问题:
Cybersource org.apache.CXF.binding.soap.soapFault:使用CXF进行安全处理失败
仲孙钊
package com.cybersource.schemas.transaction_data.transactionprocessor;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
imp ort java.rmi.RemoteException;
import java.util.HashMap;
import java.util.Map;
import org.apache.cxf.version.Version;
import com.cybersource.schemas.transaction_data_1.BillTo;
import com.cybersource.schemas.transaction_data_1.CCAuthService;
import com.cybersource.schemas.transaction_data_1.Card;
import com.cybersource.schemas.transaction_data_1.Item;
import com.cybersource.schemas.transaction_data_1.PurchaseTotals;
import com.cybersource.schemas.transaction_data_1.ReplyMessage;
import com.cybersource.schemas.transaction_data_1.RequestMessage;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
//import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.ws.security.handler.WSHandlerConstants;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
public class CybersourceClientExample {
// Replace the MERCHANT_ID and MERCHANT_KEY with the appropriate --donevalues.
private static final String MERCHANT_ID = "MERCHANT_ID ";
private static final String MERCHANT_KEY = "MERCHANT_KEY ";
private static final String SERVER_URL = "https://ics2wstesta.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_1.142.wsdl";
private static final String CLIENT_LIB_VERSION = Version.getCompleteVersionString() + "/1.5.10"; // CXF Version / WSS4J Version
private static final String CLIENT_LIBRARY = "Java CXF WSS4J";
private static final String CLIENT_ENV = System.getProperty("os.name") + "/" +
System.getProperty("os.version") + "/" +
System.getProperty("java.vendor") + "/" +
System.getProperty("java.version");
public static void main(String[] args) throws RemoteException, MalformedURLException {
RequestMessage request = new RequestMessage();
// To help Cybersource troubleshoot any problems that you may encounter,
// include the following information about the client.
addClientLibraryInfo(request);
request.setMerchantID(MERCHANT_ID);
// Internal Transaction Reference Code for the Merchant
request.setMerchantReferenceCode("222222");
// Here we are telling the client that we are going to run an AUTH.
request.setCcAuthService(new CCAuthService());
request.getCcAuthService().setRun("true");
request.setBillTo(buildBillTo());
request.setCard(buildCard());
request.setPurchaseTotals(buildPurchaseTotals());
request.getItem().add(buildItem("0", "12.34", "2"));
request.getItem().add(buildItem("1", "56.78", "1"));
ITransactionProcessor processor = new TransactionProcessor(new URL(SERVER_URL)).getPortXML();
// Add WS-Security Headers to the Request
addSecurityValues(processor);
ReplyMessage reply = processor.runTransaction(request);
System.out.println("decision = " + reply.getDecision());
System.out.println("reasonCode = " + reply.getReasonCode());
System.out.println("requestID = " + reply.getRequestID());
System.out.println("requestToken = " + reply.getRequestToken());
System.out.println("ccAuthReply.reasonCode = " + reply.getCcAuthReply().getReasonCode());
}
private static void addClientLibraryInfo(RequestMessage request) {
request.setClientLibrary(CLIENT_LIBRARY);
request.setClientLibraryVersion(CLIENT_LIB_VERSION);
request.setClientEnvironment(CLIENT_ENV);
}
private static Item buildItem(String id, String unitPrice, String quantity) {
Item item = new Item();
item.setId(new BigInteger(id));
item.setUnitPrice(unitPrice);
item.setQuantity(quantity);
return item;
}
private static PurchaseTotals buildPurchaseTotals() {
PurchaseTotals purchaseTotals = new PurchaseTotals();
purchaseTotals.setCurrency("USD");
purchaseTotals.setGrandTotalAmount("100");
return purchaseTotals;
}
private static Card buildCard() {
Card card = new Card();
card.setAccountNumber("4111111111111111");
card.setExpirationMonth(new BigInteger("12"));
card.setExpirationYear(new BigInteger("2020"));
return card;
}
private static BillTo buildBillTo() {
BillTo billTo = new BillTo();
billTo.setFirstName("John");
billTo.setLastName("Doe");
billTo.setStreet1("1295 Charleston Road");
billTo.setCity("Mountain View");
billTo.setState("CA");
billTo.setPostalCode("94043");
billTo.setCountry("US");
billTo.setEmail("null@cybersource.com");
billTo.setIpAddress("10.7.111.111");
return billTo;
}
private static void addSecurityValues(ITransactionProcessor processor) {
Client client = ClientProxy.getClient(processor);
Endpoint endpoint = client.getEndpoint();
// We'll have to add the Username and Password properties to an OutInterceptor
HashMap<String, Object> outHeaders = new HashMap<String, Object>();
outHeaders.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outHeaders.put(WSHandlerConstants.USER, MERCHANT_ID);
outHeaders.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outHeaders.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordHandler.class.getName());
WSS4JOutInterceptor interceptor = new WSS4JOutInterceptor(outHeaders);
endpoint.getOutInterceptors().add(interceptor);
}
public static class ClientPasswordHandler implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if ((WSPasswordCallback)callback instanceof WSPasswordCallback) {
WSPasswordCallback passwordCallback = (WSPasswordCallback) callback;
passwordCallback.setPassword(MERCHANT_KEY);
}
}
}
}
}
我正面临以下错误。请帮忙。
共有1个答案
况明贤
“导致:java.lang.ClassCastException:org.apache.WSS4J.common.ext.WSPasswordCallback不能强制转换为org.apache.ws.security.WSPasswordCallback at”-看起来您错误地混合了WSS4J版本。您是否验证了类路径上的所有WSS4J JAR都有相同的版本?另外,您是否检查了WSS4J版本是否与您正在使用的CXF版本一起使用?
类似资料:
-
我想做这样的解决方案: cxf-https-soap服务获取请求并将其发送到activemq队列1 服务实现从队列1获取消息,处理它并将其放入队列2 endpoint从队列2获取响应并向客户端发送响应 现在,我提出了一种解决方案,但我不确定如何处理activemq的响应并将其作为SOAP响应发送回去。下面是我的骆驼蓝图。endpoint蓝图: 服务处理器蓝图: 有什么帮助或建议吗?
-
问题内容: 从文档 如果遇到需要插入1000 000行/对象的情况: 为什么我们应该使用这种方法?与StatelessSession一相比,它给我们带来了什么好处: 我的意思是,这个(“替代”)最后一个示例不使用内存,不需要进行同步,清除缓存,那么对于这样的情况,这应该是最佳实践吗?那么为什么要使用前一个呢? 问题答案: 从文档中,您链接到: 特别是,无状态会话不会实现第一级缓存,也不会与任何第二
-
问题内容: 我即将在我的网站中包含一个登录系统,但是我认为使用ajax发送a并从名为login.php的外部php脚本接收确认并以与退出登录相同的方式对安全性不是一个好主意另一个logout.php任何建议 问题答案: 我想不出使用Ajax处理登录和注销的任何安全隐患。在ajax和服务器端层之间来回发送什么内容(只要不从服务器向客户端发送纯文本密码)都没有关系,因为会话将是保持授权状态的会话。 但
-
问题内容: 我有一个独立的应用程序,在该应用程序中,我必须用确认对话框提示用户,以保存他尝试通过关闭系统时所做的更改。 我知道通过使用我们可以做到。 有人可以帮我如何使用信号处理程序吗 问题答案: 2012年5月更新(两年半后) Trejkaz评论: 在当前版本的Java上,此信号处理代码失败,因为“ ”信号“由VM或OS保留”。 此外,当某些东西要求关闭应用程序时,其他有效信号名称实际上都不会触
-
Promise 链在错误(error)处理中十分强大。当一个 promise 被 reject 时,控制权将移交至最近的 rejection 处理程序(handler)。这在实际开发中非常方便。 例如,下面代码中所 fetch 的 URL 是错的(没有这个网站),.catch 对这个 error 进行了处理: fetch('https://no-such-server.blabla') // re
-
我正在尝试设置与spring webflux安全自定义字符串消息,如果登录/注销成功或失败。除“AuthenticationFailureHandler”外,处理程序都在工作。 文档中提到了一些关于“logoutsuccessURL()”的内容,但它并不存在,并且这些处理程序返回的是mono 。 所以我有两个问题: > 如何返回一些字符串作为响应,例如,如果authenticaion失败,那么“无