【发布时间】:2011-07-27 13:36:27
【问题描述】:
如果出现服务器内部错误,我对axis2+rampart WS-Security 响应有问题。 当服务器返回“200 OK”时,一切似乎都正常。如果响应具有正确的时间戳、签名和解密函数响应 XML,则由壁垒检查响应。但是当服务器返回“500 Internal Server Error”时axis2/rapart抛出异常:
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header
我认为答案有问题并使用soapUI进行了测试。安全和解密形式都有类似的响应。这些响应仅在 HTTP 状态、指示错误的 XML 响应代码和 SOAP 标记的大小写方面有所不同。如果反应良好,则有
<SOAP-ENV:Envelope ...
如果出现错误:
<soap:Envelope ...
结构的其余部分,包括mustUnderstand="1" 是相同的。
在axis2.xml中我配置了InFlow和InFaultFlow和order一样:
<phase name="Addressing">...</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>
我启用了对我的客户的跟踪,如果反应良好,我会看到:
DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Invoking Handler 'SecurityInHandler' in Phase 'Security'
...there is decrypted message
DEBUG Thread-11 org.apache.rampart.handler.WSDoAllReceiver - WSDoAllReceiver: exit invoke()
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
出错的情况下没有这样的痕迹:
DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "soapmonitorPhase"
DEBUG Thread-11 org.apache.axis2.engine.AxisEngine - MustUnderstand header not processed or registered as understood{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
DEBUG Thread-11 org.apache.axis2.i18n.ProjectResourceBundle - org.apache.axis2.i18n.resource::handleGetObject(mustunderstandfailed)
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
没有SecurityInHandler 调用。
我希望看到解密消息,就像在“200 OK”状态或soapUI中一样。 任何想法我的配置有什么问题?
编辑
我已经检查过,只有在“500 内部服务器错误”的情况下才会出现此类错误。如果服务器回复“200 OK”且加密内容相同,则axis2能够解密!
【问题讨论】:
标签: java security axis2 ws-security rampart