我有这样的代码:
private WSSecurityEngine engine = new WSSecurityEngine();
private CallbackHandler callbackHandler = new UsernamePasswordCallbackHandler();
@Test
public void testWss4jEngine() {
InputStream in = getClass().getClassLoader().getResourceAsStream("soap/soapWithUsernameTokenRequest.xml");
DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder docBuilder;
Document doc = null;
try {
docBuilder = builderFactory.newDocumentBuilder();
doc = docBuilder.parse(in);
} catch (Exception e) {
LOG.error("Error parsing incoming request. Probably it is not a valid XML/SOAP message.", e);
return;
}
List<WSSecurityEngineResult> results = null;
try {
results = engine.processSecurityHeader(doc, null, callbackHandler, null);
} catch (WSSecurityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// the following line raises a NullPointerException
WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.UT);
UsernameToken receivedToken = (UsernameToken) actionResult.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
Assert.assertTrue(receivedToken != null);
}
传递给WSS4j引擎的文件中的SOAP消息是:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
SOAP-ENV:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-2">
<wsse:Username>wernerd</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">+dCtKLCG5+uDxNM8tLh8BSQSqgY=</wsse:Password>
<wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">lZlpivFFQ3nhpp2Wf6pu+g==</wsse:Nonce>
<wsu:Created>2012-07-10T15:25:46.627Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<tem:Add xmlns:tem="http://tempuri.org/">
<tem:a>1</tem:a>
<tem:b>2</tem:b>
</tem:Add>
</SOAP-ENV:Body>
在我看来,这是一个完全兼容的WS-Security UsernameToken消息!
但是,engine.processSecurityHeader()不会返回任何安全结果。结果变量保持为null,然后在下一行中引发NPE。这是堆栈跟踪:
java.lang.NullPointerException
at org.apache.ws.security.util.WSSecurityUtil.fetchActionResult(WSSecurityUtil.java:845)
at de.justworks.wssproxy.servlet.test.WssProxyServletTestIT.testWss4jEngine(WssProxyServletTestIT.java:121)
at org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:76)
任何人都知道我做错了什么?
由于 弗兰克
答案 0 :(得分:4)
万岁!
发现问题。
这是设置
builderFactory.setNamespaceAware(true)
您必须为文档构建器工厂设置!
干杯! 弗兰克