【问题标题】:How to ignore the ws-security header in my CXF web service如何在我的 CXF Web 服务中忽略 ws-security 标头
【发布时间】:2017-03-04 11:06:24
【问题描述】:

我使用带有独立 http 服务器的 wsdl2java 工具创建了一个 CXF Web 服务。 wsdl 指定了 ws-security。

我不想强制执行 ws-security 标头,因为我并不真正关心它们,但客户端将发送 ws-security 标头,如下所示。请注意,没有密码,只有用户名。

    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken>
            <wsse:Username>USER</wsse:Username>
        </wsse:UsernameToken>
    </wsse:Security>

我有什么办法来处理这个问题?

更新: 好的,我现在有这个:

    EndpointImpl impl = (EndpointImpl)Endpoint.publish(address, implementor);
    impl.getInInterceptors().add(new LoggingInInterceptor());
    impl.getOutInterceptors().add(new LoggingOutInterceptor());

    Map<String, Object> inProps = new HashMap<String, Object>();
    inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN_NO_PASSWORD);
    inProps.put(WSHandlerConstants.USER, "USER");
    impl.getOutInterceptors().add(new WSS4JInInterceptor(inProps));

客户端正在发送如下标头:

<soapenv:Header>
    <wsa:To>http://www.test.com/Namespace/testb</wsa:To>
    <wsa:ReplyTo>
        <wsa:Address>http://www.test.com/Namespace/testa</wsa:Address>
    </wsa:ReplyTo>
    <wsa:Action>http://www.test.com/test</wsa:Action>
    <wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing"
        >6158a795-46d5-4481-8467-da8ffda95664</wsa:MessageID>
    <wsse:Security soapenv:mustUnderstand="1"
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken>
            <wsse:Username>USER</wsse:Username>
        </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>

wsdl 中的策略是:

<wsp:Policy wsu:Id="RequestPolicy">
    <wsp:PolicyReference URI="#RequestAddressingPolicy"/>
</wsp:Policy>
<wsp:Policy wsu:Id="ResponsePolicy">
    <!--<wsp:PolicyReference URI="#ResponseAddressingPolicy"/>-->
</wsp:Policy>
<wsp:Policy wsu:Id="RequestAddressingPolicy">
    <wsp:All>
        <sp:RequiredElements>
            <!-- wsa:MessageID -->
            <sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'MessageID' and namespace-uri() =
                'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
        </sp:RequiredElements>
        <sp:RequiredElements>
            <!-- wsa:Action -->
            <sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'Action' and namespace-uri() =
                'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
        </sp:RequiredElements>
    </wsp:All>
</wsp:Policy>
<wsp:Policy wsu:Id="ResponseAddressingPolicy">
    <wsp:All>
        <sp:RequiredElements>
            <!-- wsa:MessageID -->
            <sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'MessageID' and namespace-uri() =
                'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
        </sp:RequiredElements>
        <sp:RequiredElements>
            <!-- wsa:Action -->
            <sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'Action' and namespace-uri() =
                'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
        </sp:RequiredElements>
        <sp:RequiredElements>
            <!-- wsa:RelatesTo -->
            <sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'RelatesTo' and namespace-uri() =
                'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
        </sp:RequiredElements>
    </wsp:All>
</wsp:Policy>

但是我得到了这个错误:

DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.frontend.WSDLGetInterceptor@17e83562
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@577080e9
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@5100a0c1
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@322346e
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@14429e20
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor@14446563
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack@47663389
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.interceptor.DocLiteralInInterceptor@8b3f859
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor@7e7fcf24
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.interceptor.OneWayProcessorInterceptor@69e03797
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.WrapperClassInInterceptor@6a0aae79
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.SwAInInterceptor@7fdcf981
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.HolderInInterceptor@4caf756f
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyVerificationInInterceptor@624bc1dc
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyVerificationInInterceptor@624bc1dc
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.HolderInInterceptor@4caf756f
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.SwAInInterceptor@7fdcf981
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.WrapperClassInInterceptor@6a0aae79
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.interceptor.OneWayProcessorInterceptor@69e03797
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor@7e7fcf24
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.interceptor.DocLiteralInInterceptor@8b3f859
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack@47663389
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor@14446563
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@14429e20
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@322346e
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@5100a0c1
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@577080e9
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.frontend.WSDLGetInterceptor@17e83562
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.interceptor.StaxInInterceptor@795d674
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.transport.https.CertConstraintsInterceptor@629ec714
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.interceptor.AttachmentInInterceptor@1f9d24f7
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.interceptor.LoggingInInterceptor@28ae3880
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@23c405af
 WARN [qtp1254651534-15 - /Identity/] (LogUtils.java:443) - Interceptor for CENSORED has thrown exception, unwinding now
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: 
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequiredElements
    at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167)
    at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
    at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)
    at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)
    at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1074)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1010)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.Server.handle(Server.java:361)
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:485)
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:926)
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:988)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:642)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
    at java.lang.Thread.run(Unknown Source)

【问题讨论】:

    标签: java web-services jakarta-ee cxf


    【解决方案1】:

    您可以在 CXF 中配置 WSS4JInInterceptor 以期望不包含密码的 UsernameToken。此处配置:http://cxf.apache.org/docs/ws-security.html - 您需要指定的“操作”是“UsernameTokenNoPassword”。

    【讨论】:

    • 谢谢。我用更多信息更新了我的问题。我尝试了你的建议。
    猜你喜欢
    • 2012-02-29
    • 2010-10-16
    • 1970-01-01
    • 2014-03-02
    • 1970-01-01
    • 2016-08-22
    • 2013-01-12
    • 1970-01-01
    • 2011-03-28
    相关资源
    最近更新 更多