這張照片顯示的soapUI我簡單的WS-Security配置:驗證引發錯誤故障
而且我將此配置SOAP請求:
然後<arg0>
肥皂請求的內容被加密。這是加密的soap消息。
<soapenv:Envelope xmlns:soap="http://soap.aaa.com/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="9C55238F5BB25B8A7214711332555022">MIICxzCCAa+gAwIBAgIECZhGTzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTYwODEyMDgzMDI5WhcNMTYxMTEwMDgzMDI5WjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbufayp7O8wye5q8tPKPWRJPzAIHbtFBkepltFAji7U2fWU5ihSP2TRygym6B/UHvvPZ5QsaTog0oMw+vRLxWAemVganoSvTJWRidTYmvm3kqhBLC7+GEM895k/yU7nduKqSFJr3qa4R5eSO/JLGwIvcb3OkhNHTu1/8EEJDcxbGMPwn08W4gn2qnGDkSEsanfXhCaNtS4mZHWvs5vr+C4gYR4is6Z3wSIFQZGkKtPj7Z3wg3E9l9GAAdg+6JegDKRzzSQtSjgUySipYqbHYOBol78Wf7+dqNiHvohiQTRHB3b2AebEdUcQTu65ELUhWGC28eWWaCv5ksL5eL2bJc/AgMBAAGjITAfMB0GA1UdDgQWBBTcHE/ieHAarvD2RC7DiMdPZ6O66TANBgkqhkiG9w0BAQsFAAOCAQEAja62f/8GeKm0XMMMoUo3ayk/WluF89PC71jB28r3M3+1bqkfK7KJaO7yF7DG9zpm6BztKi9Ykz6izg2IktuUnTG4dbg0CY8ZuL8NEmvirCgfJXXur3goEOIfItb8dR9Mi6i4ZV46oJTgX8XliwEoZQVloi3JcTbPeZ3DrSmOyaUppGk//kryx4bhwdazxPQ3H7PcRQjMq+l3e7q9sTJRyYm7PcsvyZt34CgZkhal28p35jQk7U1MKibL8a5FlQejDP4p/6/8qv/3TzHK467zlXr/oFGQGCXFc96j12Cj5Eiv+22C+8ZRMCtMig42uXNamE5YGuQMHDLrsQd9VThkUQ==</wsse:BinarySecurityToken><xenc:EncryptedKey Id="EK-9C55238F5BB25B8A7214711332555001" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><wsse:Reference URI="#9C55238F5BB25B8A7214711332555022" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>GudjGW52R0Iu+KnTZARE7nHFwPGvmXRZCuIQqnhz8it9WJs+2Jai7W0dAmhtkNxi2k0/g8IhL1v1EpA6JuJUEzkOnyuCoUttyR5ROLxpbHzD1DtEZT8AEgiOwFmmov7t6UsKDSn2jxL8ftraf44ISxrMCbJ10cuN6gJT9ghT9USdvvT/1vKhuBqm251bn9kgPkqNTDcYntQpwSkRCTZz+yf+pv77DVE5MPMk8FLHE4TeROsqLyNC8YzH8ncITGqOrDM4PY+1/H2XUkWaAeMz9ZcqqseD97Mr86ZpOgwP/V0Z6v9iRSrBYTpnDqPd8TIJ1wJs88sJ6+QIOMA6kySMtQ==</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-9C55238F5BB25B8A7214711332555093"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security></soapenv:Header>
<soapenv:Body>
<soap:sayHello>
<!--Optional:-->
<arg0><xenc:EncryptedData Id="ED-9C55238F5BB25B8A7214711332555093" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><wsse:Reference URI="#EK-9C55238F5BB25B8A7214711332555001"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>CKtrCSg+Q1HqzLQulEi0YmGxGNlrjlANGsgbSirlbXE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></arg0>
</soap:sayHello>
</soapenv:Body>
</soapenv:Envelope>
但是這個加密的SOAP消息的驗證拋出錯誤故障:
故障信息是
line 6:Element not allowed: [email protected]://www.w3.org/2001/04/xmlenc# in element arg0
我找不到任何引用的。
更新1
了SoapUI仍然拋出同樣的異常。爲了簡單起見,我使用keytool命令-genkeypair選項製作了單個jks文件。
keytool –genkeypair -keyalg RSA -alias servicekey –keypass password123 -storepass password123 –validity 365 –keystore serviceKeystore.jks -dname "cn=localhost"
而且我修改WS客戶端和服務有點像下面,
== index.jsp的
<body>
<%
String SERVICE_URL = "http://localhost:8080/SOAPEncryptWeb/HelloWorld";
try {
QName serviceName = new QName("http://soap.aaa.com/", "HelloWorldService");
URL wsdlURL;
wsdlURL = new URL(SERVICE_URL + "?wsdl");
Service service = Service.create(wsdlURL, serviceName);
IHelloWorld port = (IHelloWorld) service.getPort(IHelloWorld.class);
((BindingProvider) port).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
((BindingProvider) port).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
Thread.currentThread().getContextClassLoader().getResource("META-INF/client.properties"));
((BindingProvider) port).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, "servicekey");
((BindingProvider) port).getRequestContext().put(SecurityConstants.RETURN_SECURITY_ERROR, "true");
out.println(port.sayHello("jina"));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
%>
</body>
==服務器端配置
<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
<endpoint-config>
<config-name>Custom WS-Security Endpoint</config-name>
<property>
<property-name>ws-security.encryption.properties</property-name>
<property-value>META-INF/server.properties</property-value>
</property>
<property>
<property-name>ws-security.encryption.username</property-name>
<property-value>servicekey</property-value>
</property>
<property>
<property-name>ws-security.return.security.error</property-name>
<property-value>true</property-value>
</property>
<property>
<property-name>ws-security.callback-handler</property-name>
<property-value>
com.aaa.soap.KeystorePasswordCallback
</property-value>
</property>
</endpoint-config>
</jaxws-config>
然而,這配置拋出異常,但在野蠻10.0中沒有例外
17:25:22,588 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-12) Interceptor for {http://soap.aaa.com/}HelloWorldService has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:216)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:108)
at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134)
at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: An error was discovered processing the <wsse:Security> header
at org.apache.wss4j.common.crypto.AlgorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(AlgorithmSuiteValidator.java:149)
at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:550)
at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:481)
at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:199)
at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:76)
at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:280)
... 42 more
我附上評論** UPDATE1 **。等待您的回覆 –