我试图将请求发送到具有“ Wssp1.2-2007-Https-UsernameToken-Digest.xml”作为策略的Web服务。
下面是我的代码,我在Eclipse上使用apache cxf库:
public static void main(String[]args){
CardDetails_Service cds = new CardDetails_Service();
CardDetails cdsPort = cds.getCardDetailsPort();
//End_Init_load
//Retrieve the client object from the port
Client client = ClientProxy.getClient(cdsPort);
Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> ctx = ((BindingProvider) cdsPort).getRequestContext();
ctx.put("ws-security.username", "weblogicdev");
ctx.put("ws-security.password", "weblogic123");
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
CustomerRequestParam crp = new CustomerRequestParam();
crp.setCustomerID("dasd");
crp.setDataLevel("adsa");
crp.setInstitution("11");
CustomerResponseParam crpResponse = cdsPort.getCardDetailByCustomerOperation(crp);
System.out.println(crpResponse.getResponseDetails().getResponseCode()+"]["+crpResponse.getResponseDetails().getResponseDescription());
}
当我将Web服务的策略更改为Wssp1.2-2007-Https-UsernameToken-Plain.xml时,上面的代码有效,并且得到响应。
但是,当我将其切换回摘要时,它不起作用。
以下是两个策略中请求的生成请求的输出:
用户名令牌摘要:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-9cec2846-7695-4c8b-b7c3-4c8cf6887b9e">
<wsu:Created>2014-06-26T12:55:32.262Z
</wsu:Created>
<wsu:Expires>2014-06-26T13:00:32.262Z
</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-36511701-a842-4ba5-8e29-dc8841fb3a61">
<wsse:Username>weblogicdev
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">m5nhNFD+LT9e9sk8CAClHdFNTdQ=
</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MKlsVkLpcQykOosbGnszvg==
</wsse:Nonce>
<wsu:Created>2014-06-26T12:55:32.270Z
</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<soap:Body>
<CustomerRequest xmlns="www.mdsl.eft.cms.com">
<Institution>11
</Institution>
<Customer_ID>dasd
</Customer_ID>
<Data_Level>adsa
</Data_Level>
</CustomerRequest>
</soap:Body>
</soap:Envelope>
UsernameToken-Plain:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-9140d6d2-ce36-4efd-aedd-bfc338480993">
<wsu:Created>2014-06-26T12:45:49.342Z
</wsu:Created>
<wsu:Expires>2014-06-26T12:50:49.342Z
</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-a16f2785-c64d-44df-87e8-b8b840612192">
<wsse:Username>weblogicdev
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">weblogic123
</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<soap:Body>
<CustomerRequest xmlns="www.mdsl.eft.cms.com">
<Institution>11
</Institution>
<Customer_ID>dasd
</Customer_ID>
<Data_Level>adsa
</Data_Level>
</CustomerRequest>
</soap:Body>
</soap:Envelope>
请求正在更改,以适应策略的切换,但是我不明白为什么会收到“无法使用UsernameToken声明身份”的信息。
有关更多信息,下面是完整的跟踪:
Jun 26, 2014 5:32:18 PM io.netty.util.internal.logging.Slf4JLogger info
INFO: Your platform does not provide complete low-level API for accessing direct buffers reliably. Unless explicitly requested, heap buffer will always be preferred to avoid potential system unstability.
Jun 26, 2014 5:32:19 PM org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
INFO: Creating Service {http://test/}CardDetails from WSDL: https://localhost:7002/testWebService/CardDetailsPort?wsdl
Jun 26, 2014 5:32:19 PM org.apache.cxf.services.CardDetails.CardDetailsPort.CardDetails
INFO: Outbound Message
---------------------------
ID: 1
Address: https://localhost:7002/TestWebService/CardDetailsPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml
Headers: {Accept=[*/], SOAPAction=["urn:Test/getCardDetailByCustomerOperation"]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-2f3ad257-f56f-4658-8553-2867143f2188"><wsu:Created>2014-06-26T14:32:19.664Z</wsu:Created><wsu:Expires>2014-06-26T14:37:19.664Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id="UsernameToken-bcb0d1b1-3ee3-4182-bdc6-476f86006153"><wsse:Username>weblogicdev</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">iqb9Xe1/GqwfPW0CU1NOO96eH2I=</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3BkQP6r7MPJrs5AIohRwEQ==</wsse:Nonce><wsu:Created>2014-06-26T14:32:19.671Z</wsu:Created></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><soap:Body><CustomerRequest xmlns="www.mdsl.eft.cms.com"><Institution>11</Institution><Customer_ID>dasd</Customer_ID><Data_Level>adsa</Data_Level></CustomerRequest></soap:Body></soap:Envelope>
--------------------------------------
Jun 26, 2014 5:32:19 PM org.apache.cxf.services.CardDetails.CardDetailsPort.CardDetails
INFO: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml;charset="utf-8"
Headers: {Content-Length=[380], Content-Type=[text/xml;charset="utf-8"], Date=[Thu, 26 Jun 2014 14:32:19 GMT], X-ORACLE-DMS-ECID=[37cb61f8f3397d86:62376f09:146d4fa0d76:-8000-0000000000000c23], X-Powered-By=[Servlet/2.5 JSP/2.1]}
Payload: <?xml version='1.0' encoding='UTF-8'?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:FailedAuthentication</faultcode><faultstring>Failed to assert identity with UsernameToken.</faultstring></env:Fault></env:Body></env:Envelope>
--------------------------------------
Jun 26, 2014 5:32:19 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING: Request does not contain Security header, but it's a fault.
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Failed to assert identity with UsernameToken.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:159)
at $Proxy35.getCardDetailByCustomerOperation(Unknown Source)
at Test.Tester.main(Tester.java:83)
Caused by: org.apache.cxf.binding.soap.SoapFault: Failed to assert identity with UsernameToken.
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1636)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1525)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1330)
at org.apache.cxf.transport.http.netty.client.NettyHttpConduit$NettyWrappedOutputStream.close(NettyHttpConduit.java:153)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:638)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:137)
... 2 more
最佳答案
默认情况下,WebLogic
不会以可检索的方式存储密码,这对于摘要方法起作用是必需的。
要解决此问题,请在管理控制台中转到安全领域设置的提供程序配置(默认为:Security Realm -> myrealm -> Providers
),对于DefaultAuthenticator
,在Provider Specific
选项卡下,确保已启用Enable Password Digests
。
还要确保wsse:PasswordDigest
在DefaultIdentityAsserter
设置中处于活动状态。
注意:打开Enable Password Digests
后,必须重设要参与Web服务身份验证的任何用户的密码。