs>
          </wsdlOption>
        </wsdlOptions>
      </configuration>
      <goals>
        <goal>wsdl2java</goal>
      </goals>
    </execution>
  </executions>
  <dependencies>
    <dependency>
      <groupId>org.apache.cxf</groupId>
      <artifactId>cxf-rt-bindings-soap</artifactId>
      <version>3.0.1</version>
    </dependency>
    <dependency>
      <groupId>org.apache.cxf</groupId>
      <artifactId>cxf-rt-ws-security</artifactId>
      <version>3.0.1</version>
    </dependency>
    <dependency>
      <groupId>org.apache.cxf</groupId>
      <artifactId>cxf-rt-ws-policy</artifactId>
      <version>3.0.1</version>
    </dependency>
  </dependencies>
</plugin>

解决方案

Through guesswork and looking at artifacts in maven central, I was able to hit upon a solution.

It turns out that in order to actually understand and evaluate the policy in this wsdl, a missing runtime dependency must be provided. For me it was org.apache.cxf/cxf-rt-frontend-jaxws. I could not find this documented anywhere. This pulls in a number of other cxf dependencies and I don't know if a more minimal set of them is ok.

Once I include this dependency, I no longer get a warning when I instantiate the client object. (Also, instantiation takes much longer!)

However, when I try to use the service I get an exception:

javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied.
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:159)
    ...

This is most likely for the reason that Willie Wheeler's answer pointed out: the policy requires 256 bit encryption on the transport, but this service's SSL is using 128 bit encryption. However, using a wsdl with Base128 instead does not resolve this exception and I did not investigate further.

So it's quite possible that everyone who uses this service probably gets this warning or something like it, and it's impossible to use this service if the security policy is actually checked. I guess I will be living with the warning instead.

这篇关于WSP0075：将策略断言“ TransportBinding”传递给客户端。被评价为“未知”。为什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！