我正在尝试实现消息级加密。具体而言,SOAP消息的主体将被加密。 我正在尝试加密从客户端到Web服务的流量。
客户端成功发送加密数据:
UTF-8
Content-Type: text/xml
Headers: {Accept=[*/*], SOAPAction=[""]}
Payload: <?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-2F22184B9EAAC6244514331031642721">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=testkey</ds:X509IssuerName>
<ds:X509SerialNumber>1940918168</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>n6hH/RHguV2YCqZxI2Sq+X6hnaDm/OSUJsNRvcsxEHZw6lpdR+JitcbEfdv2huhsQ0HbtGjj0dfOa9pOCiwuaZW5wdR2Nq8kq85lZ4g2l/rHkGBRch19/P2oT0wXHIh/qQRHSqDhBg4bUrLKlzw+mA/H8SZimFvUz5xymwzKaQcv8puc0r9yKukQRmKVCjiS7enBznN0PdAfoitKdJYIm44/UaXa+CLwySPAw1cHpETAWoKclMqtL8Wgs9cN8+aYCmbC8kSDS+DURXMWc8ilVcirrYVrPAyEVZIX/NE9Pe8SIQmfgD5GHdFaIOPYcmf0i1w4/YQdTxzCFIXlwNkI0w==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-2F22184B9EAAC6244514331031642892"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
</SOAP-ENV:Header>
<soap:Body>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-2F22184B9EAAC6244514331031642892" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<wsse:Reference URI="#EK-2F22184B9EAAC6244514331031642721"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>PNHM0fKuMOHtpm0rGSpR0siGeiFRz/4Dwgwauwe2C6usChfH5a7PDXimplOvYSKE9d8zTNXie3tDMfprHLS/hPD0vABlSGA4haGMYrelFKNgAU8BhXbBfrQimD7e8ue6gV/BBwAGa0rgoExPYJQh0w==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
But the web service response is bad:
NFORMACIÓN: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml;charset=UTF-8
Headers: {connection=[close], content-type=[text/xml;charset=UTF-8], Date=[Sun, 31 May 2015 20:12:44 GMT], Server=[Apache-Coyote/1.1], transfer-encoding=[chunked]}
Payload: <?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>The resource path [cxf-ehcache.xml] is not valid</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
--------------------------------------
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The resource path [cxf-ehcache.xml] is not valid
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158)
at com.sun.proxy.$Proxy37.factorial(Unknown Source)
at com.mathutility.test.TestMathUtility.main(TestMathUtility.java:57)
Caused by: org.apache.cxf.binding.soap.SoapFault: The resource path [cxf-ehcache.xml] is not valid
我正在使用: Apache Tomcat 8和Apache CXF 2.6.13
答案 0 :(得分:0)
事实证明,tomcat8不喜欢不以/开头的资源。因此,您需要在默认资源(cxf-ehcache.xml)前加上“/”前缀。答案在CXF mail archives中给出。
您需要做的是设置属性ws-security.cache.config.file,以便将默认值(cxf-ehcache.xml)替换为“/cxf-ehcache.xml”,如下所述CXF documentation
您可以通过在您的CXF XML配置中添加端点bean声明下的属性来执行此操作:
<jaxws:endpoint
id="your id"
...
<jaxws:properties>
...
<entry key="ws-security.cache.config.file" value="/cxf-ehcache.xml"/>
</jaxws:properties>
</jaxws:endpoint>