https WebService 消息:消息不包含有效的安全元素
我正在使用 axis 2 Web 服务客户端。
对 Web 服务的第一个 https 调用会引发异常,并显示以下消息:“消息不包含有效的安全元素”。
我认为问题可能在于安全模式:也许它必须是消息级安全性。 这种情况下,如何在axis中进行配置呢?
代码:
System.setProperty("javax.net.ssl.keyStore", jksFile);
System.setProperty("javax.net.ssl.keyStorePassword", jksPassword);
MyServicePortProxy proxy = new MyServicePortProxy();
Stub stub = (Stub) proxy.getMyServicePort();
proxy.setEndpoint(endpoint);
stub.setUsername(username);
stub.setPassword(password);
// throws exception with the above message:
proxy.serviceMethod(...);
I am using axis 2 webservice client.
The first https call to the webservice throws a exception with the message: "Message did not contain a valid Security Element".
I think that the problem could be the security mode: maybe it has to be message level security. In this case, how can I configure it in axis?.
The code:
System.setProperty("javax.net.ssl.keyStore", jksFile);
System.setProperty("javax.net.ssl.keyStorePassword", jksPassword);
MyServicePortProxy proxy = new MyServicePortProxy();
Stub stub = (Stub) proxy.getMyServicePort();
proxy.setEndpoint(endpoint);
stub.setUsername(username);
stub.setPassword(password);
// throws exception with the above message:
proxy.serviceMethod(...);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
看看 http://ws.apache.org/wss4j/package.html 我们必须定义一个 client-config.wsdd 来告诉 axis 包含用户名/密码(如果您使用的是 ws-security)。 我对不同的标准以及它们之间的区别有点不太了解。
Take a look at http://ws.apache.org/wss4j/package.html we had to define a client-config.wsdd that told axis to include username/password (if it is ws-security you are using). I am a little bit weak on the different standards and what separates them.
您可能需要在 XML 服务定义中创建服务策略 -[http ://schemas.xmlsoap.org/ws/2004/09/policy/]
查看这些文章:
http://www.javaranch.com/journal/200603/Journal200603.jsp#a2
http://www.javaranch.com/journal/200709/ web-services-authentication-axis2.html
It's possible that in your XML service definition you need to create a service policy -[http://schemas.xmlsoap.org/ws/2004/09/policy/]
Take a look at these articles:
http://www.javaranch.com/journal/200603/Journal200603.jsp#a2
http://www.javaranch.com/journal/200709/web-services-authentication-axis2.html
注意你的时钟偏差。 如果客户端提供的安全元素中的时间戳从服务器的角度来看距离过去或未来太远,则它可能会用此消息拒绝它。
Watch your clock-skew. If the timestamp in the security element provided by the client is too far into the past or the future from the server's perspective, it may reject it with exactly this message.