我正在使用wsit创建具有一些安全性增强功能的webserice客户端。为了证明一些部署规范的合理性,我不得不使用回调机制来加载密钥库:

<wsp:Policy wsu:Id="WSPortBindingPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <!-- define a keystore and truststore with the ith certificates for ssl encrypted connections -->
            <sc:KeyStore wspp:visibility="private" callbackHandler="webservice.auth.KeyStoreHandler" />
            <sc:TrustStore wspp:visibility="private" callbackHandler="webservice.auth.KeyStoreHandler"/>


现在根据我的日志文件,KeyStore处理程序将被正确实例化,但是将永远不会调用它来创建密钥库。这意味着永远不会调用回调方法“ handle(Callback [] callbacks)”。请有人能给我一些提示,以更好地分析问题。

实例的调用堆栈表明该策略已正确解析和设置。但是在SSL握手过程中,不会触发回调。

INFO: WSP5018: WSIT-Konfiguration wurde aus Datei geladen: jar:file:/C:/app.jar!/META-INF/wsit-client.xml.
11:22:08,753 DEBUG [AWT-EventQueue-0] webservice.auth.KeyStoreHandler () : instantiate KeyStoreHandlerjava.lang.Exception
at webservice.auth.KeyStoreHandler.<init>(KeyStoreHandler.java:60)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.initNewInstances(DefaultCallbackHandler.java:2022)
at com.sun.xml.wss.impl.misc.DefaultCallbackHandler.<init>(DefaultCallbackHandler.java:344)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.configureClientHandler(SecurityClientTube.java:823)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.<init>(SecurityClientTube.java:180)
at com.sun.xml.wss.provider.wsit.SecurityTubeFactory.createTube(SecurityTubeFactory.java:275)
at com.sun.xml.ws.assembler.TubeCreator.createTube(TubeCreator.java:85)
at com.sun.xml.ws.assembler.MetroTubelineAssembler.createClient(MetroTubelineAssembler.java:137)
at com.sun.xml.ws.client.Stub.createPipeline(Stub.java:328)
at com.sun.xml.ws.client.Stub.<init>(Stub.java:297)
at com.sun.xml.ws.client.Stub.<init>(Stub.java:239)
at com.sun.xml.ws.client.Stub.<init>(Stub.java:254)
at com.sun.xml.ws.client.sei.SEIStub.<init>(SEIStub.java:92)
at com.sun.xml.ws.client.WSServiceDelegate.getStubHandler(WSServiceDelegate.java:746)
at com.sun.xml.ws.client.WSServiceDelegate.createEndpointIFBaseProxy(WSServiceDelegate.java:724)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:408)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:384)
at javax.xml.ws.Service.getPort(Service.java:175)

最佳答案

一些提示如何更好地分析问题:


为记录器com.sun.xml.wss.logging启用Level.FINE,您应该会看到来自DefaultCallbackHandler的一些有用消息
DefaultCallbackHandler#getKeyStoreUsingCallback(Map runtimeProps)getPrivateKey(Map runtimeProps, String alias)方法上设置一个断点。我猜他们根本没有被呼唤。也许根本没有初始化SSL?
要调试SSL,请设置系统属性javax.net.debug=ssl。然后,您将看到确切发生了什么。您可以在这里找到更多信息:Debugging SSL/TLS Connections


如果您提供输出,那么也许我们将能够为您提供帮助。

09-30 17:20
查看更多