CXF WSS4J拦截器

Question

我正在尝试使用以下代码配置WSS4J拦截器:

        try {

        Map<String, Object> outProps = new HashMap<String, Object>();

        outProps.put(WSHandlerConstants.ACTION,
                WSHandlerConstants.TIMESTAMP + " "
                        + WSHandlerConstants.SIGNATURE + " "
                        + WSHandlerConstants.ENCRYPT);
        outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
        outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                ClientKeystorePasswordCallback.class.getName());
        outProps.put(WSHandlerConstants.SIG_PROP_FILE,
                "clientWSsec-PC165.properties");
        outProps.put(WSHandlerConstants.ENC_PROP_FILE,
                "clientWSsec-PC165-Srv.properties");
        outProps.put(WSHandlerConstants.SIGNATURE_USER, "clientKey");
        outProps.put(WSHandlerConstants.ENCRYPTION_USER, "serverKey");

        Map<String, Object> inProps = new HashMap<String, Object>();

        inProps.put("action", "Timestamp Signature Encrypt");
        inProps.put("passwordType", "PasswordText");
        inProps.put("passwordCallbackClass",
                "utils.ClientKeystorePasswordCallback");
        inProps.put("signatureUser", "clientKey");
        inProps.put("encryptionUser", "serverKey");
        inProps.put("encryptionPropFile", "clientWSsec-PC165.properties");
        inProps.put("signaturePropFile", "clientWSsec-PC165.properties");


        DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker();
        coverageChecker.setSignBody(true);
        coverageChecker.setSignTimestamp(true);
        coverageChecker.setEncryptBody(true);

        Service service = new Service ();
        WsService  wsService = service.getWsServiceSOAP();

        org.apache.cxf.endpoint.Client client = ClientProxy
                .getClient(wsService);
        client.getInInterceptors().add(new WSS4JInInterceptor(inProps));
        client.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
        client.getInInterceptors().add(coverageChecker);

        ResponseType parameters1 = new ResponseType();
        wsService.getResponse(getServiceHeader(),
                parameters1);

    } catch (UndeclaredThrowableException ex) {
        ex.getUndeclaredThrowable().printStackTrace();
    } catch (Exception ex) {
        ex.printStackTrace();
    }

但是我收到了这个错误:

javax.xml.ws.soap.SOAPFaultException: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a ws-security.signature.properties element within it.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)
at $Proxy29.getResponse(Unknown Source)
at utils.Client.main(Client.java:118)

Caused by: org.apache.cxf.ws.policy.PolicyException: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a ws-security.signature.properties element within it.
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:313)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1827)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:567)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:147)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:176)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:90)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
... 2 more

我想知道我的代码中是否缺少某些内容,或者我是不是以正确的方式执行此操作.

谢谢!

Answer 1

您正在使用WSS4JOutInterceptor/WSS4JInInterceptor将"基于操作"的配置与"基于策略"的配置混合使用.在您的示例中,有一个WS-SecurityPolicy(AsymmetricBinding),CXF WS-Security运行时用于配置安全性.在这种情况下,您不需要显式配置WSS4JOutInterceptor.您需要做的是添加相关的安全属性.这是一个(代码)示例:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ WS /故障/ FaultTest.java; HB = fd92c807e8773c363df37cfaf946971f5bac763b

特别是:

client.getRequestContext().put("ws-security.username","bob");

client.getRequestContext().put("ws-security.encryption.properties","bob.properties");

等等

科尔姆.