当前位置: 文江博客话题详情

Web 服务 - 用户名令牌 - 根据安全策略验证消息时出错错误代码:1000

发布于 2025-01-08 12:16:06 字数 1500 浏览 3 评论 0原文

我正在尝试调用在 wsdl 中配置了用户名令牌的 Web 服务:

<sp:SupportingTokens><wsp:Policy><sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword/>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>

soap 请求包含以下身份验证信息:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>

并且我收到以下错误:

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
  <env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <faultcode>wsse:InvalidSecurity</faultcode>
     <faultstring>Error on verifying message against security policy Error code:1000</faultstring>
  </env:Fault>
</env:Body>
</env:Envelope>

有人可以告诉我我做错了什么吗?

谢谢。

原文

I am trying to call a web service that has username token configured in the wsdl:

<sp:SupportingTokens><wsp:Policy><sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword/>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>

The soap request contains the following information for authentication:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>

and i receive the following error:

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
  <env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <faultcode>wsse:InvalidSecurity</faultcode>
     <faultstring>Error on verifying message against security policy Error code:1000</faultstring>
  </env:Fault>
</env:Body>
</env:Envelope>

Can somebody tell me what am I doing wrong?

Thank you.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

昔梦 2025-01-15 12:16:06

您在调用网络服务时提供了用户名和密码吗?
看起来要么未提供,要么用户名/密码不正确。

have you supplied the username and password while calling the webservice?
Looks like either its not supplied or username/password is incorrect.

回复 原文
稍尽春風 2025-01-15 12:16:06

当从部署在 Weblogic 中的 Servlet 调用 Web 服务时,我们遇到了同样的问题,使用 weblogic.jws.jaxws.ClientPolicyFeatureweblogic.wsee.security.unt.ClientUNTCredentialProvider设置策略,如下所示:

import weblogic.jws.jaxws.ClientPolicyFeature;
import weblogic.jws.jaxws.policy.InputStreamPolicySource;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;

ClientPolicyFeature cpf = new ClientPolicyFeature();
InputStream inputStream = ChangeLogBean.class.getClassLoader().getResourceAsStream("usernametoken.xml");
cpf.setEffectivePolicy(new InputStreamPolicySource(new InputStream[]{inputStream}));

MyServiceWSPortImplService service = new MyServiceWSPortImplService(new URL(myEndpoint.getUrl()), new QName("http://myhost/myservice/V1", "MyServiceWSPortImplService"));
MyService port = service.getMyServicePort(new WebServiceFeature[]{cpf});

ArrayList credentialProviders = new ArrayList();
ClientUNTCredentialProvider untCredentialProvider = new ClientUNTCredentialProvider(myEndpoint.getUser().getBytes(), myEndpoint.getPassword().getBytes());
credentialProviders.add(untCredentialProvider);
Map context = ((BindingProvider)port).getRequestContext();
context.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credentialProviders);

但是我们的应用程序使用的 WebServices 堆栈实际上是 Apache CXF,它有不同的指定策略的方式(通过使用org.apache.neethi.Policy)如下所述:

http://cxf.apache.org/docs/how-to-define-policies.html#HowtoDefinePolicies-Dynamicallyviamessageproperty

因此,CXF 堆栈基本上忽略了 WSSecurityContext.CREDENTIAL_PROVIDER_LIST,我们得到故障:根据安全策略验证消息时出错错误代码:1000

在这种情况下,正确的解决方案是使用中描述的步骤CXF 文档:

  1. 从外部位置获取策略并为当前消息构建它。
  2. 使用 Neethi 库解析 WS-Policy XML。
  3. 将结果 Policy 对象存储到 PolicyConstants.POLICY_OVERRIDE 消息内容属性中。

我只是在这里提到这一点,以防其他人犯下将 CXF 与 Weblogic 混合在一起的错误。 :)

We had the same problem when calling the webservice from a servlet deployed in Weblogic, by using weblogic.jws.jaxws.ClientPolicyFeature and weblogic.wsee.security.unt.ClientUNTCredentialProvider to set the policy, like this:

import weblogic.jws.jaxws.ClientPolicyFeature;
import weblogic.jws.jaxws.policy.InputStreamPolicySource;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;

ClientPolicyFeature cpf = new ClientPolicyFeature();
InputStream inputStream = ChangeLogBean.class.getClassLoader().getResourceAsStream("usernametoken.xml");
cpf.setEffectivePolicy(new InputStreamPolicySource(new InputStream[]{inputStream}));

MyServiceWSPortImplService service = new MyServiceWSPortImplService(new URL(myEndpoint.getUrl()), new QName("http://myhost/myservice/V1", "MyServiceWSPortImplService"));
MyService port = service.getMyServicePort(new WebServiceFeature[]{cpf});

ArrayList credentialProviders = new ArrayList();
ClientUNTCredentialProvider untCredentialProvider = new ClientUNTCredentialProvider(myEndpoint.getUser().getBytes(), myEndpoint.getPassword().getBytes());
credentialProviders.add(untCredentialProvider);
Map context = ((BindingProvider)port).getRequestContext();
context.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credentialProviders);

But the WebServices stack used by our application is actually Apache CXF, which has a different way of specifying the policy (by using org.apache.neethi.Policy) as mentioned here:

http://cxf.apache.org/docs/how-to-define-policies.html#HowtoDefinePolicies-Dynamicallyviamessageproperty

So the CXF stack was basically ignoring the WSSecurityContext.CREDENTIAL_PROVIDER_LIST, and we got the fault: Error on verifying message against security policy Error code:1000

The correct solution in that case is to use the steps described in the CXF documentation:

  1. Get policy from external location and build it for current message.
  2. Parse WS-Policy XML using Neethi library.
  3. Store result Policy object into PolicyConstants.POLICY_OVERRIDE message content property.

I am just mentioning this here in case someone else makes the mistake of mixing CXF with Weblogic. :)

回复 原文
~没有更多了~

关于作者

情感失落者

暂无简介

文章
评论
28 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

李珊平

文章 0 评论 0

Quxin

文章 0 评论 0

范无咎

文章 0 评论 0

github_ZOJ2N8YxBm

文章 0 评论 0

若言

文章 0 评论 0

南…巷孤猫

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文