X509身份验证问题

Question

我正在使用Spring WS开发Web服务。我得到了“WSS0258：消息”中指定的接收者要求超过消费者电话，如下所示，带有X509证书（从中央系统Desmon发出）。

我没有太多使用WS-Security的经验。因此，需要一些帮助来设置我的安全策略文件和进一步的提示。

我非常感谢任何提示/帮助。

Consumer Call
=============
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://app.sample.com/customermanagement/btc/service" xmlns:acc="http://app.sample.com/customermanagement/btc/schema/accountslinkingobject">
   <soapenv:Header xmlns:header="http://com.sample.app.japi">
      <header:ApplicationID>XX</header:ApplicationID>
      <header:CallID>XX1</header:CallID>
      <wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="DESMONCertificate" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">REMOVED MORA THAN 2000 BYTES OF CERTIFICATE CONTENT</wsse:BinarySecurityToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
    .......
   </soapenv:Body>
</soapenv:Envelope>

这是我的安全策略文件和拦截器：

Security File
============
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" dumpMessages="true">
  <xwss:RequireSignature requireTimestamp="false">
    <xwss:X509Token keyReferenceType="Direct" />
  </xwss:RequireSignature> 
</xwss:SecurityConfiguration> 

Java code from Spring Configuration file
========================================
    @Bean
public XwsSecurityInterceptor securityInterceptor() {
    XwsSecurityInterceptor result = new XwsSecurityInterceptor();
    result.setCallbackHandler(callbackHandler());
    result.setPolicyConfiguration(new ClassPathResource("security-policy.xml"));
    return result;
}

@Bean SpringCertificateValidationCallbackHandler callbackHandler() {
    SpringCertificateValidationCallbackHandler handler = new SpringCertificateValidationCallbackHandler();
    handler.setAuthenticationManager(authenticationManager());
    return handler;
}
@Bean 
public ProviderManager authenticationManager() {
    ProviderManager pm = new ProviderManager(providers());

    return pm;
}
@Bean
public List<AuthenticationProvider> providers() {
    X509AuthenticationProvider provider = new X509AuthenticationProvider();
    provider.setX509AuthoritiesPopulator(new X509AuthoritiesPopulator() {

        @Override
        public UserDetails getUserDetails(X509Certificate cert) throws AuthenticationException {
            log.info("Got a Certificate: "+cert.toString());
            return null;
        }
    });
    List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
    list.add(provider);
    return list;
}

提前多多感谢！