我想用JUnit和Apache CXF编写一个简单的集成测试来测试一些支持WS-Security的服务。当我尝试运行我的代码时:
MyService myService = new myWsService(MY_SERVICE_WSDL).getMyWs()
Client client = ClientProxy.getClient(myService);
Map<String, Object> ctx = ((BindingProvider) myService).getRequestContext();
ctx.put("ws-security.callback-handler", new KeystorePasswordCallback());
ctx.put("ws-security.signature.crypto", new MyMerlinImpl());
MyMerlinImpl只是在重写的loadProperties方法中传递所需的Merln。*属性值,
我明白了:
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}WssX509V1Token11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireIssuerSerialReference registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256Sha256 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InclusiveC14N registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Strict registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}OnlySignEntireHeadersAndBody registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}MustSupportRefIssuerSerial registered.
org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.
我做错了什么?这些似乎是相当标准的策略......事实上,我在JBoss EAP 6.1 WS客户端上使用相同的代码并且运行良好。
答案 0 :(得分:2)
你是否在类路径上有cxt-rt-ws-security jar?
科尔姆。
答案 1 :(得分:1)
我自己的两分钱:在我自己的特殊情况下(JAX-WS,WS-Security,WS-SecurityPolicy),在执行client.getConduit()时发生此错误,如下所示:
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
在使用Apache CXF 2.7.18时,上面的代码在运行时没有引发任何异常(尽管以后我还有其他问题)-升级到Apache CXF 3.0.16时,我开始使用断言生成器出现问题。现在,cxt-rt-ws-security JAR在类路径中,但是在此版本的CXF中,似乎WSS4J被拆分为多个JAR,因此我必须从CXF下载包中将wss4j-policy JAR包括到类路径中。
错误保持不变,但是至少一串来自断言生成器的警告消息消失了(没有注册T类型的断言生成器),现在被替换为:
13:45:55,723警告WSSecurityPolicyLoader,main:112-无法加载或注册与WS-SecurityPolicy相关的类。请检查Apache WSS4J(正确的版本)是否在类路径中:org / apache / wss4j / dom / handler / WSHandler
13:45:55,753警告WSSecurityPolicyLoader,main:112-无法加载或注册与WS-SecurityPolicy相关的类。请检查Apache WSS4J(正确的版本)是否在类路径中:org / apache / cxf / ws / security / wss4j / PolicyBasedWSS4JInInterceptor
为了简而言之,我收到了其他警告(我是通过在CXF软件包的lib目录中进行盲grep并逐一包含它们来发现JAR的),
并最终包含所有wss4j-*。jar文件
对getConduit()的调用现在至少可以通过。哇。
答案 2 :(得分:0)
最后通过添加WSS4JOutInterceptor解决了这个问题。似乎在JBoss中这个拦截器是自动添加的......
Client client = ClientProxy.getClient(myService);
Endpoint endpoint = client.getEndpoint()
endpoint.getOutInterceptors().add(new WSS4JOutInterceptor())
答案 3 :(得分:0)
如果WSDL文件中定义的策略是非标准的,那么CXF将无法解析它。因此错误。
有两种方式 - 要么你可以忽略它(如果它可以忽略) 或提供替代提供者。
要忽略 - 创建IgnorablePolicyInterceptorProvider的实例并注册它。
以下是在WSDL中定义的忽略NtlmAuthentication策略的示例。 注意:NtlmAuthentication的处理方式应与设置soap header不同。
Client client = ClientProxy.getClient(port);
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry pipr = bus.getExtension(PolicyInterceptorProviderRegistry.class);
QName ntmlIgnore = new QName("http://schemas.microsoft.com/ws/06/2004/policy/http", "NtlmAuthentication");
interceptorRegProvider.register(new IgnorablePolicyInterceptorProvider(ntmlIgnore));
答案 4 :(得分:0)
Chetan给出的答案,但是,如果您在多个策略中遇到错误,则需要将它们添加到集合中
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry reg = bus.getExtension(PolicyInterceptorProviderRegistry.class);
Set <QName> set = new HashSet<>();
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "IncludeTimestamp") );
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "TransportBinding"));
reg.register(new IgnorablePolicyInterceptorProvider(set));