【问题标题】:axis2+rampart: Must Understand check failed for header Securityaxis2+rampart:必须了解标头安全检查失败
【发布时间】:2011-07-27 13:36:27
【问题描述】:

如果出现服务器内部错误,我对axis2+rampart WS-Security 响应有问题。 当服务器返回“200 OK”时,一切似乎都正常。如果响应具有正确的时间戳、签名和解密函数响应 XML,则由壁垒检查响应。但是当服务器返回“500 Internal Server Error”时axis2/rapart抛出异常:

ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header

我认为答案有问题并使用soapUI进行了测试。安全和解密形式都有类似的响应。这些响应仅在 HTTP 状态、指示错误的 XML 响应代码和 SOAP 标记的大小写方面有所不同。如果反应良好,则有

<SOAP-ENV:Envelope ...

如果出现错误:

<soap:Envelope ...

结构的其余部分,包括mustUnderstand="1" 是相同的。

axis2.xml中我配置了InFlowInFaultFlow和order一样:

<phase name="Addressing">...</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>

我启用了对我的客户的跟踪,如果反应良好,我会看到:

DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Invoking Handler 'SecurityInHandler' in Phase 'Security'
...there is decrypted message
DEBUG Thread-11 org.apache.rampart.handler.WSDoAllReceiver - WSDoAllReceiver: exit invoke()
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...

出错的情况下没有这样的痕迹:

DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "soapmonitorPhase"
DEBUG Thread-11 org.apache.axis2.engine.AxisEngine - MustUnderstand header not processed or registered as understood{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
DEBUG Thread-11 org.apache.axis2.i18n.ProjectResourceBundle - org.apache.axis2.i18n.resource::handleGetObject(mustunderstandfailed)
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

没有SecurityInHandler 调用。

我希望看到解密消息,就像在“200 OK”状态或soapUI中一样。 任何想法我的配置有什么问题?

编辑

我已经检查过,只有在“500 内部服务器错误”的情况下才会出现此类错误。如果服务器回复“200 OK”且加密内容相同,则axis2能够解密!

【问题讨论】:

    标签: java security axis2 ws-security rampart


    【解决方案1】:

    我会回答自己:

    我搜索了 Rampart 资源以查看 SecurityInHandler 的位置。它位于rampart-1.5.1.marMETA-INF/module.xml 中,但仅在&lt;InFlow&gt; 部分中。我把它复制到&lt;InFaultFlow&gt; 并且有效!现在我的&lt;InFaultFlow&gt; 部分看起来像:

    <InFaultFlow>
        <handler name="PolicyBasedSecurityInHandler" class="org.apache.rampart.handler.RampartReceiver">
            <order phase="Security" phaseFirst="true"/>
        </handler>
        <handler name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
            <order phase="Security"/>
        </handler>
        <handler name="PostDispatchVerificationHandler" class="org.apache.rampart.handler.PostDispatchVerificationHandler">
            <order phase="Dispatch" phaseLast="true"/>
        </handler>
    </InFaultFlow> 
    

    【讨论】:

      猜你喜欢
      • 2016-06-21
      • 1970-01-01
      • 2015-02-01
      • 2016-02-05
      • 2011-12-05
      • 2011-07-02
      • 1970-01-01
      • 1970-01-01
      • 2015-08-04
      相关资源
      最近更新 更多