具有安全策略的WSO2代理安全Web服务

时间:2017-03-03 13:21:52

标签: wso2 esb policy

再次欢迎WSO2社区,

我们是新手,我们正在努力了解和学习有关WSO2 ESB的技巧。这是我们的第一个项目。    我们必须调用具有安全策略的Web服务。    我们已按顺序将此端点定义为

   <proxy name=........> 
   <inSequence>
        <header name="Action" scope="default" value="urn:rc"/>
        <header name="wsse:Security" scope="default" value="" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
          <send>
            <endpoint>
                <address statistics="enable" trace="enable" uri="https://urlToEndPoint">
                    <enableSec policy="gov:policy/policy.xml"/>
                </address>
            </endpoint>
        </send>
    </inSequence>
    <outSequence>
        <send/>
    </outSequence>
    <faultSequence/>
  </proxy>

当我们将带有数据的soap消息发送到CDATA元素时,一切正常,我们收到一条确认消息。但是如果我们发送不同于CDATA的相同消息,我们会收到下一个错误:

TID: [-1] [] [2017-03-03 14:02:56,797] ERROR org.apache.synapse.transport.passthru.ClientWorker} -  Fault processing response message through Axis2 {org.apache.synapse.transport.passthru.ClientWorker}
org.apache.axis2.AxisFault: Missing wsse:Security header in request
   at   org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:180) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
    at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
    at org.apache.synapse.transport.passthru.ClientWorker.run(ClientWorker.java:261)
    at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.rampart.RampartException: Missing wsse:Security header in request
    at org.apache.rampart.RampartEngine.process(RampartEngine.java:146)
    at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
    ... 9 more

这是我的安全政策。

<wsp:Policy wsu:Id="SigOnly"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:InitiatorToken>
                        <wsp:Policy>
                            <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                                <wsp:Policy>
                                    <sp:WssX509V3Token10/>
                                    <!-- sp:WssX509V3Token10/ -->
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:InitiatorToken>
                    <sp:RecipientToken>
                        <wsp:Policy>
                            <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                                <wsp:Policy>
                                    <sp:WssX509V3Token10/>
                                    <!-- sp:WssX509V3Token10/ -->
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:RecipientToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:TripleDesRsa15/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Strict/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                    <sp:ProtectTokens/>
                    <sp:OnlySignEntireHeadersAndBody/>
                </wsp:Policy>
            </sp:AsymmetricBinding>
            <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:MustSupportRefKeyIdentifier/>
                    <sp:MustSupportRefIssuerSerial/>
                </wsp:Policy>
            </sp:Wss10>
            <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <sp:Body/>
            </sp:SignedParts>
        </wsp:All>
    </wsp:ExactlyOne>
    <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
        <rampart:user>XXXXXXXXXXXXXXXX</rampart:user>
        <rampart:encryptionUser>XXXXXXXXXXXXXXXX</rampart:encryptionUser>
        <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
        <rampart:timestampTTL>300</rampart:timestampTTL>
        <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
        <rampart:timestampStrict>false</rampart:timestampStrict>
        <rampart:passwordCallbackClass>XX.XXXX.XX.XXXX.XXXXX.PWCBHandler</rampart:passwordCallbackClass>
        <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
        <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
        <rampart:encryptionCrypto>
            <rampart:crypto
                cryptoKey="org.wso2.carbon.security.crypto.privatestore" provider="org.wso2.carbon.security.util.ServerCrypto">
                <rampart:property name="org.wso2.carbon.security.crypto.alias">XXXXXXXXXXXXXXXX</rampart:property>
                <rampart:property name="org.wso2.carbon.security.crypto.privatestore">XXXXXXXX.jks</rampart:property>
                <rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property>
                <rampart:property name="org.wso2.carbon.security.crypto.truststores">XXXXXXXX.jks</rampart:property>
                <rampart:property name="rampart.config.user">XXXXXXXXXXXXXX</rampart:property>
            </rampart:crypto>
        </rampart:encryptionCrypto>
        <rampart:signatureCrypto>
            <rampart:crypto
                cryptoKey="org.wso2.carbon.security.crypto.privatestore" provider="org.wso2.carbon.security.util.ServerCrypto">
                <rampart:property name="org.wso2.carbon.security.crypto.alias">XXXXXXXXXXXXXXXX</rampart:property>
                <rampart:property name="org.wso2.carbon.security.crypto.privatestore">XXXXXXXX.jks</rampart:property>
                <rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property>
                <rampart:property name="org.wso2.carbon.security.crypto.truststores">XXXXXXXX.jks</rampart:property>
                <rampart:property name="rampart.config.user">XXXXXXXXXXXXXXXX</rampart:property>
            </rampart:crypto>
        </rampart:signatureCrypto>
    </rampart:RampartConfig>
</wsp:Policy>

这是终点

    <proxy name="Proxy" startOnLoad="true" transports="http https" xmlns="http://ws.apache.org/ns/synapse">
        <target>
            <inSequence>

                        <header name="Action" scope="default" value="urn:operacion"/>
                        <header name="wsse:Security" scope="default" value="" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
                        <send>
                            <endpoint>
                                <address statistics="enable" trace="enable" uri="https://URLtoWebService">
                                    <enableSec policy="gov:ws-policy/policy.xml"/>
                                </address>
                            </endpoint>
                        </send>
            </inSequence>
            <outSequence/>
            <faultSequence/>
          </target>
   </proxy>

我们通过http / s连接发送这种肥皂信息。

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://xx.xxx">
    <soapenv:Header/>
    <soapenv:Body>
        <xx:operacion>
            <!--Optional:-->
            <ws:xml>
                <mensaje id="002"  date="2003-07-09-08-58-39">
                      <data>............</data>             
                </mensaje>
            </xx:xml>
        </xx:operacion>
    </soapenv:Body>
</soapenv:Envelope>

是否有人知道有关此错误的警告以及如何解决此问题?

提前致谢。

0 个答案:

没有答案