在服务器内部错误的情况下,我遇到了axis2 + rampart WS-Security响应问题。 当服务器返回“200 OK”时,一切似乎都没问题。如果具有正确的时间戳,签名和解密函数响应XML,则通过rampart检查响应。但是当服务器返回“500内部服务器错误”时,axis2 / rapart抛出异常:
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header
我认为答案有问题,并使用soapUI进行测试。在安全和解密形式中都有类似的响应。这些响应的区别仅在于HTTP状态,指示错误的XML响应代码以及SOAP标记的情况。如果反应良好,则有
<SOAP-ENV:Envelope ...
如果出现错误:
<soap:Envelope ...
其余结构,包括mustUnderstand="1"是相同的。
在axis2.xml我已将InFlow和InFaultFlow配置为与订单相同:
<phase name="Addressing">...</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>
我启用了对我的客户的跟踪,如果有好的回应我会看到:
DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Invoking Handler 'SecurityInHandler' in Phase 'Security'
...there is decrypted message
DEBUG Thread-11 org.apache.rampart.handler.WSDoAllReceiver - WSDoAllReceiver: exit invoke()
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
在出现错误的情况下没有这样的痕迹:
DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "soapmonitorPhase"
DEBUG Thread-11 org.apache.axis2.engine.AxisEngine - MustUnderstand header not processed or registered as understood{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
DEBUG Thread-11 org.apache.axis2.i18n.ProjectResourceBundle - org.apache.axis2.i18n.resource::handleGetObject(mustunderstandfailed)
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
没有SecurityInHandler次调用。
我希望看到解密的消息,就像在soapUI中的“200 OK”状态一样。 任何想法我的配置有什么问题?
修改的
我已检查过只有在“500内部服务器错误”的情况下才会出现此类错误。如果服务器回复“200 OK”并且加密内容相同,则axis2能够解密它!
答案 0 :(得分:3)
我会自己回答:
我搜索了Rampart来源,看看SecurityInHandler在哪里。它位于META-INF/module.xml的{{1}},但仅限于rampart-1.5.1.mar部分。我将其复制到<InFlow>并且它有效!现在我的<InFaultFlow>部分看起来像是:
<InFaultFlow>