我正在使用axis2 1.6.4开发Web服务,使用eclipse europa ide进行传输级安全性和用户名令牌身份验证。我创建了Web服务并部署到axis2.Its在本地项目上成功运行,但是当我在axis2服务器上运行时它的显示错误 “缺少wsse:请求中的安全标头”。所以请告诉我这个问题的任何解决方案。 这是我的services.xml
<service name="Temp_Secure" >
<Description>
Please Type your service description here
</Description>
<messageReceivers>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only" class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver" />
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out" class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</messageReceivers>
<parameter name="ServiceClass" locked="false">rampart.service.Temp_Secure</parameter>
<module ref="addressing"/>
<module ref="rampart"/>
<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:passwordCallbackClass>rampart.service.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
这是客户端代码
public static void main(String[] args) throws XMLStreamException {
ConfigurationContext ctx = null;
System.setProperty("javax.net.ssl.trustStore", "C:/Program Files/Java/jdk1.7.0/bin/server1.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "admin1");
try {
ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("../Ws-Client/WebContent/WEB-INF", "../Ws-Client/WebContent/WEB-INF/conf/axis2.xml");
} catch (AxisFault e) {
// TODO Auto-generated catch block
System.err.println(e.getMessage());
}
Temp_SecureStub stub = null;
try {
stub = new Temp_SecureStub(ctx,"https://localhost:8443/axis2/services/Temp_Secure");
} catch (AxisFault e) {
// TODO Auto-generated catch block
System.err.println(e.getMessage());
}
ServiceClient sc = stub._getServiceClient();
try {
sc.engageModule("rampart");
} catch (AxisFault e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
Options options = sc.getOptions();
options.setUserName("apache");
options.setPassword("admin1");
float celciusValue = 0;
float farnht = 0;
try {
celciusValue = stub.farenhit2Celcius(100);
farnht = stub.celcius2Farenhit(100);
} catch (RemoteException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("farenhit value for 100 c is : " + celciusValue);
System.out.println("farenhit value for 100 c is : " + farnht);
}
这是客户端axis2.xml
<axisconfig name="AxisJava2.0">
<module ref="rampart"/>
<!-- ================================================= -->
<!-- Parameters -->
<!-- ================================================= -->
<parameter name="hotdeployment">true</parameter>
<parameter name="hotupdate">false</parameter>
<parameter name="enableMTOM">false</parameter>
<parameter name="enableSwA">false</parameter>
<parameter name="EnableChildFirstClassLoading">false</parameter>
<parameter name="exposeServiceMetadata">true</parameter>
<!--This will give out the timout of the configuration contexts, in milliseconds-->
<parameter name="ConfigContextTimeoutInterval">30000</parameter>
<parameter name="sendStacktraceDetailsWithFaults">false</parameter>
<parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
<parameter name="userName">admin</parameter>
<parameter name="password">axis2</parameter>
<parameter name="disableREST" locked="false">false</parameter>
<!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
<parameter name="disableSOAP12" locked="true">false</parameter>
<!--POJO deployer , this will alow users to drop .class file and make that into a service-->
<deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
<deployer extension=".jar" directory="servicejars"
class="org.apache.axis2.jaxws.framework.JAXWSDeployer"/>
<deployer extension=".jar" directory="transports"
class="org.apache.axis2.deployment.TransportDeployer"/>
<parameter name="useGeneratedWSDLinJAXWS">false</parameter>
<!-- The way of adding listener to the system-->
<!-- <listener class="org.apache.axis2.ObserverIMPL">-->
<!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
<!-- </listener>-->
<threadContextMigrators>
<threadContextMigrator listId="JAXWS-ThreadContextMigrator-List"
class="org.apache.axis2.jaxws.addressing.migrator.EndpointContextMapMigrator"/>
</threadContextMigrators>
<messageReceivers>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
<messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
<messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
<messageReceiver mep="http://www.w3.org/ns/wsdl/in-only"
class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
<messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
</messageReceivers>
<messageFormatters>
<messageFormatter contentType="application/x-www-form-urlencoded"
class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
<messageFormatter contentType="multipart/form-data"
class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
<messageFormatter contentType="application/xml"
class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
<messageFormatter contentType="text/xml"
class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
<messageFormatter contentType="application/soap+xml"
class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
</messageFormatters>
<messageBuilders>
<messageBuilder contentType="application/xml"
class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
<messageBuilder contentType="application/x-www-form-urlencoded"
class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
<messageBuilder contentType="multipart/form-data"
class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
</messageBuilders>
<!-- ================================================= -->
<!-- Transport Ins -->
<!-- ================================================= -->
<transportReceiver name="http"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8081</parameter>
</transportReceiver>
<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>
<transportSender name="local"
class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http"
class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL">HTTP/1.1</parameter>
<parameter name="Transfer-Encoding">chunked</parameter>
</transportSender>
<transportSender name="https"
class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL">HTTP/1.1</parameter>
<parameter name="Transfer-Encoding">chunked</parameter>
</transportSender>
<module ref="addressing"/>
<module ref="rampart"/>
<clustering class="org.apache.axis2.clustering.tribes.TribesClusteringAgent" enable="false">
<parameter name="AvoidInitiation">true</parameter>
<parameter name="membershipScheme">multicast</parameter>
<!--
The clustering domain/group. Nodes in the same group will belong to the same multicast
domain. There will not be interference between nodes in different groups.
-->
<parameter name="domain">wso2.carbon.domain</parameter>
<parameter name="synchronizeAll">true</parameter>
<!--
The maximum number of times we need to retry to send a message to a particular node
before giving up and considering that node to be faulty
-->
<parameter name="maxRetries">10</parameter>
<!-- The multicast address to be used -->
<parameter name="mcastAddress">228.0.0.4</parameter>
<!-- The multicast port to be used -->
<parameter name="mcastPort">45564</parameter>
<!-- The frequency of sending membership multicast messages (in ms) -->
<parameter name="mcastFrequency">500</parameter>
<!-- The time interval within which if a member does not respond, the member will be
deemed to have left the group (in ms)
-->
<parameter name="memberDropTime">3000</parameter>
<!--
The IP address of the network interface to which the multicasting has to be bound to.
Multicasting would be done using this interface.
-->
<parameter name="mcastBindAddress">127.0.0.1</parameter>
<!-- The host name or IP address of this member -->
<parameter name="localMemberHost">127.0.0.1</parameter>
<!--
The TCP port used by this member. This is the port through which other nodes will
contact this member
-->
<parameter name="localMemberPort">4000</parameter>
<!--
Preserve message ordering. This will be done according to sender order.
-->
<parameter name="preserveMessageOrder">true</parameter>
<!--
Maintain atmost-once message processing semantics
-->
<parameter name="atmostOnceMessageSemantics">true</parameter>
<!--
Properties specific to this member
-->
<parameter name="properties">
<property name="backendServerURL" value="https://${hostName}:${httpsPort}/services/"/>
<property name="mgtConsoleURL" value="https://${hostName}:${httpsPort}/"/>
</parameter>
<members>
<member>
<hostName>127.0.0.1</hostName>
<port>4000</port>
</member>
<member>
<hostName>127.0.0.1</hostName>
<port>4001</port>
</member>
</members>
<groupManagement enable="false">
<applicationDomain name="apache.axis2.application.domain"
description="Axis2 group"
agent="org.apache.axis2.clustering.management.DefaultGroupManagementAgent"/>
</groupManagement>
<nodeManager class="org.apache.axis2.clustering.management.DefaultNodeManager"
enable="true"/>
<stateManager class="org.apache.axis2.clustering.state.DefaultStateManager"
enable="true">
<replication>
<defaults>
<exclude name="local_*"/>
<exclude name="LOCAL_*"/>
</defaults>
<context class="org.apache.axis2.context.ConfigurationContext">
<exclude name="local_*"/>
</context>
<context class="org.apache.axis2.context.ServiceGroupContext">
<exclude name="local_*"/>
</context>
<context class="org.apache.axis2.context.ServiceContext">
<exclude name="local_*"/>
</context>
</replication>
</stateManager>
</clustering>
<!-- ================================================= -->
<!-- Phases -->
<!-- ================================================= -->
<phaseOrder type="InFlow">
<!-- System predefined phases -->
<phase name="Transport">
<handler name="RequestURIBasedDispatcher"
class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
<order phase="Transport"/>
</handler>
<handler name="SOAPActionBasedDispatcher"
class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
<order phase="Transport"/>
</handler>
</phase>
<phase name="Addressing">
<handler name="AddressingBasedDispatcher"
class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
<order phase="Addressing"/>
</handler>
</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>
<phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
<handler name="RequestURIBasedDispatcher"
class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
<handler name="SOAPActionBasedDispatcher"
class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
<handler name="RequestURIOperationDispatcher"
class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
<handler name="SOAPMessageBodyBasedDispatcher"
class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
<handler name="HTTPLocationBasedDispatcher"
class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
<handler name="GenericProviderDispatcher"
class="org.apache.axis2.jaxws.dispatchers.GenericProviderDispatcher"/>
<handler name="MustUnderstandValidationDispatcher"
class="org.apache.axis2.jaxws.dispatchers.MustUnderstandValidationDispatcher"/>
</phase>
<phase name="RMPhase"/>
<!-- System predefined phases -->
<!-- After Postdispatch phase module author or service author can add any phase he want -->
<phase name="OperationInPhase">
<handler name="MustUnderstandChecker"
class="org.apache.axis2.jaxws.dispatchers.MustUnderstandChecker">
<order phase="OperationInPhase"/>
</handler>
</phase>
<phase name="soapmonitorPhase"/>
</phaseOrder>
<phaseOrder type="OutFlow">
<!-- user can add his own phases to this area -->
<phase name="soapmonitorPhase"/>
<phase name="OperationOutPhase"/>
<!--system predefined phase-->
<!--these phase will run irrespective of the service-->
<phase name="RMPhase"/>
<phase name="PolicyDetermination"/>
<phase name="MessageOut"/>
<phase name="Security"/>
</phaseOrder>
<phaseOrder type="InFaultFlow">
<phase name="Addressing">
<handler name="AddressingBasedDispatcher"
class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
<order phase="Addressing"/>
</handler>
</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>
<phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
<handler name="RequestURIBasedDispatcher"
class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
<handler name="SOAPActionBasedDispatcher"
class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
<handler name="RequestURIOperationDispatcher"
class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
<handler name="SOAPMessageBodyBasedDispatcher"
class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
<handler name="HTTPLocationBasedDispatcher"
class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
<handler name="GenericProviderDispatcher"
class="org.apache.axis2.jaxws.dispatchers.GenericProviderDispatcher"/>
<handler name="MustUnderstandValidationDispatcher"
class="org.apache.axis2.jaxws.dispatchers.MustUnderstandValidationDispatcher"/>
</phase>
<phase name="RMPhase"/>
<!-- user can add his own phases to this area -->
<phase name="OperationInFaultPhase"/>
<phase name="soapmonitorPhase"/>
</phaseOrder>
<phaseOrder type="OutFaultFlow">
<!-- user can add his own phases to this area -->
<phase name="soapmonitorPhase"/>
<phase name="OperationOutFaultPhase"/>
<phase name="RMPhase"/>
<phase name="PolicyDetermination"/>
<phase name="MessageOut"/>
<phase name="Security"/>
</phaseOrder>
</axisconfig>
and PWCBHandler class
public class PWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
// Client uses this callbackt o retrieve the password
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
if(pwcb.getIdentifier().equals("apache")) {
pwcb.setPassword("admin1");
return;
}
}
}
}
这里是堆栈跟踪
[ERROR] Missing wsse:Security header in request
org.apache.axis2.AxisFault: Missing wsse:Security header in request
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:186)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at rampart.client.Temp_SecureStub.farenhit2Celcius(Temp_SecureStub.java:451)
at rampart.client.TempConvClient.main(TempConvClient.java:128)
Caused by: org.apache.rampart.RampartException: Missing wsse:Security header in request
at org.apache.rampart.RampartEngine.process(RampartEngine.java:110)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 10 more