1. 首頁
  2. 問答
  3. 通過代碼

通過代碼

2014-07-25 204 views
1

爲STS/WS-Trust配置CXF我喜歡使用CXF訪問受STS/WS-Trust保護的SOAP服務。由於我被迫減少依賴性,我使用CXFBusFactory而不是彈簧配置。這意味着我不得不通過代碼進行配置,這在網上的文檔和流行程度都較低。通過代碼

任何人都可以指出缺少哪些配置設置以及如何通過代碼設置它們?

我:

private static void testSo(String endpointUrl, String username, String password) { 
    String busFactory = System.getProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME); 
    try { 
     // Setup the system properties to use the CXFBusFactory not the SpringBusFactory 
     System.setProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME, "org.apache.cxf.bus.CXFBusFactory"); 

     CXFBusFactory bf = new CXFBusFactory();   
     Bus bus = bf.createBus(); 
     bus.getFeatures().add(new org.apache.cxf.feature.LoggingFeature()); 

     STSClient stsClient = new STSClient(bus); 
     stsClient.setWsdlLocation("https://example.com/adfs/services/trust/mex"); 
     stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"); 
     stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}CustomBinding_IWSTrustFeb2005Async"); 

     bus.setProperty("ws-security.callback-handler", "com.example.ClientCallbackHandler"); 
     bus.setProperty("ws-security.username", username); 
     bus.setProperty("ws-security.password", password); 
     bus.setProperty("ws-security.sts.client", stsClient); 

     BusFactory.setDefaultBus(bus); 
     BusFactory.setThreadDefaultBus(bus); 

     URL wsdlUrl = new URL(endpointUrl + "?singleWsdl"); 
     Service ss = OrganizationService.create(wsdlUrl, SERVICE_NAME);   
     IOrganizationService port = ss.getPort(IOrganizationService.class); 

     ColumnSet cs = new ColumnSet(); 
     cs.setAllColumns(true); 
     Entity e = port.retrieve("account", "323223", cs);   
    } catch (Exception ex) { 
     ex.printStackTrace(); 
    } finally { 
     // clean up the system properties 
     if (busFactory != null) { 
      System.setProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME, busFactory); 
     } else { 
      System.clearProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME); 
     } 
    } 
}

目標服務MS CRM 2013,如果它很重要。

這遠我從CXF日誌獲得:

Jul 25, 2014 12:24:55 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder 
WARNUNG: No assertion builder for type {http://schemas.microsoft.com/xrm/2011/Contracts/Services}AuthenticationPolicy registered. 
Jul 25, 2014 12:24:55 PM org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder build 
WARNUNG: sp:HttpsToken/wsp:Policy should have a value!

然後這個異常:

javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied. 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158) 
    at com.sun.proxy.$Proxy46.retrieve(Unknown Source)

更新1:我認爲主要的問題是建立sp:HttpsToken/wsp:Policy碼。很多時候,Web顯示了這個示例彈簧配置,但我看不到如何使用代碼進行復制(Client client = ClientProxy.getClient(port);讓我爲客戶端)。例如:

<sp:TransportBinding> 
    <wsp:Policy> 
     <sp:TransportToken> 
      <wsp:Policy> 
       <sp:HttpsToken/> 
      </wsp:Policy> 
     </sp:TransportToken> 
     <sp:AlgorithmSuite> 
      <wsp:Policy> 
       <sp:Basic256/> 
      </wsp:Policy> 
     </sp:AlgorithmSuite> 
     <sp:Layout> 
      <wsp:Policy> 
       <sp:Lax/> 
      </wsp:Policy> 
     </sp:Layout> 
     <sp:IncludeTimestamp/> 
    </wsp:Policy> 
    </sp:TransportBinding>

更新2:這是服務服務器的WSDL政策:

<wsp:Policy wsu:Id="CustomBinding_IOrganizationService_policy"> 
<wsp:ExactlyOne> 
<wsp:All> 
<ms-xrm:AuthenticationPolicy xmlns:ms-xrm="http://schemas.microsoft.com/xrm/2011/Contracts/Services"> 
<ms-xrm:Authentication>Federation</ms-xrm:Authentication> 
<ms-xrm:SecureTokenService> 
<ms-xrm:Identifier>http://sts1.example.com/adfs/services/trust</ms-xrm:Identifier> 
</ms-xrm:SecureTokenService> 
</ms-xrm:AuthenticationPolicy> 
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
<wsp:Policy> 
<sp:TransportToken> 
<wsp:Policy> 
<sp:HttpsToken/> 
</wsp:Policy> 
</sp:TransportToken> 
<sp:AlgorithmSuite> 
<wsp:Policy> 
<sp:Basic256/> 
</wsp:Policy> 
</sp:AlgorithmSuite> 
<sp:Layout> 
<wsp:Policy> 
<sp:Strict/> 
</wsp:Policy> 
</sp:Layout> 
<sp:IncludeTimestamp/> 
</wsp:Policy> 
</sp:TransportBinding> 
<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
<wsp:Policy> 
<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> 
<Issuer xmlns="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
<Address xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</Address> 
<Metadata xmlns="http://www.w3.org/2005/08/addressing"> 
<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
<wsx:MetadataSection xmlns=""> 
<wsx:MetadataReference> 
<Address xmlns="http://www.w3.org/2005/08/addressing">https://sts1.edrcrm.com/adfs/services/trust/mex</Address> 
</wsx:MetadataReference> 
</wsx:MetadataSection> 
</Metadata> 
</Metadata> 
</Issuer> 
<sp:RequestSecurityTokenTemplate> 
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> 
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey 
</trust:KeyType> 
<trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize> 
<trust:Claims xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"> 
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"/> 
</trust:Claims> 
<trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm> 
<trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith> 
<trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith> 
<trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm> 
<trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm> 
</sp:RequestSecurityTokenTemplate> 
<wsp:Policy> 
<sp:RequireInternalReference/> 
</wsp:Policy> 
</sp:IssuedToken> 
</wsp:Policy> 
</sp:EndorsingSupportingTokens> 
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
<wsp:Policy/> 
</sp:Wss11> 
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
<wsp:Policy> 
<sp:MustSupportIssuedTokens/> 
<sp:RequireClientEntropy/> 
<sp:RequireServerEntropy/> 
</wsp:Policy> 
</sp:Trust13> 
<wsaw:UsingAddressing/> 
</wsp:All> 
</wsp:ExactlyOne> 
</wsp:Policy>

來源

2014-07-25 ZoolWay

回答

1

是什麼請求+響應消息是什麼樣子? STS的安全政策是什麼? HttpsToken是一個紅鯡魚,這只是一個警告,在這種情況下STS的安全策略並不嚴格符合規範。

Colm。

來源

2014-07-28 09:17:33

+0

我指的是這個警告,因爲它看起來像其他人解決了這個問題。 儘管如此,'SOAPFaultException'是真正的問題,並且它在調用''retrieve''上的'try'的最後一行出現。 STS安全策略是什麼意思? – ZoolWay

+0

如果該策略丟失,CXF只會記錄警告。以前它拋出一個錯誤。首先啓用日誌+查看客戶端 - > STS消息和響應的外觀。 STS是否成功處理請求? –

+0

當我切換到另一個沒有CXF的解決方案時,我無法進一步檢查,但接受這種方法來幫助我。 – ZoolWay

相關問題

 相關問題