“请求中缺少 wsse:安全标头”当我尝试使用 Axis2 和 Rampart 发布 SOAP 消息时

发布于 2024-10-10 21:25:52 字数 4321 浏览 6 评论 0原文

我感觉我一直在关注这个问题。

背景: 我必须调用安全的第三方网络服务。主体和标头块都需要使用客户端证书进行签名。 如果我禁用 Rampart 并使用 tcpmon 并捕获传出信封,我可以配置 SOAPUI 来发送消息(通过将 SOAPUI 配置为使用证书来签署前面讨论的重要部分)。这告诉我消息不是问题。

如果我启用 Rampart 并捕获传出消息,它看起来是正确的(两个元素已签名,安全元素全部就位)。

当我尝试使用 Rampart 调用服务时,我得到以下堆栈:

org.apache.axis2.AxisFault: Missing wsse:Security header in request
    at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
    at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:254)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
    at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
    at org.apache.axis2.axis2userguide.RetrieveCurrentBidResults_v20090801ServiceStub.retrieveCurrentBidResults_v20090801(RetrieveCurrentBidResults_v20090801ServiceStub.java:225)
    at org.transalta.weezer.soap.client.RetrieveCleanBidsClient.main(RetrieveCleanBidsClient.java:64)

这是我正在使用的policy.xml 文件:

<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="SigEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
    <wsp:All>
        <sp:AsymmetricBinding
            xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
                <sp:InitiatorToken>
                    <wsp:Policy>
                        <sp:X509Token
                            sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                            <wsp:Policy>
                                <sp:RequireThumbprintReference />
                                <sp:WssX509V1Token10 />
                            </wsp:Policy>
                        </sp:X509Token>
                    </wsp:Policy>
                </sp:InitiatorToken>
                <sp:RecipientToken>
                    <wsp:Policy>
                        <sp:X509Token
                            sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                            <wsp:Policy>
                                <sp:RequireThumbprintReference />
                                <sp:WssX509V3Token10 />
                            </wsp:Policy>
                        </sp:X509Token>
                    </wsp:Policy>
                </sp:RecipientToken>
                <sp:AlgorithmSuite>
                    <wsp:Policy>
                        <sp:TripleDesRsa15 />
                    </wsp:Policy>
                </sp:AlgorithmSuite>
                <sp:Layout>
                    <wsp:Policy>
                        <sp:Strict />
                    </wsp:Policy>
                </sp:Layout>
                <sp:OnlySignEntireHeadersAndBody />
            </wsp:Policy>
        </sp:AsymmetricBinding>
        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
                <sp:MustSupportRefKeyIdentifier />
                <sp:MustSupportRefIssuerSerial />
            </wsp:Policy>
        </sp:Wss10>
        <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <sp:Body />
            <sp:Header Name="CAISOWSHeader" Namespace="http://www.caiso.com/soa/2006-09-30/CAISOWSHeader.xsd" />
        </sp:SignedParts>
    </wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

所以我想知道 Rampart 到底想告诉我什么?我知道它认为不存在的组件就在那里。

I feel like I've been looking at this issue forever.

Background:
I have to call a secured third party web service. The body and a header block both need to be signed with a client certificate.
If I disable Rampart and use tcpmon and capture the outgoing envelope, I can configure SOAPUI to send the message (by configuring SOAPUI to use the cert to sign the important parts discussed earlier). That tells me the message isn't the issue.

If I enable Rampart and capture the outgoing message, it looks correct (the two elements are signed, the security elements are all in place).

I get the following stack when I try calling the service with Rampart:

org.apache.axis2.AxisFault: Missing wsse:Security header in request
    at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
    at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:254)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
    at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
    at org.apache.axis2.axis2userguide.RetrieveCurrentBidResults_v20090801ServiceStub.retrieveCurrentBidResults_v20090801(RetrieveCurrentBidResults_v20090801ServiceStub.java:225)
    at org.transalta.weezer.soap.client.RetrieveCleanBidsClient.main(RetrieveCleanBidsClient.java:64)

and here is the policy.xml file I'm using:

<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="SigEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
    <wsp:All>
        <sp:AsymmetricBinding
            xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
                <sp:InitiatorToken>
                    <wsp:Policy>
                        <sp:X509Token
                            sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                            <wsp:Policy>
                                <sp:RequireThumbprintReference />
                                <sp:WssX509V1Token10 />
                            </wsp:Policy>
                        </sp:X509Token>
                    </wsp:Policy>
                </sp:InitiatorToken>
                <sp:RecipientToken>
                    <wsp:Policy>
                        <sp:X509Token
                            sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                            <wsp:Policy>
                                <sp:RequireThumbprintReference />
                                <sp:WssX509V3Token10 />
                            </wsp:Policy>
                        </sp:X509Token>
                    </wsp:Policy>
                </sp:RecipientToken>
                <sp:AlgorithmSuite>
                    <wsp:Policy>
                        <sp:TripleDesRsa15 />
                    </wsp:Policy>
                </sp:AlgorithmSuite>
                <sp:Layout>
                    <wsp:Policy>
                        <sp:Strict />
                    </wsp:Policy>
                </sp:Layout>
                <sp:OnlySignEntireHeadersAndBody />
            </wsp:Policy>
        </sp:AsymmetricBinding>
        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
                <sp:MustSupportRefKeyIdentifier />
                <sp:MustSupportRefIssuerSerial />
            </wsp:Policy>
        </sp:Wss10>
        <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <sp:Body />
            <sp:Header Name="CAISOWSHeader" Namespace="http://www.caiso.com/soa/2006-09-30/CAISOWSHeader.xsd" />
        </sp:SignedParts>
    </wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

So what I want to know is what the heck is Rampart trying to tell me? I know the component it doesn't think is present IS there.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

氛圍 2024-10-17 21:25:52

如果您也发布了捕获的请求响应消息之一,那就更好了。由于您说的是策略中定义的预期元素已被签名,因此请检查请求消息中是否存在 TimeStamp 元素。如果时间戳存在,那么它也必须被签名,在这种情况下,这可能是失败的原因。

It is better if you have posted one of the captured request-response messages too. Since you are saying expected elements that are defined in the policy are singed, please check if the TimeStamp element is there in the request message. If the timestamp is there, then it MUST be signed too, in that case this might be the reason for the failure.

久随 2024-10-17 21:25:52

我通过修改 Rampart 模块以跳过“安全”阶段以及流入之后的所有阶段来解决这个问题。

private static void modifyRampartModule(ServiceClient serviceClient) {
    AxisConfiguration axisConfig = serviceClient.getAxisConfiguration();

    List<Phase> phases = axisConfig.getInFlowPhases();
    List<Phase> newPhases = new ArrayList<Phase>();
    for (Phase phase : phases) {
        if (!phase.getName().equalsIgnoreCase("security"))
            newPhases.add(phase);

        if (phase.getName().equalsIgnoreCase("security"))
            break;          
    }
    axisConfig.setInPhasesUptoAndIncludingPostDispatch(newPhases);
}

I solved this by modifying the rampart module to skip the 'security' phase and all phases after for the inflow.

private static void modifyRampartModule(ServiceClient serviceClient) {
    AxisConfiguration axisConfig = serviceClient.getAxisConfiguration();

    List<Phase> phases = axisConfig.getInFlowPhases();
    List<Phase> newPhases = new ArrayList<Phase>();
    for (Phase phase : phases) {
        if (!phase.getName().equalsIgnoreCase("security"))
            newPhases.add(phase);

        if (phase.getName().equalsIgnoreCase("security"))
            break;          
    }
    axisConfig.setInPhasesUptoAndIncludingPostDispatch(newPhases);
}
喜爱纠缠 2024-10-17 21:25:52

我在我的代码中应用了“Tambu”的“modifyRampartModule”方法,并且它开始正常工作。我曾尝试通过 axis2.xml 中的配置执行相同的操作,但我应该做错了什么,因为对我来说,这不起作用。
关键是标头必须在请求和响应中传输...但是如果您有“解决方案提供商”,也许会从响应中删除标头...并且您将面临这个问题。

I applied the method "modifyRampartModule" of "Tambu", in my code, and it began to work fine. I had tried to do the same through configurations in the axis2.xml, but I should have done something wrong, because for me, didn't work.
The point is that the header must travel in the request and also in the response... but if you have a "Solution Provider", maybe will remove the header from the response... and You will be facing this issue.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文