SAML授权头-不工作

Question

我正试图在JBoss Fuse中部署SAML安全服务。我咨询过这个链接- http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLAssertionValidation。

我想使用授权头选项，因此已经配置了服务器和客户端，如下所示。我总是得到例外，因为“断言不能被验证”。

服务器日志->

地址：http://...。Http-方法:获取内容-类型:/

标题：{Accept=/，Authorization=SAML -编码-string-，Cache-Control=no-cache，connection=备存，Host=localhost:8181 -type=/，Host=localhost:8181=no-cache，User=Apache 3.0.4，Pragma 620123}

2015年-10-19 16: 52:52:14,536警告: p1930854886-1149连体AbstractSamlInHandler 849 -org.apache.cxf.cxf-rt xml- 3.0.4.redhat-620123必须签署-2015年-10-1916:52:14,536告诫p 19304886-1149 AbstractSamlInHandler 849 -org.apache.cxf.cxf-rs-xml- 3.0.4.redhat-620123断言不能被验证2015年-10-19 16：52:14,536区警告-p 1930854886-1149 WebApplicationExceptionMapper WebApplicationExceptionMapper 128 -org.apache.cxf.cxf-rt-前端-jaxrs- 3.0.4.redhat-620123 javax.ws.rs.NotAuthorizedException: HTTP 401未经授权在org.apache.cxf.jaxrs.utils.ExceptionUtils.toNotAuthorizedException(ExceptionUtils.java:134) at org.apache.cxf.rs.security.saml.AbstractSamlInHandler.throwFault(AbstractSamlInHandler.java:243 at org.apache.cxf.rs.security.saml.AbstractSamlInHandler.throwFault(AbstractSamlInHandler.java:243)在org.apache.cxf.rs.security.saml.AbstractSamlInHandler.validateToken(AbstractSamlInHandler.java:181) at org.apache.cxf.rs.security.saml.AbstractSamlInHandler.validateToken(AbstractSamlInHandler.java:115) at org.apache.cxf.rs.security.saml.AbstractSamlInHandler.validateToken(AbstractSamlInHandler.java:98) at org.apache.cxf.rs.security.saml.AbstractSamlBase64InHandler.handleToken(AbstractSamlBase64InHandler.java:53) at org.apache.cxf.rs.security.saml.SamlHeaderInHandler.filter(org.apache.cxf.jaxrs.utils.JAXRSUtils.runContainerRequestFilters(JAXRSUtils.java:1647) at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:106) at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:77) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) atorg.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:217) at javax.servlet.http.HttpServlet.service(HttpServlet.java:575) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java：在org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:69) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)在org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:240) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:75) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)在org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) at java.lang.Thread.run(Thread.java:745)

服务器->

<jaxrs:server id="service111" address="/saml/test">
    <jaxrs:serviceBeans>
        <ref component-id="serviceBean"/>
    </jaxrs:serviceBeans>
    <jaxrs:features>
        <bean class="org.apache.cxf.jaxrs.swagger.SwaggerFeature"/>
    </jaxrs:features>
    <jaxrs:providers>
        <ref component-id="jaxbProvider" />
        <ref component-id="jsonProvider" />
        <!-- SAML -->
        <ref component-id="samlHandler"/>
    </jaxrs:providers>

    <!-- SAML -->
    <jaxrs:properties>       
        <entry key="ws-security.signature.properties" value="alice.properties"/>
    </jaxrs:properties>
</jaxrs:server>

<!-- SAML -->
<!-- Authorization Header -->
<bean id="samlHandler" class="org.apache.cxf.rs.security.saml.SamlHeaderInHandler"/>

客户端代码->

公共类JavaTestAPI {

/*
 * SAML
 */
private WebClient createWebClient(String address) {
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();

    bean.setAddress(address);

    Map<String, Object> properties = new HashMap<String, Object>();
    /*properties.put("ws-security.callback-handler", "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
    properties.put("ws-security.saml-callback-handler", "org.apache.cxf.systest.jaxrs.security.saml.SamlCallbackHandler");
    */
    properties.put("ws-security.callback-handler", "org.rest.test.saml.KeystorePasswordCallback");
    properties.put("ws-security.saml-callback-handler", "org.rest.test.saml.SamlCallbackHandler");
    properties.put("ws-security.signature.username", "alice");
    properties.put("ws-security.signature.properties", "alice.properties");
    properties.put("ws-security.self-sign-saml-assertion", "true");
    bean.setProperties(properties);

    bean.getOutInterceptors().add(new SamlHeaderOutInterceptor());

    return bean.createWebClient();
}

public static void main(String[] args) {
    JavaTestSolrAPI test = new JavaTestAPI();
    String address = "http://localhost:8181/cxf/saml/test/1.0.0?codes=usa,ger&format=json";

    System.out.println("before createWebClient..");
    WebClient wc = test.createWebClient(address);
    System.out.println("wc=" + wc);
    Response resp = wc.get();
    System.out.println("after response=" + resp.getStatus());
    System.out.println("response=" + resp.readEntity(String.class));
}
}

Answer 1

我不确定这是否是问题的根源，但似乎您要返回的断言语句在什么时候没有签名。