我在Java中实施 Web服务客户端,它使用Apache CXF 3.1.1 + wss4j 2.2.1 来运行 JBOSS中的WS-Security EAP 6.3 环境。
我已在 WSS4JInInterceptor 中设置以下属性,以便通过以下方式进行签名验证:
org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(service);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String,Object> inProps = new HashMap<String,Object>();
inProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.TIMESTAMP + " ");
inProps.put(WSHandlerConstants.SIG_PROP_FILE, merlin.properties");
inProps.put(WSHandlerConstants.DEC_PROP_FILE, "merlin.properties");
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
try {
result = call service...
}
通过这种方式我得到了这个例外: [org.apache.cxf.ws.policy.PolicyVerificationInInterceptor]入站政策验证失败:无法满足这些政策选择:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}WssX509V3Token10
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic128
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Strict
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}OnlySignEntireHeadersAndBody
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}WssX509v3Token10
wsdl公开服务器端的政策部分如下:
<wsp:Policy wsu:Id="ExamplePolicy">
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts>
<sp:Body/>
</sp:SignedParts>
<sp:SupportingTokens>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509v3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:Policy>
</wsdl:definitions>
答案 0 :(得分:2)
您正在使用非策略感知的WSS4JInInterceptor类。您需要使用PolicyBasedWSS4JInInterceptor类。请注意,这与WSS4JInInterceptor的配置不同。见这里:http://cxf.apache.org/docs/ws-securitypolicy.html