如何使用WS Security设置Web Service Client

时间:2014-10-17 19:26:31

标签: mule mule-studio

我有一个带有WS安全性的web服务如下: - 

<!-- Authentication security-->
 <mule-ss:security-manager>
        <mule-ss:delegate-security-provider name="memory-provider" delegate-ref="authenticationManager" />
    </mule-ss:security-manager>
    <spring:beans>
        <ss:authentication-manager alias="authenticationManager">
            <ss:authentication-provider>
                <ss:user-service id="userService">
                    <ss:user name="${username1}" password="${password1}" authorities="ROLE_ADMIN" />
                </ss:user-service>
            </ss:authentication-provider>
        </ss:authentication-manager>
    </spring:beans>

<cxf:ws-security name="inboundSecurityConfig">
<cxf:mule-security-manager /> <!-- Reading username and password from spring beans  -->
<cxf:ws-config>
<cxf:property key="action" value="UsernameToken" />
</cxf:ws-config>
</cxf:ws-security>

<!-- Authentication security ends-->


<flow name="securedBrewSoapService">
<http:inbound-endpoint exchange-pattern="request-response" host="localhost" port="8090" path="designation" doc:name="HTTP">
<cxf:jaxws-service serviceClass="com.getdesignation.test.services.schema.maindata.v1.GetDesignation">
<cxf:ws-security ref="inboundSecurityConfig"/>
</cxf:jaxws-service>
</http:inbound-endpoint>
<component class="com.getdesignation.test.services.schema.maindata.v1.Impl.GetDesignationImpl" />
</flow>

现在这很好..但问题出在客户端: - 

<flow name="SecurityClientFlow2" doc:name="SecurityClientFlow2">
<http:inbound-endpoint doc:name="HTTP Inbound Endpoint" exchange-pattern="request-response" host="localhost" path="client" port="63080"/>
<set-payload doc:name="Set Payload" value="#[import com.getdesignation.test.services.schema.maindata.v1.*; dRequest = new DesignationRequest();dRequest.designationCode = ${code};dRequest]"/> 

<cxf:jaxws-client doc:name="SOAP" serviceClass="com.getdesignation.test.services.schema.maindata.v1.GetDesignation" operation="getDesignationValue" port="GetDesignationPort" >
  <cxf:ws-security ref="inboundSecurityConfig"/>
</cxf:jaxws-client>

<http:outbound-endpoint exchange-pattern="request-response" host="localhost" port="8090" path="designation" doc:name="HTTP"/>

<mulexml:object-to-xml-transformer doc:name="Object to XML"/>
<logger message="#[System.getProperty('line.separator')+message.payload]" level="INFO" doc:name="JSON Logging"/>
<set-payload doc:name="Set Payload" value="#[message.payload]"/>  

</flow>

它提供以下例外: - 

WARN  2014-10-18 00:40:05,534 [[SOAPSecurity2].connector.http.mule.default.receiver.03] org.apache.cxf.phase.PhaseInterceptorChain: Interceptor for {http://services.test.getDesignation.com/schema/MainData/V1}GetDesignationService#{http://services.test.getDesignation.com/schema/MainData/V1}getDesignationValue has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: Empty username for specified action.
    at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:226)
    at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
    at org.mule.module.cxf.transport.MuleUniversalConduit$1.write(MuleUniversalConduit.java:143)
    at org.mule.transport.http.StreamPayloadRequestEntity.writeRequest(StreamPayloadRequestEntity.java:35)
    at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
    at org.mule.transport.http.HttpClientMessageDispatcher.execute(HttpClientMessageDispatcher.java:144)
    at org.mule.transport.http.HttpClientMessageDispatcher.doSend(HttpClientMessageDispatcher.java:279)
    at org.mule.transport.AbstractMessageDispatcher.process(AbstractMessageDispatcher.java:84)
    at org.mule.transport.AbstractConnector$DispatcherMessageProcessor.process(AbstractConnector.java:2636)
    at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
    at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:58)
    at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:44)
    at org.mule.processor.AbstractInterceptingMessageProcessorBase.processNext(AbstractInterceptingMessageProcessorBase.java:102)
    at org.mule.module.cxf.CxfOutboundMessageProcessor.processNext(CxfOutboundMessageProcessor.java:160)
    at org.mule.module.cxf.transport.MuleUniversalConduit.processNext(MuleUniversalConduit.java:345)
    at org.mule.module.cxf.transport.MuleUniversalConduit.dispatchMuleMessage(MuleUniversalConduit.java:248)
    at org.mule.module.cxf.transport.MuleUniversalConduit$2.handleMessage(MuleUniversalConduit.java:190)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:462)
    at org.mule.module.cxf.CxfOutboundMessageProcessor.doSendWithClient(CxfOutboundMessageProcessor.java:236)
    at org.mule.module.cxf.CxfOutboundMessageProcessor.process(CxfOutboundMessageProcessor.java:123)
    at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
    at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:58)
    at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:44)
    at org.mule.processor.chain.SimpleMessageProcessorChain.doProcess(SimpleMessageProcessorChain.java:43)
    at org.mule.processor.chain.AbstractMessageProcessorChain.process(AbstractMessageProcessorChain.java:67)
    at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
    at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:44)
    at org.mule.processor.AbstractInterceptingMessageProcessorBase.processNext(AbstractInterceptingMessageProcessorBase.java:102)
    at org.mule.endpoint.outbound.OutboundResponsePropertiesMessageProcessor.process(OutboundResponsePropertiesMessageProcessor.java:35)
    at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
    at org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:58)
    at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:44)
    at org.mule.processor.chain.SimpleMessageProcessorChain.doProcess(SimpleMessageProcessorChain.java:43)
    at org.mule.processor.chain.AbstractMessageProcessorChain.process(AbstractMessageProcessorChain.java:67)
    at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
    at org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:44)

Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
 at [row,col {unknown-source}]: [1,0]
    at com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:677)
    at com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java:2116)
    at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:2022)
    at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1114)
    at com.ctc.wstx.sr.BasicStreamReader.nextTag(BasicStreamReader.java:1137)
    at org.apache.cxf.binding.soap.saaj.SAAJInInterceptor$SAAJPreInInterceptor.handleMessage(SAAJInInterceptor.java:125)
    ... 54 more
INFO  2014-10-18 00:40:05,725 [[SOAPSecurity2].connector.http.mule.default.receiver.03] org.mule.transport.http.HttpClientMessageDispatcher: Received a redirect, but followRedirects=false. Response code: 500 Internal Server Error
ERROR 2014-10-18 00:40:05,745 [[SOAPSecurity2].connector.http.mule.default.receiver.03] org.mule.exception.DefaultMessagingExceptionStrategy: 
********************************************************************************
Message               : Empty username for specified action.. Failed to route event via endpoint: org.mule.module.cxf.CxfOutboundMessageProcessor. Message payload is of type: PostMethod
Code                  : MULE_ERROR--2
--------------------------------------------------------------------------------
Exception stack is:
1. Empty username for specified action. (org.apache.cxf.binding.soap.SoapFault)
  org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal:226 (null)
2. Empty username for specified action.. Failed to route event via endpoint: org.mule.module.cxf.CxfOutboundMessageProcessor. Message payload is of type: PostMethod (org.mule.api.transport.DispatchException)
  org.mule.module.cxf.CxfOutboundMessageProcessor:142 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/transport/DispatchException.html)
--------------------------------------------------------------------------------
Root Exception stack trace:
org.apache.cxf.binding.soap.SoapFault: Empty username for specified action.
    at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:226)
    at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
    + 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************

请帮助..如何使用WS安全性设置客户端

1 个答案:

答案 0 :(得分:1)

对CXF使用以下内容:WS-CONFIG作为cxf中安全性的一部分:jaxws-client 

<cxf:ws-security>
    <cxf:ws-config>
        <cxf:property key="action" value="UsernameToken" />
        <cxf:property key="passwordType"  value="PasswordText" />
        <cxf:property key="user" value="${username}" />
        <cxf:property key="passwordCallbackClass" value="client.ClientPasswordCallback" />
    </cxf:ws-config>
</cxf:ws-security>

密码回调应该是

public class ClientPasswordCallback implements CallbackHandler {

    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
        if ("sampleusername".equals(pc.getIdentifier())) {
           pc.setPassword("samplepassword");               
        }
    }

}

希望这有帮助。

相关问题
最新问题