Question

拥有WSO2 ESB 4.9.0，是否可以启用客户端WS-Security，为端点设置策略，外部（后端）服务返回MTOM附件？

要求：外部后端服务要求签名请求并返回（可选）MTOM响应，该响应未签名（普通）。

一旦Rampart模块启用且入站策略生效，响应就不会通过一个简单的代理，但有以下异常：

Caused by: org.apache.ws.security.WSSecurityException: Error in converting SOAP Envelope to Document; nested exception is:
        org.apache.axiom.om.OMException: javax.xml.stream.XMLStreamException: Expected xop:Include as the sole child of an element information item (see section 3.2 of http://www.w3.org/TR/xop10/)
        at org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:149)
        at org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:268)
        ... 11 more
Caused by: org.apache.axiom.om.OMException: javax.xml.stream.XMLStreamException: Expected xop:Include as the sole child of an element information item (see section 3.2 of http://www.w3.org/TR/xop10/)
        at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:296)
        at org.apache.axiom.om.impl.llom.OMSerializableImpl.build(OMSerializableImpl.java:78)
        at org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:722)
        at org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:84)
        ... 12 more
Caused by: javax.xml.stream.XMLStreamException: Expected xop:Include as the sole child of an element information item (see section 3.2 of http://www.w3.org/TR/xop10/)
        at org.apache.axiom.util.stax.xop.XOPDecodingStreamReader.next(XOPDecodingStreamReader.java:187)
        at org.apache.axiom.om.impl.builder.StAXOMBuilder.parserNext(StAXOMBuilder.java:681)
        at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:214)
        ... 15 more

但是 - 有Include元素：

<inc:Include href="cid:30545cee-7014-4149-8b77-7014e3e12a8c@xxxxxxx" xmlns:inc="http://www.w3.org/2004/08/xop/include"/>

尝试在本地测试服务（创建类似于外部服务的模型服务）我有一个例外：

Caused by: org.apache.axiom.om.OMException: Part content ID cannot be blank for non root MIME parts
        at org.apache.axiom.attachments.Attachments.getNextPartDataHandler(Attachments.java:648)
        at org.apache.axiom.attachments.Attachments.getDataHandler(Attachments.java:350)

我认为

与问题https://wso2.org/jira/browse/ESBJAVA-3585有关。它是相关的还是我有错误的模型服务？ MTOM是否支持安全策略？

Answer 1

似乎涉及两个问题：

Caused by: javax.xml.stream.XMLStreamException: Expected xop:Include as the sole child of an element information item (see section 3.2 of http://www.w3.org/TR/xop10/)

这是由＆＃34;漂亮的印刷品和＃34;后端服务的功能。 Axis 2严格执行规范，其中xop：Include元素必须是唯一且唯一的子元素，因此不允许使用空格。

org.apache.axiom.om.OMException: Part content ID cannot be blank for non root MIME parts

这似乎是一个错误，此时尚未解决。 https://wso2.org/jira/browse/ESBJAVA-3585

解决方法可以将消息类型更改为text / xml（有效地将base64有效负载插入到XML元素中），适用于小/合理的附件大小。

如果附件可能更大或负载很高，则应考虑将附件存储为文件并仅传回文件名。

使用MTOM的WSO2 ESB WS-Security

1 个答案: