JAVA - CXF WS-security“验证消息时遇到安全错误”

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/37698141/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-11-03 02:41:14  来源:igfitidea点击:

JAVA - CXF WS-security "A security error was encountered when verifying the message"

javacxfws-security

提问by BrK

Sorry for this question, it can appear recurrent by I'm completely blocked. I'm trying to implement a Web Service Server on top of CXFframework. Jax-wsis very helpful to handle a web service, it's easy to implement it. But, the problem come when you want to introduce security.

很抱歉这个问题,它可能会因为我完全被阻止而反复出现。我正在尝试在CXF框架之上实现一个 Web 服务服务器。Jax-ws对处理 Web 服务非常有帮助,它很容易实现。但是,当您想引入安全性时,问题就来了。

To handle security in implement the following source code :

要处理实施以下源代码中的安全性:

EndpointImpl jaxWsEndpoint = (EndpointImpl) Endpoint.publish(endPointAddress, httpWebService);
inProps.put("action", "UsernameToken Timestamp");
inProps.put("passwordType", "PasswordText");
inProps.put("passwordCallbackClass", "com.company.webService.PasswordListener");
jaxWsEndpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps));

I push to this Web Service the following SOAPrequest :

我将以下SOAP请求推送到此 Web 服务:

...
<soapenv:Header>
   <wsse:Security soapenv:mustunderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:Usernametoken wsu:id="UsernameToken-27777511" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>admin</wsse:Username>
        <wsse:Password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass</wsse:Password>
     </wsse:Usernametoken>
   </wsse:Security>
</soapenv:Header>
...

The CXFframework received my request try to handle the security part and throw me the following exception:

CXF框架收到了我的请求,尝试处理安全部分把我扔了以下异常:

Jun 08, 2016 10:48:24 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor checkActions
WARNING: Security processing failed (actions mismatch)
Jun 08, 2016 10:48:24 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://httpAbstractHandlerImplementation.webService.company.co /}HttpWebServiceService has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:218)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:316)

If somebody have an idea where i have done an error.

如果有人知道我在哪里做错了。

Thanks

谢谢

回答by Frank

You have inProps.put("action", "UsernameToken Timestamp");but no Timestamp in your security header. Either remove "Timestamp" from your actions or add the matching security header.

inProps.put("action", "UsernameToken Timestamp");的安全标头中有但没有时间戳。从您的操作中删除“时间戳”或添加匹配的安全标头。

EDITThe message is quite clear "Security processing failed (actions mismatch)" So looking at your request reveals another mistake: It should be wsse:UsernameTokeninstead of wsse:Usernametokenas of the official spec.

编辑该消息是很清楚“安全处理失败(动作不匹配)”所以看着你的要求揭示了另一个错误:应该wsse:UsernameToken的,而不是wsse:Usernametoken作为的官方规格