Question

我在使用Spring WS接收附加了文件并使用流式传输的请求时遇到问题。问题是每当我尝试使用安全拦截器时，我都会遇到以下异常：

2011-01-11 15:10:05,132 DEBUG [org.springframework.ws.soap.server.SoapMessageDispatcher] - 
java.lang.IllegalArgumentException: Error in converting SOAP Envelope to Document
    at org.springframework.ws.soap.axiom.support.AxiomUtils.toDocument(AxiomUtils.java:135)
    at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.toDocument(Wss4jSecurityInterceptor.java:621)
    at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.validateMessage(Wss4jSecurityInterceptor.java:492)
    at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:104)
    at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:213)
    at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:168)
    at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:88)
    at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:57)
    at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:230)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:530)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:426)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:457)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:931)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:361)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:245)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
    at org.eclipse.jetty.server.Server.handle(Server.java:337)
    at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:581)
    at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1020)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:775)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:228)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:417)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:474)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:437)
    at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.axiom.om.OMException: java.util.NoSuchElementException
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:249)
    at org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:327)
    at org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:706)
    at org.springframework.ws.soap.axiom.support.AxiomUtils.toDocument(AxiomUtils.java:125)
    ... 34 more
Caused by: java.util.NoSuchElementException
    at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1083)
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.parserNext(StAXOMBuilder.java:506)
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:161)
    ... 37 more

我正在使用Axiom Message Factory：

<bean id="messageFactory" class="org.springframework.ws.soap.axiom.AxiomSoapMessageFactory">
    <property name="payloadCaching" value="false"/>
    <property name="attachmentCaching" value="true"/>
    <property name="attachmentCacheThreshold" value="1024" />
</bean>

我的端点映射使用wss4jSecurityInterceptor：

<bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping">
    <property name="mappings">
        <props>
            <prop key="{http://www.aquilauk.co.uk/hribulkupload}BulkHRRequest">hriBulkUploadEndpoint</prop>
        </props>
    </property>
     <property name="interceptors">
        <list>
            <!-- <bean class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"/> -->
            <ref bean="wss4jSecurityInterceptor"/>
        </list>            
    </property>
</bean>

我的安全拦截器已设置为确保它不使用Payload：

<bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    <property name="validationActions" value="UsernameToken" />
    <property name="validationCallbackHandler" ref="springWSS4JHandler"/>
    <property name="secureResponse" value="false"/>
    <property name="secureRequest" value="false" />
</bean> 


<bean id="acegiWSS4JHandler" 
    class="org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler">
    <property name="authenticationManager" ref="authenticationManager"/>
</bean>

方面，克雷格

Answer 1

我相信您定义的安全拦截器仍然消耗有效负载。它只是不对它执行任何安全验证。应该调用AxiomSoapMessageFactory.createWebServiceMesssage()方法以创建提供给安全拦截器的MessageContext。然后安全拦截器根据secureRequest标志忽略它。

Answer 2

我通过反复试验找到了解决这个问题的方法：

问题是wss4jSecurityInterceptor的设置，行：

<property name="secureResponse" value="false"/>
<property name="secureRequest" value="false" />

应该是：

<property name="validateRequest" value="false" />
<property name="validateResponse" value="false" />

使用安全拦截器的Spring WS Streaming附件的问题

2 个答案: