使用CXF STS-STS客户端示例我按照https://web-gmazza.rhcloud.com/blog/entry/cxf-sts-tutorial上的示例进行操作,示例代码位于https://github.com/sampleref/CXFSecurity以供参考。在调试时,我发现STS提供商的错误如下所示
<<||2014-07-13 18:26:50,286||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.UsernameTokenProcessor:50||||>> Found UsernameToken list element
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.validate.UsernameTokenValidator:78||||>> UsernameToken user alice
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.validate.UsernameTokenValidator:79||||>> UsernameToken password type http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
<<||2014-07-13 18:26:50,287||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:115||||>> Found signature element
<<||2014-07-13 18:26:50,288||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:380||||>> Verify XML Signature
<<||2014-07-13 18:26:50,292||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:428||||>> XML Signature verification has failed
<<||2014-07-13 18:26:50,292||http-apr-8080-exec-3|DEBUG|org.apache.ws.security.processor.SignatureProcessor:431||||>> Signature Validation check: false
请提供一些意见,这对我来说非常重要。我在STS客户端发布了更详细的错误 CXF STS client throws Request does not contain Security header/Response message does not contain WS-Addressing properties
答案 0 :(得分:0)
问题是您没有在STS中提供私钥的密码。因此,例如,将以下内容添加到StsPasswordCallbackHandler可使解密工作:
x509Passwords.put(“stskeyalias”,“stskeypassword”);
您还需要从STS pom中删除BouncyCastle依赖项。
科尔姆。
答案 1 :(得分:0)
我认为问题https://issues.apache.org/jira/browse/CXF-5679和https://issues.apache.org/jira/browse/CXF-5724会产生问题。我使用了CXF 3.0.0版,现在能够获得SAML断言
由于