我有一个Web服务,它包含一个使用roleallowed annotation和jdbc领域的ejb层。 为了使我的swing客户端的客户端验证工作我使用对称密钥(客户端+服务器)启用用户名验证并设置我的回调处理程序(客户端)。 当我运行客户端并尝试访问受保护的方法时,我得到了这个异常:
Grave: WSSTUBE0025: Error in Verifying Security in the Inbound Message.
com.sun.xml.wss.impl.PolicyViolationException: ERROR: No security header found in the message
at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:138)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:1003)
at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:248)
在服务器端我得到:
Key used to decrypt EncryptedKey cannot be null
com.sun.xml.wss.logging.impl.opt.crypto Error occured while decrypting EncryptedKey
WSITPVD0035: Error in Verifying Security in Inbound Message. com.sun.xml.wss.impl.WssSoapFaultException: Invalid Security Header at
和
com.sun.xml.ws.security.opt.impl.util.SOAPUtil.newSOAPFaultException(SOAPUtil.java:159) at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey.getKey(EncryptedKey.java:354) at
com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.resolveDirectReference(KeySelectorImpl.java:540) at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.processDirectReference(SecurityTokenProcessor.java:267) at
com.sun.xml.ws.security.opt.impl.incoming.processor.SecurityTokenProcessor.resolveReference(SecurityTokenProcessor.java:143) at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processKeyInfo(KeyInfoProcessor.java:152) at
com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(KeyInfoProcessor.java:132) at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.process(EncryptedData.java:156) at
com.sun.xml.ws.security.opt.impl.incoming.EncryptedData.<init>(EncryptedData.java:113) at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:458) at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:291) at
com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:241) at
com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:588) at
com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:361) at
com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:264) at
com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:173) at
com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:144) at
com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119) at
com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:961) at
com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910) at
com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873) at
com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775) at
com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:386) at
com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:640) at
com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:263) at
com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:163) at
org.glassfish.webservices.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:120) at
org.glassfish.webservices.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:91) at
org.glassfish.webservices.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:200) at
org.glassfish.webservices.EjbWebServiceServlet.service(EjbWebServiceServlet.java:131) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:770) at
com.sun.grizzly.http.servlet.ServletAdapter$FilterChainImpl.doFilter(ServletAdapter.java:1059) at
com.sun.grizzly.http.servlet.ServletAdapter$FilterChainImpl.invokeFilterChain(ServletAdapter.java:999) at
com.sun.grizzly.http.servlet.ServletAdapter.doService(ServletAdapter.java:434) at
com.sun.grizzly.http.servlet.ServletAdapter.service(ServletAdapter.java:384) at
com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:179) at
com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117) at
com.sun.enterprise.v3.services.impl.ContainerMapper$Hk2DispatcherCallable.call(ContainerMapper.java:354) at
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195) at
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:849) at
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:746) at
com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1045) at
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228) at
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137) at
这是我第一次使用网络服务安全性而且我可能忘记了要添加的基本内容。
你能帮助我吗?
谢谢。
修改 这个web服务客户端xml: 已删除导致空间不足 和服务器端
<?xml version="1.0" encoding="UTF-8"?>
<definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="custom_ws" targetNamespace="http://ejb/" xmlns:tns="http://ejb/" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:fi="http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service" xmlns:tcp="http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:sc="http://schemas.sun.com/2006/03/wss/server" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
>
<message name="hmd"/>
<message name="hmdResponse"/>
<portType name="custom_ws">
<operation name="hmd">
<input message="tns:hmd"/>
<output message="tns:hmdResponse"/>
</operation>
</portType>
<binding name="custom_wsPortBinding" type="tns:custom_ws">
<wsp:PolicyReference URI="#custom_wsPortBindingPolicy"/>
<operation name="hmd">
<input>
<wsp:PolicyReference URI="#custom_wsPortBinding_hmd_Input_Policy"/>
</input>
<output>
<wsp:PolicyReference URI="#custom_wsPortBinding_hmd_Output_Policy"/>
</output>
</operation>
</binding>
<service name="custom_ws">
<port name="custom_wsPort" binding="tns:custom_wsPortBinding"/>
</service>
<wsp:Policy wsu:Id="custom_wsPortBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsam:Addressing wsp:Optional="false"/>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
<sp:RequireIssuerSerialReference/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:SignedEncryptedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedEncryptedSupportingTokens>
<sc:KeyStore wspp:visibility="private" location="C:\glassfish312\glassfish\domains\domain1\config\keystore.jks" type="JKS" storepass="changeit" alias="xws-security-server"/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="custom_wsPortBinding_hmd_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="custom_wsPortBinding_hmd_Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
<sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</definitions>
编辑2 我添加了一些似乎缺少客户端的部分,但它仍然无法正常工作,我得到了相同的例外,有很多警告
<?xml version='1.0' encoding='UTF-8'?><!-- Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Metro/2.2-b13 (branches/2.2-6964; 2012-01-09T18:04:18+0000) JAXWS-RI/2.2.6-promoted-b20 JAXWS/2.2 svn-revision#unknown. --><!-- Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Metro/2.2-b13 (branches/2.2-6964; 2012-01-09T18:04:18+0000) JAXWS-RI/2.2.6-promoted-b20 JAXWS/2.2 svn-revision#unknown. -->
<definitions xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://ejb/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://ejb/" name="custom_ws" xmlns:sc="http://schemas.sun.com/2006/03/wss/client" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
<types>
<xsd:schema>
<xsd:import namespace="http://ejb/" schemaLocation="http://myurl.net:8080/custom_ws/custom_ws?xsd=1"/>
</xsd:schema>
</types>
<message name="hmd">
<part name="parameters" element="tns:hmd"/>
</message>
<message name="hmdResponse">
<part name="parameters" element="tns:hmdResponse"/>
</message>
<portType name="custom_ws">
<operation name="hmd">
<input wsam:Action="http://ejb/custom_ws/hmdRequest" message="tns:hmd"/>
<output wsam:Action="http://ejb/custom_ws/hmdResponse" message="tns:hmdResponse"/>
</operation>
</portType>
<binding name="custom_wsPortBinding" type="tns:custom_ws">
<wsp:PolicyReference URI="#custom_wsPortBindingPolicy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
<operation name="hmd">
<soap:operation soapAction=""/>
<input>
<soap:body use="literal"/>
</input>
<output>
<soap:body use="literal"/>
</output>
</operation>
</binding>
<service name="custom_ws">
<port name="custom_wsPort" binding="tns:custom_wsPortBinding">
<soap:address location="http://my_url.net:8080/custom_ws/custom_ws"/>
</port>
</service>
<wsp:Policy wsu:Id="custom_wsPortBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsam:Addressing wsp:Optional="false"/>
<wsp:SymmetricBinding>
<wsp:Policy>
<wsp:ProtectionToken>
<wsp:Policy>
<wsp:X509Token wsp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<wsp:WssX509V3Token10/>
<wsp:RequireIssuerSerialReference/>
</wsp:Policy>
</wsp:X509Token>
</wsp:Policy>
</wsp:ProtectionToken>
<wsp:Layout>
<wsp:Policy>
<wsp:Strict/>
</wsp:Policy>
</wsp:Layout>
<wsp:IncludeTimestamp/>
<wsp:OnlySignEntireHeadersAndBody/>
<wsp:AlgorithmSuite>
<wsp:Policy>
<wsp:Basic128/>
</wsp:Policy>
</wsp:AlgorithmSuite>
</wsp:Policy>
</wsp:SymmetricBinding>
<wsp:Wss11>
<wsp:Policy>
<wsp:MustSupportRefIssuerSerial/>
<wsp:MustSupportRefThumbprint/>
<wsp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</wsp:Wss11>
<wsp:SignedEncryptedSupportingTokens>
<wsp:Policy>
<wsp:UsernameToken wsp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<wsp:WssUsernameToken10/>
</wsp:Policy>
</wsp:UsernameToken>
</wsp:Policy>
</wsp:SignedEncryptedSupportingTokens>
<sc:TrustStore wspp:visibility="private" location="C:\glassfish312\glassfish\domains\domain1\config\cacerts.jks" type="JKS" storepass="changeit" peeralias="xws-security-server"/>
<sc:CallbackHandlerConfiguration wspp:visibility="private">
<sc:CallbackHandler name="usernameHandler" classname="Gui.ociCallBackHandler"/>
<sc:CallbackHandler name="passwordHandler" classname="Gui.ociCallBackHandler"/>
</sc:CallbackHandlerConfiguration>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</definitions>
警告 delted导致空间不足
编辑3 这是第二次使用xml客户端文件:
<?xml version='1.0' encoding='UTF-8'?><!-- Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Metro/2.2-b13 (branches/2.2-6964; 2012-01-09T18:04:18+0000) JAXWS-RI/2.2.6-promoted-b20 JAXWS/2.2 svn-revision#unknown. --><!-- Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Metro/2.2-b13 (branches/2.2-6964; 2012-01-09T18:04:18+0000) JAXWS-RI/2.2.6-promoted-b20 JAXWS/2.2 svn-revision#unknown. -->
<definitions xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://ejb/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://ejb/" name="custom_ws" xmlns:sc="http://schemas.sun.com/2006/03/wss/client" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
<types>
<xsd:schema>
<xsd:import namespace="http://ejb/" schemaLocation="http://my_url.net:8080/custom_ws/custom_ws?xsd=1"/>
</xsd:schema>
</types>
<message name="hmd" />
<message name="hmdResponse" />
<portType name="custom_ws">
<operation name="hmd">
<input message="tns:hmd" />
<output message="tns:hmdResponse" />
</operation>
</portType>
<binding name="custom_wsPortBinding" type="tns:custom_ws">
<wsp:PolicyReference URI="#custom_wsPortBindingPolicy" />
<operation name="hmd">
<input>
<wsp:PolicyReference URI="#custom_wsPortBinding_hmd_Input_Policy" />
</input>
<output>
<wsp:PolicyReference URI="#custom_wsPortBinding_hmd_Output_Policy" />
</output>
</operation>
</binding>
<service name="custom_ws">
<port name="custom_wsPort" binding="tns:custom_wsPortBinding" />
</service>
<wsp:Policy wsu:Id="custom_wsPortBindingPolicy">
<wsp:All>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<sc:TrustStore wspp:visibility="private" location="C:\glassfish312\glassfish\domains\domain1\config\cacerts.jks" type="JKS" storepass="changeit" peeralias="xws-security-server" />
<sc:CallbackHandlerConfiguration wspp:visibility="private">
<sc:CallbackHandler name="usernameHandler" classname="Gui.ociCallBackHandler" />
<sc:CallbackHandler name="passwordHandler" classname="Gui.ociCallBackHandler" />
</sc:CallbackHandlerConfiguration>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<wsam:Addressing wsp:Optional="false" />
<wsp:SymmetricBinding>
<wsp:Policy>
<wsp:ProtectionToken>
<wsp:Policy>
<wsp:X509Token wsp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<wsp:WssX509V3Token10 />
<wsp:RequireIssuerSerialReference />
</wsp:Policy>
</wsp:X509Token>
</wsp:Policy>
</wsp:ProtectionToken>
<wsp:Layout>
<wsp:Policy>
<wsp:Strict />
</wsp:Policy>
</wsp:Layout>
<wsp:IncludeTimestamp />
<wsp:OnlySignEntireHeadersAndBody />
<wsp:AlgorithmSuite>
<wsp:Policy>
<wsp:Basic128 />
</wsp:Policy>
</wsp:AlgorithmSuite>
</wsp:Policy>
</wsp:SymmetricBinding>
<wsp:Wss11>
<wsp:Policy>
<wsp:MustSupportRefIssuerSerial />
<wsp:MustSupportRefThumbprint />
<wsp:MustSupportRefEncryptedKey />
</wsp:Policy>
</wsp:Wss11>
<wsp:SignedEncryptedSupportingTokens>
<wsp:Policy>
<wsp:UsernameToken wsp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<wsp:WssUsernameToken10 />
</wsp:Policy>
</wsp:UsernameToken>
</wsp:Policy>
</wsp:SignedEncryptedSupportingTokens>
<sc:KeyStore wspp:visibility="private" location="C:\glassfish312\glassfish\domains\domain1\config\keystore.jks" type="JKS" storepass="changeit" alias="xws-security-server" />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsp:All>
</wsp:Policy>
<wsp:Policy wsu:Id="custom_wsPortBinding_hmd_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
<wsp:EncryptedParts>
<wsp:Body />
</wsp:EncryptedParts>
<wsp:SignedParts>
<wsp:Body />
<wsp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<wsp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<wsp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<wsp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
</wsp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="custom_wsPortBinding_hmd_Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
<wsp:EncryptedParts>
<wsp:Body />
</wsp:EncryptedParts>
<wsp:SignedParts>
<wsp:Body />
<wsp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
<wsp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<wsp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<wsp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<wsp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
</wsp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</definitions>
答案 0 :(得分:1)
Whoaaa。客户端wsdl没有ws-sec-policy。客户应该如何知道使用它?客户端和服务器wsdl必须完全相同,除了一些实现细节。 (例如,passwordcallback处理程序类名,但这些可以从客户端隐藏)
始终使用已发布的wsdl作为客户端,否则wsdl的整个合同毫无意义:客户端和服务器将使用不同的语言进行交谈。
使用客户端上的原始wsdl并将回调特定策略放在wsit.xml中。
编辑:
没有自动wsit合并(我猜你使用CXF,因为Metro会为你完成它),你必须手动合并:
<?xml version="1.0" encoding="UTF-8"?>
<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="custom_ws" targetNamespace="http://ejb/" xmlns:tns="http://ejb/" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:fi="http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service" xmlns:tcp="http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:sc="http://schemas.sun.com/2006/03/wss/server" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
<message name="hmd" />
<message name="hmdResponse" />
<portType name="custom_ws">
<operation name="hmd">
<input message="tns:hmd" />
<output message="tns:hmdResponse" />
</operation>
</portType>
<binding name="custom_wsPortBinding" type="tns:custom_ws">
<wsp:PolicyReference URI="#custom_wsPortBindingPolicy" />
<operation name="hmd">
<input>
<wsp:PolicyReference URI="#custom_wsPortBinding_hmd_Input_Policy" />
</input>
<output>
<wsp:PolicyReference URI="#custom_wsPortBinding_hmd_Output_Policy" />
</output>
</operation>
</binding>
<service name="custom_ws">
<port name="custom_wsPort" binding="tns:custom_wsPortBinding" />
</service>
<wsp:Policy wsu:Id="custom_wsPortBindingPolicy">
<wsp:All>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<sc:TrustStore wspp:visibility="private" location="C:\glassfish312\glassfish\domains\domain1\config\cacerts.jks" type="JKS" storepass="changeit" peeralias="xws-security-server" />
<sc:CallbackHandlerConfiguration wspp:visibility="private">
<sc:CallbackHandler name="usernameHandler" classname="Gui.ociCallBackHandler" />
<sc:CallbackHandler name="passwordHandler" classname="Gui.ociCallBackHandler" />
</sc:CallbackHandlerConfiguration>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<wsam:Addressing wsp:Optional="false" />
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10 />
<sp:RequireIssuerSerialReference />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefIssuerSerial />
<sp:MustSupportRefThumbprint />
<sp:MustSupportRefEncryptedKey />
</wsp:Policy>
</sp:Wss11>
<sp:SignedEncryptedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedEncryptedSupportingTokens>
<sc:KeyStore wspp:visibility="private" location="C:\glassfish312\glassfish\domains\domain1\config\keystore.jks" type="JKS" storepass="changeit" alias="xws-security-server" />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsp:All>
</wsp:Policy>
<wsp:Policy wsu:Id="custom_wsPortBinding_hmd_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body />
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="custom_wsPortBinding_hmd_Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body />
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
<sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" />
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</definitions>
希望它能奏效。请注意包含客户端策略。这可能看起来很奇怪,但最终这一切都有道理。
请参阅http://www.w3.org/TR/ws-policy/以获取完整参考。