沒有加密crypto對象在Apache CXF發現異常

我想構建一個Java客戶端與使用WS-Trust的.NET WCF服務進行通信。沒有加密crypto對象在Apache CXF發現異常

我的.net STS使用基於WS2007Http綁定和基於UserNameToken的身份驗證，託管在http端點上。

var binding = new WS2007HttpBinding(); 
     binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; 
     binding.Security.Mode = SecurityMode.Message; 
     binding.Security.Message.NegotiateServiceCredential = false;

設置NegotiateServiceCredential設置爲false以禁止使用Apache CXF不支持的SslContextToken。

我的Java客戶端代碼如下：

public static void main(String[] args) throws Exception { 
    SpringBusFactory bf = new SpringBusFactory(); 
    URL busFile = Main.class.getResource("/cxf.xml"); 
    Bus bus = bf.createBus(busFile.toString()); 

    STSClient sts = new STSClient(bus); 
    sts.setWsdlLocation("http://localhost:19308/MainTenantManager/SecurityTokenService?singlewsdl"); 
    sts.setServiceName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService"); 
    sts.setEndpointName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}WS2007HttpBinding_IWSTrust13Sync"); 

    sts.setSpnego(true); 
    sts.setSecureConv(true); 
    sts.setSoap12(); 

    Properties p = new Properties();  
    p.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks"); 
    p.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "pass1234!"); 
    p.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", "localhost!"); 
    p.setProperty("org.apache.ws.security.crypto.merlin.file", "keystore.jks"); 

    org.apache.ws.security.components.crypto.Merlin m = new Merlin(p); 

    sts.getRequestContext().put(SecurityConstants.ENCRYPT_CRYPTO, m); 

    sts.getRequestContext().put(SecurityConstants.USERNAME, "admin"); 
    sts.getRequestContext().put(SecurityConstants.PASSWORD, "qwe"); 

    sts.requestSecurityToken("http://localhost:19308/MainTenantManager/Service"); 

}

結果是一個例外：

1437 [main] WARN org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {http://docs.oasis-open.org/ws-sx/ws-trust/200512/wsdl}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/wsdl}RequestSecurityToken has thrown exception, unwinding now 
org.apache.cxf.interceptor.Fault: No encryption crypto object found. 
at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:395) 
at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124) 
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:162) 
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89) 
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) 
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531) 
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) 
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) 
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) 
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:757) 
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:635) 
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:627) 
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:159) 
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:69) 
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:44) 
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) 
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531) 
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464) 
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367) 
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320) 
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:757) 
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:635) 
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:627) 
at com.medius.cxf.client.Main.main(Main.java:55) 
Caused by: org.apache.cxf.ws.policy.PolicyException: No encryption crypto object found. 
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:307) 
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.setEncryptionUser(AbstractBindingBuilder.java:1590) 
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getEncryptedKeyBuilder(AbstractBindingBuilder.java:1413) 
at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.setupEncryptedKey(SymmetricBindingHandler.java:827) 
at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:296) 
... 23 more

這似乎是完全錯誤的，因爲，在加密對象是在代碼中設置。我已經嘗試通過使用.properties文件的jaxws配置加密：客戶端配置並在代碼中進行設置。

來源

2014-07-01 Grzegorz Banczak

你最終解決了嗎？ –

是的，但是我需要完全禁用.Net站點上的SecureConversation，然後改用UserNameToken + Https。 –

您正在使用什麼版本的CXF？創建一個Properties對象的樣式，以及用它來實例化一個Merlin對象，然後將它用於ENCRYPT_CRYPTO，可以同時使用最新的CXF trunk + 2.7.x修復代碼。如果您使用的是舊版本的CXF，可以嘗試使用更新的版本？

Colm。

來源

2014-07-02 17:00:04

這部分幫助，最終我放棄了WS2007HttpBinding與安全會話託管在HTTP上的自定義綁定與禁用安全會話，並託管在https上以確保機密性。然後我遇到了從wsdl解析綁定的問題，並且升級CXF最終使其工作。我已將它從2.6.1升級到2.6.14。 –

沒有加密crypto對象在Apache CXF發現異常

回答

相關問題