当前位置：文江博客话题详情

在具有 Web 安全性的 HTTPS 上调用 SOAP 服务时出现异常

发布于 2024-12-17 11:51:22 字数 1579 浏览 1 评论 0 原文

请帮助我解决这个问题。

我正在编写一个 java SOAP 客户端来访问某个在 HTTPPS 和 HTTPS 上工作的第三方的 SOAP 服务。接受标头中的网络安全。调用的soap服务--操作依次返回一个类对象。我写了一个类，在调用该服务时，我遇到了异常。我试图获取发送到服务的 SOAP 信封使用 SOAP UI 工具执行它得到了成功的回应。我有点困惑出了什么问题，当我使用 JAVA SOAP 客户端发送 SOAP 信封时，在使用 SOAP UI 工具运行相同的 SOAP 信封时出现以下异常，我得到了成功的响应。

线程“主”AxisFault 中出现异常
错误代码：{http://schemas.xmlsoap.org/soap/envelope/}必须理解
故障子代码：错误字符串：不理解“MustUnderstand”标头：
故障演员：
故障节点：
故障详情：
{http://xml.apache.org/axis/}stackTrace：
在 org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:96)
在 org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
在 org.apache.axis.client.Call.invokeEngine(Call.java:2784)
在 org.apache.axis.client.Call.invoke(Call.java:2767)
在 org.apache.axis.client.Call.invoke(Call.java:1910)
在 fibonacci.testing.TestService.main(TestService.java:92)

{http://xml.apache.org/axis/}hostname:localhost

不理解“MustUnderstand”标头：
在 org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:96)
在 org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
在 org.apache.axis.client.Call.invokeEngine(Call.java:2784)
在 org.apache.axis.client.Call.invoke(Call.java:2767)
在 org.apache.axis.client.Call.invoke(Call.java:1910)
在 fibonacci.testing.TestService.main(TestService.java:92)

原文

Please help me in resolving this issue.

I'm writing a java SOAP client to hit a SOAP service of some third party that is working on HTPPS & accepts web-security in header. The soap service called-operation in turn returns a class object.
I have written a class, while invoking the service, I'm getting below exception. I tried to get SOAP Envelop that is sent to the service & executed it with SOAP UI tool & got successful response.
I'm a bit confused whats wrong as in , when I send SOAP envelop with my JAVA SOAP Client I get below exception while running same SOAP envelop with SOAP UI tool , I get successful response.

Exception in thread "main" AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}MustUnderstand
faultSubcode:
faultString: Did not understand "MustUnderstand" header(s):
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:
at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:96)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:1910)
at fibonacci.testing.TestService.main(TestService.java:92)

{http://xml.apache.org/axis/}hostname:localhost

Did not understand "MustUnderstand" header(s):
at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:96)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:1910)
at fibonacci.testing.TestService.main(TestService.java:92)

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

忱杏 2024-12-24 11:51:22

您可能已经检查了以下链接，专门讨论了 Axis 上下文中的 MustUnderstand 错误
http://wso2.org/library /tutorials/understand-known-did-not-understand-mustunderstand-header-s-error

您是否从代码中确认了整个 SOAP 信封以及 SOAP 使用的信封是相同的？在这两种情况下，mustUnderstand 都设置为 1 吗？

回复收藏 0 原文

影子的影子 2024-12-24 11:51:22

我遇到了这个问题，我已经在工作中解决了它......
当您的 server.xsdd 上没有安全处理程序时，就会设置这种类型的消息，

在我的情况下，xsdd 实现是在 axis 1.4 上构建的，使用 java.rmi 和 javax.xml.rpc.Service

如果这是您的情况，您将有 2 个 xsdd，一个用于服务器（您的服务的 ns 声明），另一个用于您的调用的其他设置。

首先我向我的 ns:operation 添加对 oasis security 的引用，之后我向我的服务添加了一个请求流，

它应该是这样的

  <请求流程>
<处理程序类型=“java:org.apache.ws.axis.security.WSDoAllReceiver”>
  />
  <参数名称=“操作”值=“UsernameToken”/>

 <ns1:operation name="YOUR OPERATION NAME" 
 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
 .... other declarations ... />

根据您要创建的安全级别，在您的passwordCallbackClassHandler中，您必须/或不验证用户和密码
处理程序应该是这样的

公共类 PWCallback 实现 CallbackHandler {

  private static final byte[] key = {
    (byte)0x31, (byte)0xfd, (byte)0xcb, (byte)0xda,
    (byte)0xfb, (byte)0xcd, (byte)0x6b, (byte)0xa8,
    (byte)0xe6, (byte)0x19, (byte)0xa7, (byte)0xbf,
    (byte)0x51, (byte)0xf7, (byte)0xc7, (byte)0x3e,
    (byte)0x80, (byte)0xae, (byte)0x98, (byte)0x51,
    (byte)0xc8, (byte)0x51, (byte)0x34, (byte)0x04,
  };

public void handle(Callback[] callbacks)
        throws IOException, UnsupportedCallbackException {
    System.out.println("DENTROOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO");
        for (int i = 0; i < callbacks.length; i++) {
          if (callbacks[i] instanceof WSPasswordCallback) {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
            /*
             * here call a function/method to lookup the password for
             * the given identifier (e.g. a user name or keystore alias)
             * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
             * for testing we supply a fixed name/fixed key here.
             */
            if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
              pc.setKey(key);
            }
            else {
              pc.setPassword("security");
            }
          } else {
            throw new UnsupportedCallbackException(
              callbacks[i], "Unrecognized Callback");
          }
        }
      }

}

希望这对您有帮助
问候

i faced this problem and i have solved it in my job...
this type of message is set when there is no handler for security on you server.xsdd

in my case the xsdd implementation was built on axis 1.4, using java.rmi and javax.xml.rpc.Service

if that is your case, you will have 2 xsdd one for the server (ns declaration of your service) and a deploy.xsdd for other settings of your call.

first i add to my ns:operation this references to oasis security, after that i added to my service a requestflow

it should be something like this

<ns1:service name="YOUR SERVICE">  <!-- wss_username_token_over_ssl -->   <requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
  <parameter name="passwordCallbackClass" value=" YOUR PASSWORD HANDLER JAVA PATH LOCATION"/>
  <parameter name="action" value="UsernameToken"/>
</handler>   </requestFlow>

 <ns1:operation name="YOUR OPERATION NAME" 
 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
 .... other declarations ... />

depending of your security levels to create, in your passwordCallbackClassHandler, you must/or not validate the user and the password
the handler should be something like this

public class PWCallback implements CallbackHandler {

  private static final byte[] key = {
    (byte)0x31, (byte)0xfd, (byte)0xcb, (byte)0xda,
    (byte)0xfb, (byte)0xcd, (byte)0x6b, (byte)0xa8,
    (byte)0xe6, (byte)0x19, (byte)0xa7, (byte)0xbf,
    (byte)0x51, (byte)0xf7, (byte)0xc7, (byte)0x3e,
    (byte)0x80, (byte)0xae, (byte)0x98, (byte)0x51,
    (byte)0xc8, (byte)0x51, (byte)0x34, (byte)0x04,
  };

public void handle(Callback[] callbacks)
        throws IOException, UnsupportedCallbackException {
    System.out.println("DENTROOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO");
        for (int i = 0; i < callbacks.length; i++) {
          if (callbacks[i] instanceof WSPasswordCallback) {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
            /*
             * here call a function/method to lookup the password for
             * the given identifier (e.g. a user name or keystore alias)
             * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
             * for testing we supply a fixed name/fixed key here.
             */
            if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
              pc.setKey(key);
            }
            else {
              pc.setPassword("security");
            }
          } else {
            throw new UnsupportedCallbackException(
              callbacks[i], "Unrecognized Callback");
          }
        }
      }

}

hope this helps you
regards

回复收藏 0 原文

~没有更多了~