我试图将请求发送到具有“ Wssp1.2-2007-Https-UsernameToken-Digest.xml”作为策略的Web服务。

下面是我的代码,我在Eclipse上使用apache cxf库:

    public static void main(String[]args){
    CardDetails_Service cds = new CardDetails_Service();
    CardDetails cdsPort = cds.getCardDetailsPort();
    //End_Init_load

    //Retrieve the client object from the port
    Client client = ClientProxy.getClient(cdsPort);
    Endpoint cxfEndpoint = client.getEndpoint();

    Map<String, Object> ctx = ((BindingProvider) cdsPort).getRequestContext();
    ctx.put("ws-security.username", "weblogicdev");
    ctx.put("ws-security.password", "weblogic123");
    client.getInInterceptors().add(new LoggingInInterceptor());
    client.getOutInterceptors().add(new LoggingOutInterceptor());

    CustomerRequestParam crp = new CustomerRequestParam();
    crp.setCustomerID("dasd");
    crp.setDataLevel("adsa");
    crp.setInstitution("11");

    CustomerResponseParam crpResponse = cdsPort.getCardDetailByCustomerOperation(crp);

    System.out.println(crpResponse.getResponseDetails().getResponseCode()+"]["+crpResponse.getResponseDetails().getResponseDescription());
}


当我将Web服务的策略更改为Wssp1.2-2007-Https-UsernameToken-Plain.xml时,上面的代码有效,并且得到响应。

但是,当我将其切换回摘要时,它不起作用。

以下是两个策略中请求的生成请求的输出:
用户名令牌摘要:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-9cec2846-7695-4c8b-b7c3-4c8cf6887b9e">
<wsu:Created>2014-06-26T12:55:32.262Z
</wsu:Created>
<wsu:Expires>2014-06-26T13:00:32.262Z
</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-36511701-a842-4ba5-8e29-dc8841fb3a61">
<wsse:Username>weblogicdev
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">m5nhNFD+LT9e9sk8CAClHdFNTdQ=
</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MKlsVkLpcQykOosbGnszvg==
</wsse:Nonce>
<wsu:Created>2014-06-26T12:55:32.270Z
</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<soap:Body>
<CustomerRequest xmlns="www.mdsl.eft.cms.com">
<Institution>11
</Institution>
<Customer_ID>dasd
</Customer_ID>
<Data_Level>adsa
</Data_Level>
</CustomerRequest>
</soap:Body>
</soap:Envelope>


UsernameToken-Plain:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-9140d6d2-ce36-4efd-aedd-bfc338480993">
<wsu:Created>2014-06-26T12:45:49.342Z
</wsu:Created>
<wsu:Expires>2014-06-26T12:50:49.342Z
</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-a16f2785-c64d-44df-87e8-b8b840612192">
<wsse:Username>weblogicdev
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">weblogic123
</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<soap:Body>
<CustomerRequest xmlns="www.mdsl.eft.cms.com">
<Institution>11
</Institution>
<Customer_ID>dasd
</Customer_ID>
<Data_Level>adsa
</Data_Level>
</CustomerRequest>
</soap:Body>
</soap:Envelope>


请求正在更改,以适应策略的切换,但是我不明白为什么会收到“无法使用UsernameToken声明身份”的信息。

有关更多信息,下面是完整的跟踪:

Jun 26, 2014 5:32:18 PM io.netty.util.internal.logging.Slf4JLogger info
INFO: Your platform does not provide complete low-level API for accessing direct buffers reliably. Unless explicitly requested, heap buffer will always be preferred to avoid potential system unstability.
Jun 26, 2014 5:32:19 PM org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
INFO: Creating Service {http://test/}CardDetails from WSDL: https://localhost:7002/testWebService/CardDetailsPort?wsdl
Jun 26, 2014 5:32:19 PM org.apache.cxf.services.CardDetails.CardDetailsPort.CardDetails
INFO: Outbound Message
---------------------------
ID: 1
Address: https://localhost:7002/TestWebService/CardDetailsPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml
Headers: {Accept=[*/], SOAPAction=["urn:Test/getCardDetailByCustomerOperation"]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-2f3ad257-f56f-4658-8553-2867143f2188"><wsu:Created>2014-06-26T14:32:19.664Z</wsu:Created><wsu:Expires>2014-06-26T14:37:19.664Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id="UsernameToken-bcb0d1b1-3ee3-4182-bdc6-476f86006153"><wsse:Username>weblogicdev</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">iqb9Xe1/GqwfPW0CU1NOO96eH2I=</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3BkQP6r7MPJrs5AIohRwEQ==</wsse:Nonce><wsu:Created>2014-06-26T14:32:19.671Z</wsu:Created></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><soap:Body><CustomerRequest xmlns="www.mdsl.eft.cms.com"><Institution>11</Institution><Customer_ID>dasd</Customer_ID><Data_Level>adsa</Data_Level></CustomerRequest></soap:Body></soap:Envelope>
--------------------------------------
Jun 26, 2014 5:32:19 PM org.apache.cxf.services.CardDetails.CardDetailsPort.CardDetails
INFO: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml;charset="utf-8"
Headers: {Content-Length=[380], Content-Type=[text/xml;charset="utf-8"], Date=[Thu, 26 Jun 2014 14:32:19 GMT], X-ORACLE-DMS-ECID=[37cb61f8f3397d86:62376f09:146d4fa0d76:-8000-0000000000000c23], X-Powered-By=[Servlet/2.5 JSP/2.1]}
Payload: <?xml version='1.0' encoding='UTF-8'?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:FailedAuthentication</faultcode><faultstring>Failed to assert identity with UsernameToken.</faultstring></env:Fault></env:Body></env:Envelope>
--------------------------------------
Jun 26, 2014 5:32:19 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING: Request does not contain Security header, but it's a fault.
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Failed to assert identity with UsernameToken.
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:159)
    at $Proxy35.getCardDetailByCustomerOperation(Unknown Source)
    at Test.Tester.main(Tester.java:83)
Caused by: org.apache.cxf.binding.soap.SoapFault: Failed to assert identity with UsernameToken.
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
    at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
    at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
    at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
    at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1636)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1525)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1330)
    at org.apache.cxf.transport.http.netty.client.NettyHttpConduit$NettyWrappedOutputStream.close(NettyHttpConduit.java:153)
    at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
    at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215)
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:638)
    at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:137)
    ... 2 more

最佳答案

默认情况下,WebLogic不会以可检索的方式存储密码,这对于摘要方法起作用是必需的。

要解决此问题,请在管理控制台中转到安全领域设置的提供程序配置(默认为:Security Realm -> myrealm -> Providers),对于DefaultAuthenticator,在Provider Specific选项卡下,确保已启用Enable Password Digests

还要确保wsse:PasswordDigestDefaultIdentityAsserter设置中处于活动状态。

注意:打开Enable Password Digests后,必须重设要参与Web服务身份验证的任何用户的密码。

07-26 02:45