使用camel cxfendpoint发出调用WS-Security启用服务的问题-没有可用的用户名
我正在尝试使用 ws-security 调用第三方 .net Web 服务,尽管在 WSS4JOutInterceptor 中配置了所有必需的参数,但我还是收到以下异常。
org . Apache . cxf . interceptor . fault:org . Apache . cxf . ws . security . wss4j . policy handlers . transportbindinghandler . handle binding(transportbindinghandler . Java:177)[cxf-rt-ws-security-3 . 0 . 2 . jar:3 . 0 . 2]在org . Apache . cxf . ws . security . wss4j . policy based ws S4 joutinterceptor$policy based ws S4 joutinterceptorinternal . handlemessages
以下是我的cxfendpoint配置
<cxf:cxfEndpoint id="telapoint"
address="https://mycompany.com/APIv2/MyService" wsdlURL="https://mycompany.com/APIv2/MyServices.svc?wsdl">
<cxf:inInterceptors>
<ref bean="loggingInInterceptor" />
</cxf:inInterceptors>
<cxf:outInterceptors>
<ref bean="loggingOutInterceptor" />
<ref bean="wss4jOutInterceptor" />
</cxf:outInterceptors>
<cxf:properties>
<entry key="dataFormat" value="PAYLOAD" />
</cxf:properties>
</cxf:cxfEndpoint</b>>
<bean id="wss4jOutInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken Timestamp" />
<entry key="passwordType" value="PasswordText" />
<entry key="user" value="xxxxxx" />
<entry key="passwordCallbackClass"
value="com.mycompany.t.UTPasswordCallback" />
<entry key="addUsernameTokenNonce" value="true" />
<entry key="addUsernameTokenCreated" value="true" />
</map>
</constructor-arg>
</bean>
下面是骆驼路线
<camelContext xmlns="http://camel.apache.org/schema/spring"
trace="false">
<route id="telaPoint_Camel_Route_with_CXF">
<from uri="timer://foo?fixedRate=true&period=10m" />
<setBody>
<constant>
<![CDATA[
<v2:OrdersGetByStatus xmlns:v2="http://mycompany.com/TelaFuel/v2">
<v2:status>Delivered</v2:status>
</v2:OrdersGetByStatus>
]]>
</constant>
</setBody>
<setHeader headerName="operationName">
<constant>OrdersGetByStatus</constant>
</setHeader>
<setHeader headerName="operationNamespace">
<constant>http://mycompany.com/TelaFuel/v2</constant>
</setHeader>
<to uri="telapoint" />
</route>
</camelContext>
以下是我的POM装饰
<properties>
<camel-version>2.14.1</camel-version>
<log4j-version>1.2.17</log4j-version>
<jaxb-api-version>2.2.12</jaxb-api-version>
<jaxb-impl-version>2.2.11</jaxb-impl-version>
<cxf-version>3.0.2</cxf-version>
<log4j-version>1.2.17</log4j-version>
</properties>
<dependencies>
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-core</artifactId>
<version>${camel-version}</version>
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-spring</artifactId>
<version>${camel-version}</version>
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-cxf</artifactId>
<version>${camel-version}</version>
</dependency>
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-http</artifactId>
<version>${camel-version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>${cxf-version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>${cxf-version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>${cxf-version}</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>${log4j-version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.5</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http-jetty</artifactId>
<version>${cxf-version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
<version>${cxf-version}</version>
</dependency>
</dependencies>
(以下是来自wsdl的ws策略片段)
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:All>
</wsp:ExactlyOne>
共有2个答案
如果我理解正确,您正在尝试为包含的Web服务创建SOAP客户端
这意味着您不应该包含任何 CXF 拦截器(例如 WSS4JOutInterceptor)。您应该适当地配置一个 jaws:client,以便自动检测
看看这些例子:
https://access . Red Hat . com/documentation/en-US/Red _ Hat _ JBoss _ Fuse/6.0/html/Web _ Services _ Security _ Guide/files/STS-Demo-client . html
和
https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Fuse/6.0/html/Web_Services_Security_Guide/files/STS-Demo-Server.html
一个例子可以是:
<jaxws:client
xmlns:tns="http://www.mynamespace.com/test"
id="testSecureSoapClient"
wsdlLocation="wsdl/should_include_policy__definition.wsdl"
address="http://localhost:8192/test"
endpointName="tns:testServicePort"
serviceName="tns:testServiceService"
serviceClass="com.test.TestServicePortType">
<jaxws:properties>
<entry key="ws-security.callback-handler">
<ref component-id="myTestPasswordCallback"/>
</entry>
...
</jaxws:properties>
<jaxws:inInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
</jaxws:outInterceptors>
</jaxws:client>
由于CXF有效负载数据格式不处理soap头,您可能需要将数据格式更改为CXF_MESSAGE或POJO,以强制CXF拦截器处理这些soap头。
-
我有一个基于ofbizsoap的web服务,它是公开的(可以接受请求),并且生成了WSDL代码和WSDL URL。我的问题是,有没有一种方法可以使用CXF Java客户端或JAX-WS客户端使用此web服务? 总的来说,我希望能够将客户机添加到Mule esb组件中,作为Mule流的一部分。我可以使用AXIS2调用Obiz web服务,但Mule ESB似乎不支持AXIS2,这给我带来了另一个问题
-
是否有一种方法可以调用支持Eureka的服务,而无需调用消费者向Eureka注册?或者换句话说,没有@EnableEurekClient注释?或者换言之,是否有一种方法可以从非Spring Java应用程序中使用带状负载平衡器调用支持Eureka的服务? 我无法从文档中得到它。有这样的例子吗?
-
我有一个Angular项目,它将发送一个带有值承载的标头Authoration 在其余部分,服务器运行Spring Boot Spring Security OAuth2ResourceServer。 我有一个安全配置类,它启用了Spring Security,它创建了默认的cors过滤器。 然而,我在运行的浏览器上发现了CORS错误http://localhost:4200. 所以我在Sprin
-
我在web应用程序中使用Spring Security(v3.1.3)进行X.509身份验证。用户和角色存储在数据库中,但我实际上不需要这样做,因为客户端证书的CNs符合“[角色]-[用户名]”模式,这意味着我已经从证书本身获得了用户名和角色。那么,如何不费吹灰之力就消除数据库呢?我应该编写自己的用户服务实现来填充UserDetails,还是有更优雅的方法?
-
我正在研究Spring-WS,它基于手动创建的XSD生成WSDL。 我试图使用Spring-WS将Spring Controller RESTFul API服务公开为WSDL。 那么如何在spring webservice调用时传递{customer-id}呢?如何在spring wsdl定义中指定这个url?
-
我需要调用WildFly 8上可用的JAX-WS Web服务。我从一个简单的例子开始。这是我的网络服务: WSDL 可在以下网址获得: http://localhost:8080/DemoWS/HelloWorld?wsdl 看看Tomcat-CXF的例子,我编写了以下路由: 通过在 Camel 上下文中运行上述代码,将返回以下错误: serviceClass=com.sample。HelloWo