Apache CXF - 無法滿足任何策略替代例外

Question

我正在爲此https://efactura.dgi.gub.uy:6470/ePrueba/ws_personaGetActEmpresarialPrueba?wsdl第三方wsdl實施webservice客戶端。

我使用apache-cxf-3.0.4 wsdl2java生成java clases。

端點需要使用帶有X.509證書籤名的ws-security進行簽名。爲了解決這個問題，我配置了一些Out攔截器，但是我得到了一個「無法滿足任何策略選擇」的例外情況。

這裏是配置的攔截器，做德SOAP調用的代碼：

Map<String, Object> outProps = new HashMap<String, Object>(); 
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.TIMESTAMP); 
outProps.put(WSHandlerConstants.SIGNATURE_PARTS, ""); 
outProps.put(WSHandlerConstants.USER, "<aliasCertName>"); 
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientCallbackHandler.class.getName()); 
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "client_sign.properties"); 
outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.2/ws-securitypolicy-1.2.xsd}SignedParts;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); 
outProps.put(WSHandlerConstants.ENCRYPTION_PARTS, "{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"); 
outProps.put(WSHandlerConstants.ENC_PROP_FILE, "client_sign.properties"); 


/* 
* Create service, port and send the request 
*/ 
ObjectFactory objectFactory = new ObjectFactory(); 
WSPersonaGetActEmpresarialExecute req = objectFactory.createWSPersonaGetActEmpresarialExecute(); 
req.setRut("21047573001133"); 
WSPersonaGetActEmpresarial service = new WSPersonaGetActEmpresarial(); 
WSPersonaGetActEmpresarialSoapPort port = service.getWSPersonaGetActEmpresarialSoapPort(); 

//Obtain a reference to the CXF endpoint using the ClientProxy helper: 
Client client = ClientProxy.getClient(wsPersonaGetActEmpresarialSoapPort); 
client.getOutInterceptors().add(new WSS4JOutInterceptor(outProps)); 


WSPersonaGetActEmpresarialExecuteResponse response = port.execute(req); 

和異常：

03:07:26.227 [main] WARN o.a.c.w.p.AssertionBuilderRegistryImpl - No assertion builder for type {http://www.datapower.com/extensions}summary registered. 
03:07:26.229 [main] WARN o.a.c.w.p.AssertionBuilderRegistryImpl - No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512}SignedParts registered. 
03:07:26.232 [main] DEBUG o.a.cxf.ws.policy.PolicyEngineImpl - Alternative {http://www.datapower.com/extensions}summary is not supported 
03:07:26.233 [main] DEBUG o.a.cxf.ws.policy.PolicyEngineImpl - Alternative {http://www.datapower.com/extensions}summary is not supported 
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied. 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161) 
    at com.sun.proxy.$Proxy33.execute(Unknown Source) 
    at tests.consultaPorRUT.main(consultaPorRUT.java:150) 
Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied. 
    at org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicyImpl.java:172) 
    at org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImpl.java:146) 
    at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:142) 
    at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:584) 
    at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:313) 
    at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:294) 
    at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61) 
    at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:318) 
    at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:338) 
    at org.apache.cxf.transport.http.HTTPConduit.getClient(HTTPConduit.java:855) 
    at org.apache.cxf.transport.http.HTTPConduit.configureConduitFromEndpointInfo(HTTPConduit.java:360) 
    at org.apache.cxf.transport.http.HTTPConduit.finalizeConfig(HTTPConduit.java:440) 
    at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:242) 
    at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:222) 
    at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:229) 
    at org.apache.cxf.endpoint.AbstractConduitSelector.createConduit(AbstractConduitSelector.java:145) 
    at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:107) 
    at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare(UpfrontConduitSelector.java:63) 
    at org.apache.cxf.endpoint.ClientImpl.prepareConduitSelector(ClientImpl.java:849) 
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:509) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) 
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) 
    ... 2 more 

如何需要解決這個錯誤？

Answer 1

當WSDL中存在安全策略時，可以使用不同的方式來配置WS-Security。您正在通過基於「操作」的方法配置WS-Security。但是，從WSDL看，這項政策並不是標準。所以你可能會更好地保持你當前的配置，但爲客戶端代碼編寫一個攔截器來聲明相關策略。

Answer 2

，我可以從exception.It看到好像你已經配置了太多令牌系統，如：用戶名令牌輪廓，採用X509v3令牌證書，SAML令牌等或其中ATLEAST一個 /和無它們與提供者策略相匹配[提供者爲他的所有客戶端配置了多個令牌系統憑證]。您的配置必須至少與供應商推薦的憑證令牌之一匹配，如用戶名令牌和x509令牌證書，以便您可以訪問服務[我認爲運行時將確定哪些策略相交]。