axis2+rampart:必须理解报头安全性检查失败

Question

在服务器内部错误的情况下，我对axis2+rampart WS安全响应有问题。当服务器返回"200 OK“时，一切似乎都正常。如果响应具有适当的时间戳、签名和解密函数响应XML，则由响应部件进行检查。但是当服务器返回"500内部服务器错误“时，axis2 2/rapart会抛出异常：

ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header

我认为答案有问题，并用soapUI进行了测试。有类似的响应，无论是安全的还是解密的。这些响应仅通过HTTP状态、表示错误的XML响应代码和SOAP标记的情况不同。如果有好的反应

<SOAP-ENV:Envelope ...

如有错误：

<soap:Envelope ...

结构的其余部分，包括mustUnderstand="1"都是相同的。

在axis2.xml中，我按照顺序将InFlow和InFaultFlow配置为相同：

<phase name="Addressing">...</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>

我启用了对我的客户的跟踪，如果有良好的响应，我会看到：

DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Invoking Handler 'SecurityInHandler' in Phase 'Security'
...there is decrypted message
DEBUG Thread-11 org.apache.rampart.handler.WSDoAllReceiver - WSDoAllReceiver: exit invoke()
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...

在出现错误的情况下，没有这样的跟踪：

DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "soapmonitorPhase"
DEBUG Thread-11 org.apache.axis2.engine.AxisEngine - MustUnderstand header not processed or registered as understood{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
DEBUG Thread-11 org.apache.axis2.i18n.ProjectResourceBundle - org.apache.axis2.i18n.resource::handleGetObject(mustunderstandfailed)
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

没有SecurityInHandler调用。

我希望看到解密的消息，就像在"200 OK“状态或类似于在soapUI。有什么想法吗?我的配置有什么问题？

编辑

我已经检查过，只有在"500内部服务器错误“的情况下，我才会得到这样的错误。如果服务器回复"200确定“和相同的加密内容，那么axis2能够解密它！

Answer 1

我会回答自己：

我搜索了Rampart的资料来源，看看SecurityInHandler在哪里。它是在META-INF/module.xml of rampart-1.5.1.mar，但只在<InFlow>部分。我把它复制到<InFaultFlow>上，它就能工作了！现在，我的<InFaultFlow>部分看起来如下：

<InFaultFlow>
    <handler name="PolicyBasedSecurityInHandler" class="org.apache.rampart.handler.RampartReceiver">
        <order phase="Security" phaseFirst="true"/>
    </handler>
    <handler name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
        <order phase="Security"/>
    </handler>
    <handler name="PostDispatchVerificationHandler" class="org.apache.rampart.handler.PostDispatchVerificationHandler">
        <order phase="Dispatch" phaseLast="true"/>
    </handler>
</InFaultFlow>