問題與添加的wsse：在Apache的駱駝安全頭路線

Question

我使用 駱駝：2.12.1 春：4.0.5.RELEASE CXF：2.7.13

我的目標是提供一個SOAP消息wsse：安全頭（如下所述）在Payload模式下從我的駱駝路由器到某個端點。

<wsse:Security soapenv:mustUnderstand="1" 
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 

    <wsse:UsernameToken 
     wsu:Id="UsernameToken-D5896C4D7E4684BCF8141101393698197"> 
     <wsse:Username><xsl:value-of select="User" /></wsse:Username> 
     <wsse:Password 
      Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"><xsl:value-of select="password" /></wsse:Password> 
     <wsu:Created><xsl:value-of select="$START_TIME" /></wsu:Created> 
    </wsse:UsernameToken> 
</wsse:Security> 

要做到這一點，我創建了具有以下條目

<jaxws:client name="{http://com.abc/CallingService}CallingService" createdFromAPI="true"> 
    <jaxws:properties> 
    <entry key="ws-security.username" value= "User" /> 
    <entry key="ws-security.password" value="password" /> 
    </jaxws:properties> 
</jaxws:client> 

但不知道怎麼用這個文件，或致電本某處路由或其他一些Spring配置文件中的配置文件，這樣我可以在我的消息中出現肥皂標題。

我目前得到的異常

org.apache.cxf.ws.policy.PolicyException: No username available 
    at org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor.policyNotAsserted(AbstractTokenInterceptor.java:229) ~[cxf-rt-ws-security-2.7.13.jar:2.7.13] 
    at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addUsernameToken(UsernameTokenInterceptor.java:361) ~[cxf-rt-ws-security-2.7.13.jar:2.7.13] 
    at org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.addToken(UsernameTokenInterceptor.java:307) ~[cxf-rt-ws-security-2.7.13.jar:2.7.13] 
    at org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor.handleMessage(AbstractTokenInterceptor.java:95) ~[cxf-rt-ws-security-2.7.13.jar:2.7.13] 
    at org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor.handleMessage(AbstractTokenInterceptor.java:61) ~[cxf-rt-ws-security-2.7.13.jar:2.7.13] 

我的WSDL的政策如下：

<wsp:Policy wsu:Id="EndpointSecurityPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
    <wsp:ExactlyOne> 
     <wsp:All> 
     <sp:TransportBinding> 
      <wsp:Policy> 
      <sp:TransportToken> 
       <wsp:Policy> 
       <sp:HttpsToken> 
        <wsp:Policy> 
        <sp:RequireClientCertificate/> 
        </wsp:Policy> 
       </sp:HttpsToken> 
       </wsp:Policy> 
      </sp:TransportToken> 
      <sp:AlgorithmSuite> 
       <wsp:Policy> 
       <sp:Basic128/> 
       </wsp:Policy> 
      </sp:AlgorithmSuite> 
      <sp:IncludeTimestamp/> 
      </wsp:Policy> 
     </sp:TransportBinding> 
     <sp:SupportingTokens> 
      <wsp:Policy> 
      <sp:UsernameToken> 
       <wsp:Policy> 
       <sp:NoPassword/> 
       </wsp:Policy> 
      </sp:UsernameToken> 
      </wsp:Policy> 
     </sp:SupportingTokens> 
     </wsp:All> 
     <wsp:All> 
     <sp:TransportBinding> 
      <wsp:Policy> 
      <sp:TransportToken> 
       <wsp:Policy> 
       <sp:HttpsToken> 
        <wsp:Policy/> 
       </sp:HttpsToken> 
       </wsp:Policy> 
      </sp:TransportToken> 
      <sp:AlgorithmSuite> 
       <wsp:Policy> 
       <sp:Basic128/> 
       </wsp:Policy> 
      </sp:AlgorithmSuite> 
      <sp:IncludeTimestamp/> 
      </wsp:Policy> 
     </sp:TransportBinding> 
     <sp:SupportingTokens> 
      <wsp:Policy> 
      <sp:UsernameToken> 
       <wsp:Policy> 
       <sp:WssUsernameToken11/> 
       </wsp:Policy> 
      </sp:UsernameToken> 
      </wsp:Policy> 
     </sp:SupportingTokens> 
     </wsp:All> 
    </wsp:ExactlyOne> 
    </wsp:Policy> 

任何幫助或指針？

Answer 1

也許你需要添加一個PasswordCallbackHandler。