CXF WSS4J拦截器

Question

我正在尝试使用以下代码配置WSS4J拦截器：

        try {

        Map<String, Object> outProps = new HashMap<String, Object>();

        outProps.put(WSHandlerConstants.ACTION,
                WSHandlerConstants.TIMESTAMP + " "
                        + WSHandlerConstants.SIGNATURE + " "
                        + WSHandlerConstants.ENCRYPT);
        outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
        outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                ClientKeystorePasswordCallback.class.getName());
        outProps.put(WSHandlerConstants.SIG_PROP_FILE,
                "clientWSsec-PC165.properties");
        outProps.put(WSHandlerConstants.ENC_PROP_FILE,
                "clientWSsec-PC165-Srv.properties");
        outProps.put(WSHandlerConstants.SIGNATURE_USER, "clientKey");
        outProps.put(WSHandlerConstants.ENCRYPTION_USER, "serverKey");

        Map<String, Object> inProps = new HashMap<String, Object>();

        inProps.put("action", "Timestamp Signature Encrypt");
        inProps.put("passwordType", "PasswordText");
        inProps.put("passwordCallbackClass",
                "utils.ClientKeystorePasswordCallback");
        inProps.put("signatureUser", "clientKey");
        inProps.put("encryptionUser", "serverKey");
        inProps.put("encryptionPropFile", "clientWSsec-PC165.properties");
        inProps.put("signaturePropFile", "clientWSsec-PC165.properties");


        DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker();
        coverageChecker.setSignBody(true);
        coverageChecker.setSignTimestamp(true);
        coverageChecker.setEncryptBody(true);

        Service service = new Service ();
        WsService  wsService = service.getWsServiceSOAP();

        org.apache.cxf.endpoint.Client client = ClientProxy
                .getClient(wsService);
        client.getInInterceptors().add(new WSS4JInInterceptor(inProps));
        client.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
        client.getInInterceptors().add(coverageChecker);

        ResponseType parameters1 = new ResponseType();
        wsService.getResponse(getServiceHeader(),
                parameters1);

    } catch (UndeclaredThrowableException ex) {
        ex.getUndeclaredThrowable().printStackTrace();
    } catch (Exception ex) {
        ex.printStackTrace();
    }

但是我得到了这个错误：

javax.xml.ws.soap.SOAPFaultException: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a ws-security.signature.properties element within it.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)
at $Proxy29.getResponse(Unknown Source)
at utils.Client.main(Client.java:118)

Caused by: org.apache.cxf.ws.policy.PolicyException: Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a ws-security.signature.properties element within it.
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:313)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getSignatureBuilder(AbstractBindingBuilder.java:1827)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignature(AsymmetricBindingHandler.java:567)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:147)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:176)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:90)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135)
... 2 more

我想知道我的代码中是否遗漏了什么，或者我是否没有正确地执行它。

谢谢!

Answer 1

您正在使用WSS4JOutInterceptor/WSS4JInInterceptor混合“基于操作”的配置和“基于策略”的配置。在您的示例中，有一个WS-SecurityPolicy (AsymmetricBinding)，CXF WS-Security运行时使用它来配置安全性。在这种情况下，您不需要显式配置WSS4JOutInterceptor。相反，您需要做的是添加相关的安全属性。下面是一个(代码)示例：

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java;hb=fd92c807e8773c363df37cfaf946971f5bac763b

特别是：

client.getRequestContext().put("ws-security.username"，"bob")；

client.getRequestContext().put("ws-security.encryption.properties"，"bob.properties")；

等。

科尔姆。

Answer 2

您使用的是什么版本的CXF？

我在CXF 2.7.11中也遇到了同样的问题。该问题在2.7.1版中不会出现。

您也可以尝试使用最新的3.0版本。