Sal*_*man 12 xml soap axis2 web-services rampart
我正在尝试使用Axis2和构建一个使用外部服务器应用程序的客户端应用程序rampat 1.6.
检查SOAP请求时,一切似乎都很好,因为SOAP按预期加密和签名.以下是用于此目的的policy.xml文件:
<wsp:Policy wsu:Id="MyPolicy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:wsam="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wst="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireIssuerSerialReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:IncludeTimestamp/>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="ReplyTo"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="To"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="From"/>
<sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="AckRequested"/>
<sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="CreateSequence"/>
<sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="Sequence"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="MessageID"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="FaultTo"/>
<sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="SequenceAcknowledgement"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="Action"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="RelatesTo"/>
</sp:SignedParts>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefEncryptedKey/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
</wsp:Policy>
</sp:Wss11>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:userCertAlias>mySignAlias</ramp:userCertAlias>
<ramp:encryptionUser>myEncryptAlias</ramp:encryptionUser>
<ramp:user>myUser</ramp:user>
<ramp:passwordCallbackClass>myPackage.PasswordCallBackHandler</ramp:passwordCallbackClass>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">[path goes here]/clientTrustStore.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">[path goes here]/clientKeyStore.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
但是我在调用外部服务器应用程序时遇到以下轴故障:
SEVERE: org.apache.axis2.AxisFault: com.sun.xml.wss.XWSSecurityException: Policy verification error:Missing target MessageID for Signature
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
该错误是自描述的,SOAP请求MessageID在SOAP标头中缺少标记.我很累,想知道如何添加提到的标签,但没有运气; 我发现如何在此链接中添加自定义SOAP标头,将身份验证标头添加到客户端存根axis2
但我想避免这种情况,因为我PasswordCallBackHandler用来添加身份验证礼节.
有没有办法MessageID在SOAP标头中自动添加?此外,还有像类似的标签Action,ReplyTo,To,以及From如何将它们添加到SOAP头?
- 更新:
从自动生成的java文件使用Axis2工具 - 请参阅Apache Axis2用户指南 - 创建客户端以了解如何生成存根文件 - 我在自动生成的Java类中使用了API方法ServiceStub.有一条消息创建了contxet来发送SOAP请求,如下所示:
// create a message context
_messageContext = new org.apache.axis2.context.MessageContext();
我使用该对象_messageContext设置消息ID如下:
_messageContext.setMessageID("TEST_123456");
此外,我在调试模式下运行应用程序,我可以看到TEST_123456已经添加到SOAP请求中,MessageID并且服务器MessageID在其响应中使用相同的内容.但我仍然得到这个有线错误Policy verification error:Missing target MessageID for Signature
令我困惑的是服务器如何说他丢失了,MessageID尽管它出现在SOAP请求和仅来自服务器的响应中!
这与自动签名过程有什么关系吗?但即便如此, MessageID已经SignedParts从政策文件中添加了还有什么可以解决这个问题呢?
小智 0
您可以在 中添加所有属性,例如 Message、Action、To 和其他属性Stub::ServiceClient::Options。
ServiceClient client = serviceStub._getServiceClient();
Options options = client.getOptions();
options.setAction(action);
options.setTo(new EndpointReference(referenceURL));
options.setMessageId(UUID.randomUUID().toString());
