Question

我是安全标题的新手，我需要你的帮助。我可以通过身份验证进行轴webservices调用，这很容易但是安全性很难。我有以下安全标头，它无法通信，我知道它是由于用户名令牌因为我得到异常：org.apache.ws.security.WSSecurityException：提供了无效的安全令牌（处理用户名令牌时出错）。

这是来自soapui的工作请求：

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-1"> <wsse:Username>tibco-admin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">secret</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">d6zrRrsSdfulAUmTq6VFtQ==</wsse:Nonce> <wsu:Created>2014-01-07T15:55:58.816Z</wsu:Created> </wsse:UsernameToken> </wsse:Security>

这是一个失败的请求：

<wsse:Security xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <wsse:UsernameToken wsu:Id="UsernameToken-2">
     <wsse:Username xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">tibco-admin</wsse:Username>
     <wsse:Password EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">secret</wsse:Password>
     <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">XY7Kb6UcEhloWOlmcbDlGg==</wsse:Nonce>
     <wsse:Created xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">2014-01-07T17:48:39Z</wsse:Created>
 </wsse:UsernameToken>

我的java代码是：

            //set header
            SOAPHeaderElement wsseSecurity =  new SOAPHeaderElement(new PrefixedQName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security", "wsse"));
            wsseSecurity.setMustUnderstand(true);
            wsseSecurity.setAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            wsseSecurity.setActor(null);

            //set userNameToken
            SOAPElement userNameToken = wsseSecurity.addChildElement("UsernameToken", "wsse");
            userNameToken.setAttribute("wsu:Id", "UsernameToken-1");

            //set username
            SOAPElement userName = userNameToken.addChildElement("Username", "wsse");
            userName.setValue("tibco-admin");

            //set password
            SOAPElement password = userNameToken.addChildElement("Password", "wsse");
            password.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
            password.setValue("secret");

            //set nonce
            SOAPElement nonce = userNameToken.addChildElement("Nonce", "wsse");
            nonce.setValue("XY7Kb6UcEhloWOlmcbDlGg==");
            nonce.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");

            //set created
            Calendar c = Calendar.getInstance();
            c.setTime(new Date());
    String timestamp = DatatypeConverter.printDateTime(c);
    timestamp = timestamp.substring(0, 19);
    timestamp = timestamp+"Z";
            SOAPElement created = userNameToken.addChildElement("Created", "wsse");
            created.setValue(timestamp);

            stub.setHeader(wsseSecurity);

            System.out.println(wsseSecurity);
    stub.setUsername("tibco-admin");
    stub.setPassword("secret");

我将nonce的值硬编码用于测试。

非常感谢任何帮助或指示。

Answer 1

我发现了这个问题，我在代码中犯了一个愚蠢的错误，

我将以下属性名称设置为失败的EncodingType。它应该是：

password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");

Answer 2

错误在密码中，

尝试

＆＃34; password.setAttribute（＆＃34; Type ＆＃34;，＆＃34; http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText＆＃34;）; password.setValue（＆＃34;秘密＆＃34;）;＆＃34;

Answer 3

SOAPElement created = userNameToken.addChildElement（＆＃34; Created＆＃34;，＆＃34; wsu＆＃34;，＆＃34; http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd＆＃34;）;

Axis Web服务标头安全密码文本

3 个答案: