soap:在Jmeter
我在Jmeter响应中出现以下错误
?xml version="1.0" encoding="UTF-8"?>soap:ServerThese policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702} AsymmetricBinding: Received Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702} InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702} RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702} IncludeTimestamp: Received Timestamp does not match the requirements
当我运行Jmeter请求时。使用SOAP UI也能很好地工作。
我看到请求中没有加密形式的时间戳ID。
以下是我使用JMeter
触发的请求<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://soap.abz.com/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp>
<wsu:Created>${CREATED}</wsu:Created>
<wsu:Expires>${EXPIRES}</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<soap:validate>
<!--Optional:-->
<check>1007 1940 0000 0100 27</check>
</soap:validate>
</soapenv:Body>
</soapenv:Envelope>
服务器日志:
Dec 07, 2017 2:57:30 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://soap.abz.com/}ServiceImplService#{http://soap.abz.com/}validate has thrown exception, unwinding now
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp: Received Timestamp does not match the requirements
at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167)
at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:218)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:198)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:243)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:163)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:219)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
我使用SOAP消息加密器和签名者密钥作为Jmeter中的预处理器,用于JMeter 3.3中的SOAP请求
非常感谢这里的任何帮助。
2 个答案:
答案 0 :(得分:0)
该消息表明时间戳格式错误。如果您的应用程序确实使用基于WS协议的安全性而没有任何特定的用户名和密码,则以下解决方我认为您需要更正时间戳的格式。就我而言,我习惯于使用整个SOAP协议消息来定期使用HTTP采样器而不使用特定于SOAP的前/后处理器
http://abeykoon.blogspot.com/2015/03/jmeter-test-for-secured-proxy-service.html
根据上面的链接,如果您的应用程序需要,但您需要使用正确的时间戳发送标头以及用户名和密码。在上面的链接中也给出了生成一个的代码。请注意,您可以为我的应用程序传递一个空值NOnce。否则,您需要确保将相应的jboss jar文件放在JMeter安装的\ lib \ ext目录下
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-05CB7D74E166EF0AB614268666650771109">
<wsu:Created>${#timeC#}</wsu:Created>
<wsu:Expires>${#timeE#}</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-05CB7D74E166EF0AB614268666650771108">
<wsse:Username>${username}</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">${password}</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">${#nonce#}</wsse:Nonce>
<wsu:Created>${#UTtimeC#}</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
import org.apache.jmeter.protocol.http.sampler.WebServiceSampler;
import org.apache.jmeter.protocol.http.sampler.SoapSampler;
import org.jboss.ws.extensions.security.nonce.DefaultNonceGenerator; //(jbosswscore.jar)
import org.jboss.util.Base64; //this class is called inside the DefaultNonceGenerator class (jbosscommon.jar)
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
//generating NONCE
DefaultNonceGenerator nonce_Gen = new DefaultNonceGenerator();
String nonce = nonce_Gen.generateNonce();
//generating relevant Timestamps
long ctmilli = System.currentTimeMillis(); // current time in milliseconds
SimpleDateFormat dformat1 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); // timestamp format with nonce
SimpleDateFormat dformat2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"); //timestamp format for usernametoken, with miliseconds
Date dtime = new Date();
dformat1.setTimeZone(TimeZone.getTimeZone("UTC"));
dtime.setTime(ctmilli); // current time
String timeCreated = dformat1.format(dtime); // timestamp created in format1
String uttimeCreated = dformat2.format(dtime); // timestamp created in format2
dtime.setTime(ctmilli+2000); // setting the timeout for 2seconds, change the timeout as required
String timeExpire = dformat1.format(dtime); // expiration timestamp in format1
vars.put("#timeC#",timeCreated);
vars.put("#timeE#",timeExpire);
vars.put("#nonce#",nonce);
vars.put("#UTtimeC#",uttimeCreated);
答案 1 :(得分:0)
根据错误根本原因:
收到的时间戳与要求
不符
似乎${CREATED}或${EXPIRES}个变量(或两者)与服务器的期望不匹配。使用ie Debug Sampler和View Results Tree侦听器组合检查其值,并根据服务器所需的格式修改其生成方式。
另请注意,WS Security for SOAP JMeter插件理论上可以让您的生活更轻松。您可以使用JMeter Plugins Manager
进行安装 
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?