java axis2+rampart:必须了解标题安全性检查失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5511643/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
axis2+rampart: Must Understand check failed for header Security
提问by Micha? Niklas
I have problem with axis2+rampart WS-Security response in case of server internal error. When server returns "200 OK" all seems ok. Response is checked by rampart if it has proper timestamp, signature and decrypts function response XML. But when server returns "500 Internal Server Error" axis2/rapart throws exception:
在服务器内部错误的情况下,axis2+rampart WS-Security 响应有问题。当服务器返回“200 OK”时一切正常。如果响应具有正确的时间戳、签名和解密函数响应 XML,则由城墙检查响应。但是当服务器返回“500 Internal Server Error”时,axis2/rapart 会抛出异常:
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header
I thought there is something wrong with answer and tested it with soapUI. There comes similar response both in secured and decrypted form. Those responses differ only by HTTP status, XML response code indicating error, and case of SOAP tags. In case of good response there is
我认为答案有问题并使用soapUI对其进行了测试。以安全和解密形式出现类似的响应。这些响应仅在 HTTP 状态、指示错误的 XML 响应代码和 SOAP 标记的大小写方面有所不同。如果反应良好,则有
<SOAP-ENV:Envelope ...
In case of error:
出现错误时:
<soap:Envelope ...
Rest of the structure, including mustUnderstand="1"is the same.
其余的结构,包括mustUnderstand="1"是相同的。
In axis2.xmlI configured InFlowand InFaultFlowto be the same with order:
在axis2.xml我配置InFlow并InFaultFlow与订单相同:
<phase name="Addressing">...</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>
I enabled tracing of my client and in case of good reponse I see:
我启用了对我的客户的跟踪,如果反应良好,我会看到:
DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Invoking Handler 'SecurityInHandler' in Phase 'Security'
...there is decrypted message
DEBUG Thread-11 org.apache.rampart.handler.WSDoAllReceiver - WSDoAllReceiver: exit invoke()
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
There is no such trace in the case of error:
在错误的情况下没有这样的痕迹:
DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "soapmonitorPhase"
DEBUG Thread-11 org.apache.axis2.engine.AxisEngine - MustUnderstand header not processed or registered as understood{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
DEBUG Thread-11 org.apache.axis2.i18n.ProjectResourceBundle - org.apache.axis2.i18n.resource::handleGetObject(mustunderstandfailed)
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
There is no SecurityInHandlerinvocation.
没有SecurityInHandler调用。
I would like to see decrypted message just like in case of "200 OK" status or like in soapUI. Any ideas what is wrong with my configuration?
我想看到解密的消息,就像在“200 OK”状态或soapUI中一样。任何想法我的配置有什么问题?
EDIT
编辑
I have checked that I got such error only in case of "500 Internal Server Error". If server reply with "200 OK" and the same encrypted content then axis2 is able to decrypt it!
我已经检查过我只有在“500内部服务器错误”的情况下才会收到这样的错误。如果服务器回复“200 OK”和相同的加密内容,那么axis2就能够解密它!
回答by Micha? Niklas
I will answer myself:
我自己回答:
I searched Rampart sources to see where SecurityInHandleris. It was in META-INF/module.xmlof rampart-1.5.1.mar, but only in <InFlow>section. I copied it to <InFaultFlow>and it works! Now my <InFaultFlow>section looks like:
我搜索了城墙的来源,看看在哪里SecurityInHandler。它在META-INF/module.xmlof 中rampart-1.5.1.mar,但仅在<InFlow>部分中。我复制到<InFaultFlow>它,它的工作原理!现在我的<InFaultFlow>部分看起来像:
<InFaultFlow>
<handler name="PolicyBasedSecurityInHandler" class="org.apache.rampart.handler.RampartReceiver">
<order phase="Security" phaseFirst="true"/>
</handler>
<handler name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
<order phase="Security"/>
</handler>
<handler name="PostDispatchVerificationHandler" class="org.apache.rampart.handler.PostDispatchVerificationHandler">
<order phase="Dispatch" phaseLast="true"/>
</handler>
</InFaultFlow>
