我在使用Apache Rampart/C 1.3.0()安裝AXIS2/C Web服務(axis2/c 1.6.0)不要與他們的java對應物混淆,也就是「axis2」和「rampart」)來進行UsernameToken身份驗證。我不想加密,因爲我試圖先用SoapUI來測試它;當我得到這個工作時,我會添加加密的東西(我無法設置沒有安全策略的Rampart/c,它只是給我一個配置錯誤)。 沒有Rampart的web服務工作得很好。但是,當我嘗試配置Rampart實現安全,我得到這個錯誤的響應:爲UsernameToken身份驗證和無加密設置ws-security(Apache Rampart/C)時出錯
<soapenv:Fault>
<faultcode>soapenv:Client</faultcode>
<faultstring>No Error</faultstring>
</soapenv:Fault>
當我去Axis2的日誌,我發現了以下錯誤:
[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1815) [rampart]Processing security header in Strict layout
[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1824) [rampart]Processing security header element (null)
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1908) [rampart]Unknown security header (null)
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1915) [rampart](null) processing failed
[Thu May 16 12:17:59 2013] [error] rampart_in_handler.c(143) [rampart][rampart_in_handler] Security Header processing failed.
這是相當奇怪,就好像它根本找不到安全標題。我懷疑SOAP請求可能有問題,但我不知道這可能是什麼。或者,也許我發現了一個罕見的Rampart/C錯誤?
對於用戶名和密碼,我使用了與Rampart樣本一起提供的回調.so,以及用戶名「Alice」和密碼「abcd!1234」。
下面是相關的文件(IP地址刪節)的完整清單:
的services.xml:
<service name="ws_vacaciones">
<parameter name="wsdl_path">/informix/AXIS2C/services/ws_vacaciones/ws_vacaciones.wsdl</parameter>
<parameter name="ServiceClass">ws_vacaciones</parameter>
<description> I4GL-SOA Published Service - ws_vacaciones </description>
<module ref="rampart"/>
<operation name="ve_traba"/>
<wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sec="http://schemas.xmlsoap.org/ws/2012/12/secext"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:User>Alice</rampc:User>
<rampc:PasswordType>PasswordText</rampc:PasswordType>
<rampc:PasswordCallbackClass>/informix/AXIS2C/samples/lib/rampartc/libpwcb.so</rampc:PasswordCallbackClass>
</rampc:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
的services.xml(替代;給予同樣的錯誤):
<service name="ws_vacaciones">
<parameter name="wsdl_path">/informix/AXIS2C/services/ws_vacaciones/ws_vacaciones.wsdl</parameter>
<parameter name="ServiceClass">ws_vacaciones</parameter>
<parameter name="InflowSecurity">
<action>
<items>UsernameToken</items>
<passwordCallbackClass>/informix/AXIS2C/samples/lib/rampartc/libpwcb.so</passwordCallbackClass>
</action>
</parameter>
<description> I4GL-SOA Published Service - ws_vacaciones </description>
<module ref="rampart"/>
<operation name="ve_traba"/>
<wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sec="http://schemas.xmlsoap.org/ws/2012/12/secext"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:User>Alice</rampc:User>
<rampc:PasswordType>PasswordText</rampc:PasswordType>
<rampc:PasswordCallbackClass>/informix/AXIS2C/samples/lib/rampartc/libpwcb.so</rampc:PasswordCallbackClass>
</rampc:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
SOAPUI請求:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ws="http://XX.XX.XX.XXX:9090/axis2/services/ws_vacaciones"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="0">
<!-- set to 0 for debugging purposes; using 1 gives same errors -->
<wsse:UsernameToken wsu:Id="blah">
<wsse:Username>Alice</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">abcd!1234</wsse:Password>
<wsu:Created>2013-05-14T15:15:00</wsu:Created>
<wsu:Expires>2019-05-14T15:15:00</wsu:Expires>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ws:ve_traba_request>
<ws:employeeid>12345</ws:employeeid>
<ws:date>2013-04-09</ws:date>
</ws:ve_traba_request>
</soapenv:Body>
</soapenv:Envelope>
迴應:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header/>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Client</faultcode>
<faultstring>No Error</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
axis2.log(相關部分):
[Thu May 16 12:17:54 2013] [info] Starting HTTP server thread
[Thu May 16 12:17:59 2013] [debug] http_worker.c(200) Client HTTP version HTTP/1.1
[Thu May 16 12:17:59 2013] [debug] soap_builder.c(930) Identified soap version is soap11
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler request_uri_based_dispatcher within the phase Transport
[Thu May 16 12:17:59 2013] [debug] req_uri_disp.c(100) Checking for service using target endpoint address : http://XX.XX.XXX.XX:9090/axis2/services/ws_vacaciones
[Thu May 16 12:17:59 2013] [debug] req_uri_disp.c(121) Service found using target endpoint address
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler AddressingInHandler within the phase Transport
[Thu May 16 12:17:59 2013] [info] Starting addressing in handler
[Thu May 16 12:17:59 2013] [info] addr_in_handler.c
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler addressing_based_dispatcher within the phase Transport
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler rest_dispatcher within the phase Dispatch
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler soap_message_body_based_dispatcher within the phase Dispatch
[Thu May 16 12:17:59 2013] [debug] soap_body_disp.c(231) Checking for operation using SOAP messagebody's first child's local name : ve_traba__request
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler soap_action_based_dispatcher within the phase Dispatch
[Thu May 16 12:17:59 2013] [debug] soap_action_disp.c(115) Checking for operation using SOAPAction : ve_traba
[Thu May 16 12:17:59 2013] [debug] soap_action_disp.c(146) Operation found using SOAPAction
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler dispatch_post_conditions_evaluator within the phase PostDispatch
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler context_handler within the phase PostDispatch
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler RampartInHandler within the phase Security
[Thu May 16 12:17:59 2013] [debug] rampart_util.c(32) [rampart]Trying to load module /informix/AXIS2C/samples/lib/rampartc/libpwcb.so
[Thu May 16 12:17:59 2013] [debug] class_loader.c(140) /informix/AXIS2C/samples/lib/rampartc/libpwcb.so shared lib loaded successfully
[Thu May 16 12:17:59 2013] [debug] rampart_util.c(48) [rampart]Successfully loaded module /informix/AXIS2C/samples/lib/rampartc/libpwcb.so
[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1815) [rampart]Processing security header in Strict layout
[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1824) [rampart]Processing security header element (null)
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1908) [rampart]Unknown security header (null)
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1915) [rampart](null) processing failed
[Thu May 16 12:17:59 2013] [error] rampart_in_handler.c(143) [rampart][rampart_in_handler] Security Header processing failed.
[Thu May 16 12:17:59 2013] [error] phase.c(233) Handler RampartInHandler invoke failed within phase Security
[Thu May 16 12:17:59 2013] [error] engine.c(696) Invoking phase Security failed
[Thu May 16 12:17:59 2013] [error] engine.c(279) Invoking operation specific phases failed for operation ve_traba
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler RampartOutHandler within the phase MessageOut
[Thu May 16 12:17:59 2013] [debug] rampart_handler_util.c(247) [rampart][rhu] Service is NULL. Check if the security is enabled in the Conf
[Thu May 16 12:17:59 2013] [error] rampart_engine.c(159) [rampart][rampart_engine] Cannot get saved rampart_context
[Thu May 16 12:17:59 2013] [error] rampart_out_handler.c(136) [rampart][rampart_out_handler] ramaprt_context creation failed.
[Thu May 16 12:17:59 2013] [error] phase.c(233) Handler RampartOutHandler invoke failed within phase MessageOut
[Thu May 16 12:17:59 2013] [error] engine.c(696) Invoking phase MessageOut failed
[Thu May 16 12:17:59 2013] [info] Request served in 0.019 seconds
[Thu May 16 12:18:00 2013] [info] Received signal SIGINT. Server shutting down
[Thu May 16 12:18:00 2013] [info] Terminating HTTP server thread
[Thu May 16 12:18:00 2013] [debug] http_svr_thread.c(181) Terminating HTTP server thread.
[Thu May 16 12:18:00 2013] [info] Successfully terminated HTTP server thread
[Thu May 16 12:18:00 2013] [info] Shutdown complete ...