更正UsernameToken和CXF SOAP WS的WS-Policy

时间:2018-02-09 15:33:59

标签: cxf

我在SOAP Web服务上有以下注释:

@Policy(uri = "classpath:/ws/soap/UsernameTokenPolicy.xml")

和此类端点配置:

Map<String, Object> inProps = new HashMap<>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);

WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
endpoint.getInInterceptors().add(wssIn);

endpoint.getProperties().put(SecurityConstants.USERNAME_TOKEN_VALIDATOR, authenticationPlugin);

这是UsernameTokenPolicy.xml

的内容
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
            xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:SupportingTokens>
        <wsp:Policy>
            <sp:UsernameToken/>
        </wsp:Policy>
    </sp:SupportingTokens>
</wsp:Policy>

客户端发送此类安全标头:

  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsse:UsernameToken wsu:Id="UsernameToken-FA33408419A5268E38151818972919430">
        <wsse:Username>USERABC</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">123456789</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>
  </soapenv:Header>

和CXF Server拒绝该政策:

org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: 

    {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens
    {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken
        at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)

我不确定这里有什么问题。根据{{​​3}},我的政策看起来很好(sp:IncludeToken不会改变任何内容。)

感谢任何帮助。

1 个答案:

答案 0 :(得分:0)

我发现了问题,我需要将Policy Aware Interceptor作为第一个:

PolicyBasedWSS4JInInterceptor pwssIn = new PolicyBasedWSS4JInInterceptor();
endpoint.getInInterceptors().add(pwssIn);

Map<String, Object> inProps = new HashMap<>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
endpoint.getInInterceptors().add(wssIn);

endpoint.getProperties().put(SecurityConstants.USERNAME_TOKEN_VALIDATOR, authenticationPlugin);