wss4j的Apache CXF Web服务安全性问题

时间:2015-11-02 09:50:56

标签: java eclipse web-services soap cxf

我在eclipse juno中使用Dynamic web project创建了Apache CXF 2.7 Web服务。然后我试图通过java应用程序访问服务类。

实际上按照这个http://www.codeproject.com/Articles/867391/JAX-WS-Using-Apache-CXF-to-Create-a-Bottom-Up-Web教程完成了样本。

当我尝试使用WSS4J实现Web安全性时,抛出以下异常(在Inbound Message上)。

Nov 02, 2015 2:54:36 PM org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromClass
INFO: Creating Service {http://utility.math.com/}MathUtilityService from class com.schema.mathutility.MathUtility
Nov 02, 2015 2:54:38 PM org.apache.cxf.services.MathUtilityService.MathUtilityPort.MathUtility
INFO: Outbound Message
---------------------------
ID: 1
Address: http://localhost:8080/MathUtility/services/MathUtilityPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml
Headers: {Accept=[*/*], SOAPAction=[""]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
      <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-98D5A142D3761BF18514464562778941">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <wsse:SecurityTokenReference>
            <ds:X509Data>
              <ds:X509IssuerSerial>
                <ds:X509IssuerName>CN=testkey</ds:X509IssuerName>
                <ds:X509SerialNumber>924807310</ds:X509SerialNumber>
              </ds:X509IssuerSerial>
            </ds:X509Data>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
        <xenc:CipherData>
          <xenc:CipherValue>Tmc/KDTSjrw4A5Gt/qB+M43CHA2U0INmZeu6qWIu8LJ6bqnC1aVxTYKtRgZwFe0cWtocOR3LLT3V43gR50VOAtgPfOt/+TqKD9GlUn3uVb/nJRBV6ZeUMje0qFySWMPycriNj6vQD73aScc31X8TSJ1MNltOjXGkCds8/aemwdqfRXcTsS5y/4Q27lQ/s5mS5kUDNcyNxe/MojboXa3hNxH5OZIlG4eZEihymHJoPCl7B+6w28VHNn7AsMafz0ZVOsuZ8p67YG8tyjlo22ry0r3iaGNKIBJXu+leizxbZgsnYj2uTNTn/qDvQWRdpR8QqEY3EDUEuzLXOQwDVKtT/w==</xenc:CipherValue>
        </xenc:CipherData>
        <xenc:ReferenceList>
          <xenc:DataReference URI="#ED-98D5A142D3761BF18514464562779252"/>
        </xenc:ReferenceList>
      </xenc:EncryptedKey>
    </wsse:Security>
  </SOAP-ENV:Header>
  <soap:Body>
    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-98D5A142D3761BF18514464562779252" Type="http://www.w3.org/2001/04/xmlenc#Content">
      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
          <wsse:Reference URI="#EK-98D5A142D3761BF18514464562778941"/>
        </wsse:SecurityTokenReference>
      </ds:KeyInfo>
      <xenc:CipherData>
        <xenc:CipherValue>xzKmQwVyEivwb2I3yT4WOGvVbJri3OC8Gk6QM8y/1zbSQ8RgF65O5HnMNDcC0YzHkBlWCURpDTeXPkPGe9c2ii0kLt/hiNZKHLyiIwf6aYkMPoWIowIiEUKTXYLOJsarP2bt2mh+BKNUxYL4uHL9kA==</xenc:CipherValue>
      </xenc:CipherData>
    </xenc:EncryptedData>
  </soap:Body>
</soap:Envelope>

--------------------------------------
Nov 02, 2015 2:54:38 PM org.apache.cxf.services.MathUtilityService.MathUtilityPort.MathUtility
INFO: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml;charset=UTF-8
Headers: {connection=[close], content-type=[text/xml;charset=UTF-8], Date=[Mon, 02 Nov 2015 09:24:38 GMT], Server=[Apache-Coyote/1.1], transfer-encoding=[chunked]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <soap:Fault>
      <faultcode>soap:Client</faultcode>
      <faultstring>An error was discovered processing the &lt;wsse:Security> header.</faultstring>
    </soap:Fault>
  </soap:Body>
</soap:Envelope>

--------------------------------------
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error was discovered processing the <wsse:Security> header.
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158)
    at com.sun.proxy.$Proxy37.factorial(Unknown Source)
    at com.mathutility.test.TestMathUtility.main(TestMathUtility.java:57)
Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the <wsse:Security> header.
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)
    at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
    at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
    at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:849)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1632)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1520)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318)
    at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
    at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:223)
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:633)
    at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:136)
    ... 2 more

帮我解决问题。

1 个答案:

答案 0 :(得分:-1)

您需要查看服务器端日志以查看堆栈跟踪的内容。