CXF STS用户名令牌对称绑定XML签名验证失败 [英] CXF STS Usernametoken symmetric binding XML Signature verification has failed

问题描述

使用CXF STS- STS客户端示例，我在 https://web-gmazza.rhcloud.com/blog/entry/cxf-sts-tutorial ，而我的示例代码位于 https://github.com/sampleref/CXFSecurity 供参考。在调试时，我在STS提供程序中发现了以下错误

Working with CXF STS- STS client example I followed the example at https://web-gmazza.rhcloud.com/blog/entry/cxf-sts-tutorial and my sample code is at https://github.com/sampleref/CXFSecurity for reference. On debugging I found error as below at STS provider

    <<||2014-07-13 18:26:50,286||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.UsernameTokenProcessor:50||||>> Found UsernameToken list element 
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.validate.UsernameTokenValidator:78||||>> UsernameToken user alice 
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.validate.UsernameTokenValidator:79||||>> UsernameToken password type http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText 
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:115||||>> Found signature element 
<<||2014-07-13 18:26:50,288||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:380||||>> Verify XML Signature 
<<||2014-07-13 18:26:50,292||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:428||||>> XML Signature verification has failed 
<<||2014-07-13 18:26:50,292||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:431||||>> Signature Validation check: false 

请提供一些输入信息，这对我来说非常重要。我在
CXF STS客户端引发请求不包含安全标头/响应消息不包含WS-Addressing属性

Please provide some inputs, Its really important working for me with this. I posted more detailed error from STS Client at CXF STS client throws Request does not contain Security header/Response message does not contain WS-Addressing properties

推荐答案

问题是您没有在STS中提供私钥的密码。因此，例如，将以下内容添加到StsPasswordCallbackHandler可使解密工作：

The problem is that you are not supplying the password for the private key in the STS. So for example, adding the following to the StsPasswordCallbackHandler makes the decryption work:

x509Passwords.put（ stskeyalias， stskeypassword）;

x509Passwords.put("stskeyalias", "stskeypassword");

您还需要从STS pom中删除BouncyCastle依赖项。

You also need to remove the BouncyCastle dependency from the STS pom.

Colm。

这篇关于CXF STS用户名令牌对称绑定XML签名验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！