2013-05-16 44 views
0

我在使用Apache Rampart/C 1.3.0()安裝AXIS2/C Web服務(axis2/c 1.6.0)不要與他們的java對應物混淆,也就是「axis2」和「rampart」)來進行UsernameToken身份驗證。我不想加密,因爲我試圖先用SoapUI來測試它;當我得到這個工作時,我會添加加密的東西(我無法設置沒有安全策略的Rampart/c,它只是給我一個配置錯誤)。 沒有Rampart的web服務工作得很好。但是,當我嘗試配置Rampart實現安全,我得到這個錯誤的響應:爲UsernameToken身份驗證和無加密設置ws-security(Apache Rampart/C)時出錯

<soapenv:Fault> 
    <faultcode>soapenv:Client</faultcode> 
    <faultstring>No Error</faultstring> 
</soapenv:Fault> 

當我去Axis2的日誌,我發現了以下錯誤:

[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1815) [rampart]Processing security header in Strict layout 
[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1824) [rampart]Processing security header element (null) 
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1908) [rampart]Unknown security header (null) 
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1915) [rampart](null) processing failed 
[Thu May 16 12:17:59 2013] [error] rampart_in_handler.c(143) [rampart][rampart_in_handler] Security Header processing failed. 

這是相當奇怪,就好像它根本找不到安全標題。我懷疑SOAP請求可能有問題,但我不知道這可能是什麼。或者,也許我發現了一個罕見的Rampart/C錯誤?

對於用戶名和密碼,我使用了與Rampart樣本一起提供的回調.so,以及用戶名「Alice」和密碼「abcd!1234」。

下面是相關的文件(IP地址刪節)的完整清單:

的services.xml:

<service name="ws_vacaciones"> 
    <parameter name="wsdl_path">/informix/AXIS2C/services/ws_vacaciones/ws_vacaciones.wsdl</parameter> 
    <parameter name="ServiceClass">ws_vacaciones</parameter> 
    <description> I4GL-SOA Published Service - ws_vacaciones </description> 

    <module ref="rampart"/> 
    <operation name="ve_traba"/> 

    <wsp:Policy 
     xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
     xmlns:sec="http://schemas.xmlsoap.org/ws/2012/12/secext" 
     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
     <wsp:ExactlyOne> 
      <wsp:All> 
        <wsp:Policy> 
        <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/> 
        </wsp:Policy> 
        <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy"> 
        <rampc:User>Alice</rampc:User> 
        <rampc:PasswordType>PasswordText</rampc:PasswordType> 
        <rampc:PasswordCallbackClass>/informix/AXIS2C/samples/lib/rampartc/libpwcb.so</rampc:PasswordCallbackClass> 
        </rampc:RampartConfig> 
      </wsp:All> 
     </wsp:ExactlyOne> 
    </wsp:Policy> 
</service> 

的services.xml(替代;給予同樣的錯誤):

<service name="ws_vacaciones"> 
    <parameter name="wsdl_path">/informix/AXIS2C/services/ws_vacaciones/ws_vacaciones.wsdl</parameter> 
    <parameter name="ServiceClass">ws_vacaciones</parameter> 
    <parameter name="InflowSecurity"> 
     <action> 
      <items>UsernameToken</items> 
      <passwordCallbackClass>/informix/AXIS2C/samples/lib/rampartc/libpwcb.so</passwordCallbackClass> 
     </action> 
    </parameter> 

    <description> I4GL-SOA Published Service - ws_vacaciones </description> 
    <module ref="rampart"/> 
    <operation name="ve_traba"/> 

    <wsp:Policy 
     xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
     xmlns:sec="http://schemas.xmlsoap.org/ws/2012/12/secext" 
     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
     <wsp:ExactlyOne> 
      <wsp:All> 
        <wsp:Policy> 
        <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/> 
        </wsp:Policy> 
        <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy"> 
        <rampc:User>Alice</rampc:User> 
        <rampc:PasswordType>PasswordText</rampc:PasswordType> 
        <rampc:PasswordCallbackClass>/informix/AXIS2C/samples/lib/rampartc/libpwcb.so</rampc:PasswordCallbackClass> 
        </rampc:RampartConfig> 
      </wsp:All> 
     </wsp:ExactlyOne> 
    </wsp:Policy> 
</service> 

SOAPUI請求:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
    xmlns:ws="http://XX.XX.XX.XXX:9090/axis2/services/ws_vacaciones" 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
    <soapenv:Header> 
     <wsse:Security soapenv:mustUnderstand="0"> 
     <!-- set to 0 for debugging purposes; using 1 gives same errors --> 
      <wsse:UsernameToken wsu:Id="blah"> 
       <wsse:Username>Alice</wsse:Username> 
       <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">abcd!1234</wsse:Password> 
       <wsu:Created>2013-05-14T15:15:00</wsu:Created> 
       <wsu:Expires>2019-05-14T15:15:00</wsu:Expires> 
      </wsse:UsernameToken> 
     </wsse:Security>  
    </soapenv:Header> 
    <soapenv:Body> 
     <ws:ve_traba_request> 
     <ws:employeeid>12345</ws:employeeid> 
     <ws:date>2013-04-09</ws:date> 
     </ws:ve_traba_request> 
    </soapenv:Body> 
</soapenv:Envelope> 

迴應:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> 
    <soapenv:Header/> 
    <soapenv:Body> 
     <soapenv:Fault> 
     <faultcode>soapenv:Client</faultcode> 
     <faultstring>No Error</faultstring> 
     </soapenv:Fault> 
    </soapenv:Body> 
</soapenv:Envelope> 

axis2.log(相關部分):

[Thu May 16 12:17:54 2013] [info] Starting HTTP server thread 
[Thu May 16 12:17:59 2013] [debug] http_worker.c(200) Client HTTP version HTTP/1.1 
[Thu May 16 12:17:59 2013] [debug] soap_builder.c(930) Identified soap version is soap11 
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler request_uri_based_dispatcher within the phase Transport 
[Thu May 16 12:17:59 2013] [debug] req_uri_disp.c(100) Checking for service using target endpoint address : http://XX.XX.XXX.XX:9090/axis2/services/ws_vacaciones 
[Thu May 16 12:17:59 2013] [debug] req_uri_disp.c(121) Service found using target endpoint address 
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler AddressingInHandler within the phase Transport 
[Thu May 16 12:17:59 2013] [info] Starting addressing in handler 
[Thu May 16 12:17:59 2013] [info] addr_in_handler.c 
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler addressing_based_dispatcher within the phase Transport 
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler rest_dispatcher within the phase Dispatch 
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler soap_message_body_based_dispatcher within the phase Dispatch 
[Thu May 16 12:17:59 2013] [debug] soap_body_disp.c(231) Checking for operation using SOAP messagebody's first child's local name : ve_traba__request 
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler soap_action_based_dispatcher within the phase Dispatch 
[Thu May 16 12:17:59 2013] [debug] soap_action_disp.c(115) Checking for operation using SOAPAction : ve_traba 
[Thu May 16 12:17:59 2013] [debug] soap_action_disp.c(146) Operation found using SOAPAction 
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler dispatch_post_conditions_evaluator within the phase PostDispatch 
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler context_handler within the phase PostDispatch 
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler RampartInHandler within the phase Security 
[Thu May 16 12:17:59 2013] [debug] rampart_util.c(32) [rampart]Trying to load module /informix/AXIS2C/samples/lib/rampartc/libpwcb.so 
[Thu May 16 12:17:59 2013] [debug] class_loader.c(140) /informix/AXIS2C/samples/lib/rampartc/libpwcb.so shared lib loaded successfully 
[Thu May 16 12:17:59 2013] [debug] rampart_util.c(48) [rampart]Successfully loaded module /informix/AXIS2C/samples/lib/rampartc/libpwcb.so 
[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1815) [rampart]Processing security header in Strict layout 
[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1824) [rampart]Processing security header element (null) 
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1908) [rampart]Unknown security header (null) 
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1915) [rampart](null) processing failed 
[Thu May 16 12:17:59 2013] [error] rampart_in_handler.c(143) [rampart][rampart_in_handler] Security Header processing failed. 
[Thu May 16 12:17:59 2013] [error] phase.c(233) Handler RampartInHandler invoke failed within phase Security 
[Thu May 16 12:17:59 2013] [error] engine.c(696) Invoking phase Security failed 
[Thu May 16 12:17:59 2013] [error] engine.c(279) Invoking operation specific phases failed for operation ve_traba 
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler RampartOutHandler within the phase MessageOut 
[Thu May 16 12:17:59 2013] [debug] rampart_handler_util.c(247) [rampart][rhu] Service is NULL. Check if the security is enabled in the Conf 
[Thu May 16 12:17:59 2013] [error] rampart_engine.c(159) [rampart][rampart_engine] Cannot get saved rampart_context 
[Thu May 16 12:17:59 2013] [error] rampart_out_handler.c(136) [rampart][rampart_out_handler] ramaprt_context creation failed. 
[Thu May 16 12:17:59 2013] [error] phase.c(233) Handler RampartOutHandler invoke failed within phase MessageOut 
[Thu May 16 12:17:59 2013] [error] engine.c(696) Invoking phase MessageOut failed 
[Thu May 16 12:17:59 2013] [info] Request served in 0.019 seconds 
[Thu May 16 12:18:00 2013] [info] Received signal SIGINT. Server shutting down 
[Thu May 16 12:18:00 2013] [info] Terminating HTTP server thread 
[Thu May 16 12:18:00 2013] [debug] http_svr_thread.c(181) Terminating HTTP server thread. 
[Thu May 16 12:18:00 2013] [info] Successfully terminated HTTP server thread 
[Thu May 16 12:18:00 2013] [info] Shutdown complete ... 

回答

0

終於發現出了什麼事。顯然,SoapUI在提交之前刪除安全頭文件;因此,(空)安全報頭消息。

要指定安全性頭文件,我需要雙擊項目,單擊「WS-Security Configurations」,添加一個傳出WS-Security配置,並向該配置添加一個用戶名條目。接下來,根據請求,在左下方,我單擊與身份驗證和安全設置相對應的「...」按鈕,然後在「發送WSS:」下選擇剛纔添加的配置。

完成此操作後,soapfault變爲wsse:InvalidSecurityToken,描述爲「未預期用戶名令牌」。所以這意味着我需要修復rampart/c配置。但至少現在我知道發生了什麼。