0
我使用wsdl2java工具和独立http服务器创建了CXF Web服务。 wsdl具有指定的ws安全性。如何忽略CXF Web服务中的ws-security标头
我不想强制执行ws-security标头,因为我并不关心它们,但客户端将发送如下的ws-security标头。注意,没有密码只是一个用户名。
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>USER</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
我的选择是什么?
UPDATE: OK我有现在这样:
EndpointImpl impl = (EndpointImpl)Endpoint.publish(address, implementor);
impl.getInInterceptors().add(new LoggingInInterceptor());
impl.getOutInterceptors().add(new LoggingOutInterceptor());
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN_NO_PASSWORD);
inProps.put(WSHandlerConstants.USER, "USER");
impl.getOutInterceptors().add(new WSS4JInInterceptor(inProps));
的客户端如下发送标题:
<soapenv:Header>
<wsa:To>http://www.test.com/Namespace/testb</wsa:To>
<wsa:ReplyTo>
<wsa:Address>http://www.test.com/Namespace/testa</wsa:Address>
</wsa:ReplyTo>
<wsa:Action>http://www.test.com/test</wsa:Action>
<wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing"
>6158a795-46d5-4481-8467-da8ffda95664</wsa:MessageID>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>USER</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
WSDL中的策略是:
<wsp:Policy wsu:Id="RequestPolicy">
<wsp:PolicyReference URI="#RequestAddressingPolicy"/>
</wsp:Policy>
<wsp:Policy wsu:Id="ResponsePolicy">
<!--<wsp:PolicyReference URI="#ResponseAddressingPolicy"/>-->
</wsp:Policy>
<wsp:Policy wsu:Id="RequestAddressingPolicy">
<wsp:All>
<sp:RequiredElements>
<!-- wsa:MessageID -->
<sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'MessageID' and namespace-uri() =
'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
</sp:RequiredElements>
<sp:RequiredElements>
<!-- wsa:Action -->
<sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'Action' and namespace-uri() =
'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
</sp:RequiredElements>
</wsp:All>
</wsp:Policy>
<wsp:Policy wsu:Id="ResponseAddressingPolicy">
<wsp:All>
<sp:RequiredElements>
<!-- wsa:MessageID -->
<sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'MessageID' and namespace-uri() =
'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
</sp:RequiredElements>
<sp:RequiredElements>
<!-- wsa:Action -->
<sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'Action' and namespace-uri() =
'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
</sp:RequiredElements>
<sp:RequiredElements>
<!-- wsa:RelatesTo -->
<sp:XPath>/*[local-name() = 'Envelope']/*[local-name() = 'Header']/*[local-name() = 'RelatesTo' and namespace-uri() =
'http://www.w3.org/2005/08/addressing'][1]</sp:XPath>
</sp:RequiredElements>
</wsp:All>
</wsp:Policy>
不过我得到这个错误:
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]77080e9
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]5100a0c1
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]346e
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor or[email protected]14429e20
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]446563
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor or[email protected]47663389
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]7fcf24
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]ae79
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:268) - Invoking handleMessage on interceptor [email protected]c
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]c
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]ae79
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]7fcf24
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor or[email protected]47663389
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]446563
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor or[email protected]14429e20
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]346e
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]5100a0c1
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]77080e9
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]14
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]
DEBUG [qtp1254651534-15 - /Identity/] (PhaseInterceptorChain.java:437) - Invoking handleFault on interceptor [email protected]
WARN [qtp1254651534-15 - /Identity/] (LogUtils.java:443) - Interceptor for CENSORED has thrown exception, unwinding now
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequiredElements
at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167)
at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101)
at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:355)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:319)
at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1074)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1010)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:361)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:485)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:926)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:988)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:642)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Unknown Source)
谢谢。我用更多信息更新了我的问题。我尝试了你的建议。 – rukiman