当前位置: 文江博客 话题详情

使用 Spring Web 服务客户端解密消息

发布于 2024-08-14 07:06:24 字数 5026 浏览 7 评论 0 原文

350 赏金和华夫饼送给可以帮助我的人!

我已经在 Spring Web 服务加密方面苦苦挣扎了好几天,但我不知道如何解决让 Spring 对消息正文的加密发挥作用。每当我让服务器加密生成的消息时,客户端在尝试根据架构验证它之前似乎不会解密它(XSD)。

这是服务器端配置

服务端的xwss安全配置

客户端的Spring配置

客户端的xwss配置

我能做的就是加密用户令牌并成功解密。我在从客户端向服务器发送数据时这样做。然后,服务器解密用户令牌并验证用户凭据,效果非常好。

如果我尝试加密返回的消息正文,就会出现问题。该问题发生在客户端。客户端似乎试图在解密之前验证消息,因此在根据架构进行验证时会发生错误。

[Fatal Error] :1:192: The prefix "ns0" for element "ns0:HolidayListResponse" is not bound.
11-Dec-2009 7:45:32 AM com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor decryptElementWithCipher
SEVERE: WSS1203: Exception [ The prefix "ns0" for element "ns0:HolidayListResponse" is not bound. ] while trying to decrypt message

这是 SOAP 响应本身

这是编组映射文件,

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapping PUBLIC "-//EXOLAB/Castor Mapping DTD Version 1.0//EN"
                         "http://castor.org/mapping.dtd">
<mapping>
    <field-handler name="dateHandler" class="com.mycompany.hr.handlers.DateFieldHandler" />
    <field-handler name="dateHandler2" class="com.mycompany.hr.handlers.DateFieldHandler" />
    <class name="com.mycompany.hr.data.Holiday">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="Holiday" />
        <field name="from" type="string" handler="dateHandler">
            <bind-xml name="StartDate" node="element" />
        </field>
        <field name="to" type="string" handler="dateHandler2">
            <bind-xml name="EndDate" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.Employee">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="Employee" />
        <field name="number" type="java.lang.Integer">
            <bind-xml name="Number" node="element" />
        </field>
        <field name="firstName" type="java.lang.String">
            <bind-xml name="FirstName" node="element" />
        </field>
        <field name="lastName" type="java.lang.String">
            <bind-xml name="LastName" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.HolidayRequest">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayRequest" />
        <field name="holiday" type="com.mycompany.hr.data.Holiday">
            <bind-xml name="Holiday" node="element" />
        </field>
        <field name="employee" type="com.mycompany.hr.data.Employee">
            <bind-xml name="Employee" node="element" />
        </field>
    </class>

    <class name="com.mycompany.hr.data.HolidayConfirmation">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayConfirmation" />
        <field name="confirmationCode" type="java.lang.Integer">
            <bind-xml name="ConfirmationCode" node="element" />
        </field>
        <field name="confirmationMessage" type="java.lang.String">
            <bind-xml name="ConfirmationMessage" node="element" />
        </field>
    </class>

    <class name="com.mycompany.hr.data.HolidayResponse">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayResponse" />
        <field name="confirmation" type="com.mycompany.hr.data.HolidayConfirmation">
            <bind-xml name="HolidayConfirmation" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.HolidayListRequest">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayListRequest" />
        <field name="id" type="java.lang.Integer">
            <bind-xml name="userId" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.HolidayListResponse">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayListResponse" />
        <field name="holidays" type="com.mycompany.hr.data.Holiday" collection="vector">
            <bind-xml name="Holiday" node="element" />
        </field>
    </class>
</mapping>

我知道它有很多信息,但我想我会提供所有内容。我的加密设置正确吗?是否不可能加密消息正文并在客户端解密?在这一点上,我几乎愿意接受任何建议。

原文

350 Bounty and waffles to the person who can help me!

I have been struggling with Spring Web Service encryption for days and I can't figure out how to get Spring's encryption on the message body to work. Whenever I have the server encrypt the resulting message the client doesn't seem to be decrypting it before it attempts to validate it against the Schema (XSD).

Here is the server side configuration

The server's xwss security configuration

The client's Spring configuration

Client's xwss configuration

What I can do is encrypt the user token and decrypt it successfully. I do that when sending data from the client to the server. The server then decrypts the user token and authenticates the user credentials, that works quite well.

The problem occurs if I try and encrypt the body of the message coming back. The issue occurs on the client side. It seems the client is trying to validate the message before it decrypts it, and hence an error occurs when validating against the schema.

[Fatal Error] :1:192: The prefix "ns0" for element "ns0:HolidayListResponse" is not bound.
11-Dec-2009 7:45:32 AM com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor decryptElementWithCipher
SEVERE: WSS1203: Exception [ The prefix "ns0" for element "ns0:HolidayListResponse" is not bound. ] while trying to decrypt message

And here is the SOAP response itself.

And here is the marshalling mapping file

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapping PUBLIC "-//EXOLAB/Castor Mapping DTD Version 1.0//EN"
                         "http://castor.org/mapping.dtd">
<mapping>
    <field-handler name="dateHandler" class="com.mycompany.hr.handlers.DateFieldHandler" />
    <field-handler name="dateHandler2" class="com.mycompany.hr.handlers.DateFieldHandler" />
    <class name="com.mycompany.hr.data.Holiday">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="Holiday" />
        <field name="from" type="string" handler="dateHandler">
            <bind-xml name="StartDate" node="element" />
        </field>
        <field name="to" type="string" handler="dateHandler2">
            <bind-xml name="EndDate" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.Employee">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="Employee" />
        <field name="number" type="java.lang.Integer">
            <bind-xml name="Number" node="element" />
        </field>
        <field name="firstName" type="java.lang.String">
            <bind-xml name="FirstName" node="element" />
        </field>
        <field name="lastName" type="java.lang.String">
            <bind-xml name="LastName" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.HolidayRequest">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayRequest" />
        <field name="holiday" type="com.mycompany.hr.data.Holiday">
            <bind-xml name="Holiday" node="element" />
        </field>
        <field name="employee" type="com.mycompany.hr.data.Employee">
            <bind-xml name="Employee" node="element" />
        </field>
    </class>

    <class name="com.mycompany.hr.data.HolidayConfirmation">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayConfirmation" />
        <field name="confirmationCode" type="java.lang.Integer">
            <bind-xml name="ConfirmationCode" node="element" />
        </field>
        <field name="confirmationMessage" type="java.lang.String">
            <bind-xml name="ConfirmationMessage" node="element" />
        </field>
    </class>

    <class name="com.mycompany.hr.data.HolidayResponse">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayResponse" />
        <field name="confirmation" type="com.mycompany.hr.data.HolidayConfirmation">
            <bind-xml name="HolidayConfirmation" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.HolidayListRequest">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayListRequest" />
        <field name="id" type="java.lang.Integer">
            <bind-xml name="userId" node="element" />
        </field>
    </class>
    <class name="com.mycompany.hr.data.HolidayListResponse">
        <map-to ns-uri="http://mycompany.com/hr/schemas" ns-prefix="ns0" xml="HolidayListResponse" />
        <field name="holidays" type="com.mycompany.hr.data.Holiday" collection="vector">
            <bind-xml name="Holiday" node="element" />
        </field>
    </class>
</mapping>

I know it's a lot of information, but I figured I would provide everything. Is my encryption setup correct? Is it not possible encrypt the body of the message and decrypt it on the client side? At this point I am open to almost any suggestion.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

盛夏尉蓝 2024-08-21 07:06:24

看看 CastorMarshaller 属性,并尝试将一些“忽略”属性设置为 true(在您的 中)。例如设置:

<property name="validating" value="false" />
<property name="suppressNamespaces" value="true" />
<property name="ignoreExtraElements" value="true" />

其中之一可能会做到这一点。

Take a look at CastorMarshaller properties, and attempt setting some of the "ignoring" ones to true (in your <bean id="castorMarshaller"). For example set:

<property name="validating" value="false" />
<property name="suppressNamespaces" value="true" />
<property name="ignoreExtraElements" value="true" />

One of those might do it.

回复 原文
爱给你人给你 2024-08-21 07:06:24

您确定

 <property name="xsd" value="classpath:src/java/hr.xsd"/>

得到妥善解决吗?

您收到的错误表明它无法找到如何处理该元素。如果响应未解密,您将看不到元素名称和前缀。

您是否能够在不加密的情况下验证和运行 Web 服务?

Are you certain 

 <property name="xsd" value="classpath:src/java/hr.xsd"/>

is being resolved properly?

The error you're getting indicates it can't find how to handle that element. You wouldn't be seeing the element name and prefix if the response wasn't getting decrypted.

Are you able to validate and run the web service without encryption?

回复 原文
~没有更多了~

关于作者

公布

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

烙印

文章 0 评论 0

singlesman

文章 0 评论 0

给自己一个微笑

文章 0 评论 0

独孤求败

文章 0 评论 0

晨钟暮鼓

文章 0 评论 0

我是自愿种绣球花的

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文