我正在使用wsit创建具有一些安全性增强功能的webserice客户端。为了证明一些部署规范的合理性,我不得不使用回调机制来加载密钥库:
<wsp:Policy wsu:Id="WSPortBindingPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<!-- define a keystore and truststore with the ith certificates for ssl encrypted connections -->
<sc:KeyStore wspp:visibility="private" callbackHandler="webservice.auth.KeyStoreHandler" />
<sc:TrustStore wspp:visibility="private" callbackHandler="webservice.auth.KeyStoreHandler"/>
现在根据我的日志文件,KeyStore处理程序将被正确实例化,但是将永远不会调用它来创建密钥库。这意味着永远不会调用回调方法“ handle(Callback [] callbacks)”。请有人能给我一些提示,以更好地分析问题。
实例的调用堆栈表明该策略已正确解析和设置。但是在SSL握手过程中,不会触发回调。
INFO: WSP5018: WSIT-Konfiguration wurde aus Datei geladen: jar:file:/C:/app.jar!/META-INF/wsit-client.xml.
11:22:08,753 DEBUG [AWT-EventQueue-0] webservice.auth.KeyStoreHandler () : instantiate KeyStoreHandlerjava.lang.Exception
at webservice.auth.KeyStoreHandler.<init>(KeyStoreHandler.java:60)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.initNewInstances(DefaultCallbackHandler.java:2022)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.<init>(DefaultCallbackHandler.java:344)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.configureClientHandler(SecurityClientTube.java:823)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.<init>(SecurityClientTube.java:180)
at com.sun.xml.wss.provider.wsit.SecurityTubeFactory.createTube(SecurityTubeFactory.java:275)
at com.sun.xml.ws.assembler.TubeCreator.createTube(TubeCreator.java:85)
at com.sun.xml.ws.assembler.MetroTubelineAssembler.createClient(MetroTubelineAssembler.java:137)
at com.sun.xml.ws.client.Stub.createPipeline(Stub.java:328)
at com.sun.xml.ws.client.Stub.<init>(Stub.java:297)
at com.sun.xml.ws.client.Stub.<init>(Stub.java:239)
at com.sun.xml.ws.client.Stub.<init>(Stub.java:254)
at com.sun.xml.ws.client.sei.SEIStub.<init>(SEIStub.java:92)
at com.sun.xml.ws.client.WSServiceDelegate.getStubHandler(WSServiceDelegate.java:746)
at com.sun.xml.ws.client.WSServiceDelegate.createEndpointIFBaseProxy(WSServiceDelegate.java:724)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:408)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:384)
at javax.xml.ws.Service.getPort(Service.java:175)
最佳答案
一些提示如何更好地分析问题:
为记录器com.sun.xml.wss.logging
启用Level.FINE,您应该会看到来自DefaultCallbackHandler
的一些有用消息
在DefaultCallbackHandler#getKeyStoreUsingCallback(Map runtimeProps)
和getPrivateKey(Map runtimeProps, String alias)
方法上设置一个断点。我猜他们根本没有被呼唤。也许根本没有初始化SSL?
要调试SSL,请设置系统属性javax.net.debug=ssl
。然后,您将看到确切发生了什么。您可以在这里找到更多信息:Debugging SSL/TLS Connections。
如果您提供输出,那么也许我们将能够为您提供帮助。