使用已在其中定义了WS-SecurityPolicy的WSDL实现了CXF客户端。它工作正常,并且被Web应用程序大量使用。 但我们在perf env中观察到间歇性地将多个wsse:Security头添加到SOAP头中导致失败。它是间歇性的,无法在开发环境中重现它。 这是客户端配置:
<jaxws:client
xmlns:tns="http://ws.soa.com/service/XYZ/XYZService/"
name="XYZPort" address="${XYZService.endPoint}"
serviceClass="com.soa.ws.service.XYZ.XYZService.XYZPortType"
serviceName="tns:XYZService">
<jaxws:properties>
<entry key="ws-security.username" value="${XYZService.auth.username}" />
<entry key="ws-security.callback-handler" value-ref="XYZServicePasswordCallback" />
</jaxws:properties>
<jaxws:inInterceptors>
<ref bean="logInBound" />
<ref bean="XYZServiceSOAPResponseInterceptor" />
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="logOutBound" />
<ref bean="XYZServiceSOAPRequestInterceptor" />
</jaxws:outInterceptors>
</jaxws:client>
<bean id="XYZServicePasswordCallback" class="com.services.client.XYZ.XYZServiceClientPasswordCallback" >
<property name="username" value="${XYZService.auth.username}" />
<property name="password" value="${XYZService.auth.password}" />
<!-- Decrypt key defined in keyfile.properties -->
<property name="secretKey" value="${key}" />
</bean>
这是Intermitttent问题。安全标头添加了两次
<soap:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-33466425961" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XYZPwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-33466425962" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XYZPwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>