JAVA-CXF WS-security“验证消息时遇到安全错误” [英] JAVA - CXF WS-security "A security error was encountered when verifying the message"

问题描述

对于这个问题，很抱歉，我完全被阻止了。
我正在尝试在 CXF 框架之上实现Web服务服务器。 Jax-ws 对处理Web服务非常有帮助，它很容易实现。
但是，当您想要引入安全性时会遇到问题。

Sorry for this question, it can appear recurrent by I'm completely blocked. I'm trying to implement a Web Service Server on top of CXF framework. Jax-ws is very helpful to handle a web service, it's easy to implement it. But, the problem come when you want to introduce security.

要实现安全性，请执行以下源代码：

To handle security in implement the following source code :

EndpointImpl jaxWsEndpoint = (EndpointImpl) Endpoint.publish(endPointAddress, httpWebService);
inProps.put("action", "UsernameToken Timestamp");
inProps.put("passwordType", "PasswordText");
inProps.put("passwordCallbackClass", "com.company.webService.PasswordListener");
jaxWsEndpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps));

我将以下 SOAP 请求推送到此Web服务：

I push to this Web Service the following SOAP request :

...
<soapenv:Header>
   <wsse:Security soapenv:mustunderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:Usernametoken wsu:id="UsernameToken-27777511" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>admin</wsse:Username>
        <wsse:Password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass</wsse:Password>
     </wsse:Usernametoken>
   </wsse:Security>
</soapenv:Header>
...

CXF 框架收到我的请求试试处理安全部分并抛出以下异常：

The CXF framework received my request try to handle the security part and throw me the following exception:

Jun 08, 2016 10:48:24 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor checkActions
WARNING: Security processing failed (actions mismatch)
Jun 08, 2016 10:48:24 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://httpAbstractHandlerImplementation.webService.company.co /}HttpWebServiceService has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:218)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:316)

如果有人知道我在哪里做错了。

If somebody have an idea where i have done an error.

谢谢

推荐答案

你有 inProps.put（action，UsernameToken Timestamp）; 但安全标头中没有时间戳。从您的操作中删除时间戳或添加匹配的安全标头。

You have inProps.put("action", "UsernameToken Timestamp"); but no Timestamp in your security header. Either remove "Timestamp" from your actions or add the matching security header.

编辑
消息非常明确安全处理失败（操作不匹配）所以查看您的请求会发现另一个错误：它应该是 wsse：UsernameToken 而不是 wsse ：Usernametoken 截至官方规格。

EDIT The message is quite clear "Security processing failed (actions mismatch)" So looking at your request reveals another mistake: It should be wsse:UsernameToken instead of wsse:Usernametoken as of the official spec.

这篇关于JAVA-CXF WS-security“验证消息时遇到安全错误”的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！