Apache CXF 3.0.4和Wss4j，与KeyIdentifier问题EncryptedKeySHA1

Question

我正在使用CXF 3.0.4来加密Webservice，并且我想将KeyIdentifier设置为EncryptedKeySHA1。为此，我将参数<entry key="encryptionKeyIdentifier" value="EncryptedKeySHA1"></entry>添加到WSS4JOutInterceptor bean的context.xml中。

但在出站请求，我得到了：

<wsse:SecurityTokenReference> 
    <wsse:KeyIdentifier 
     EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">QgB9VjsaVwwYNx/MowOS058pegY=</wsse:KeyIdentifier> 
</wsse:SecurityTokenReference> 

所以很奇怪地我有一个指纹keyIdentifier。这是一个错误，还是我需要配置它不同？

PS：这里是完整的applicationContext.xml：

<context:property-placeholder location="classpath:test.properties" /> 

    <bean id="ProjectServices" class="primavera.ws.ProjectPortType" 
     factory-bean="clientFactory" factory-method="create" /> 
    <bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> 
     <property name="serviceClass" value="primavera.ws.ProjectPortType" /> 
     <property name="address" 
      value="http://port-128:8206/p6ws/services/ProjectService" /> 
     <property name="inInterceptors"> 
      <list> 
       <ref bean="logIn" /> 
       <ref bean="signResponse" /> 
      </list> 
     </property> 
     <property name="outInterceptors"> 
      <list> 
       <ref bean="logOut" /> 
       <ref bean="saajOut" /> 
       <ref bean="signRequest" /> 
      </list> 
     </property> 
    </bean> 
    <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" /> 
    <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> 
    <bean id="saajOut" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> 

    <bean id="signRequest" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> 
     <constructor-arg> 
      <map> 
       <entry key="action" value="UsernameToken Timestamp Signature Encrypt" /> 
       <entry key="user" value="username" /> 
       <entry key="passwordType" value="PasswordText" /> 
       <entry key="signatureUser" value="serverwsalias" /> 
       <entry key="encryptionUser" value="serverwsalias" /> 
       <entry key="passwordCallbackClass" value="main.ClientPasswordCallback" /> 
       <entry key="signaturePropFile" value="/crypt.properties"></entry> 
       <entry key="signatureParts" 
        value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;Body" /> 
       <entry key="encryptionPropFile" value="/crypt.properties"></entry> 
       <entry key="encryptionParts" 
        value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken;Body" /> 
       <entry key="encryptionKeyIdentifier" value="EncryptedKeySHA1"></entry> 
      </map> 
     </constructor-arg> 
    </bean> 
    <bean id="signResponse" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> 
     <constructor-arg> 
      <map> 
       <entry key="action" value="Encrypt" /> 
       <entry key="encryptionUser" value="serverwsalias" /> 
       <entry key="decryptionPropFile" value="/crypt.properties"></entry> 
      </map> 
     </constructor-arg> 
    </bean> 
</beans> 

这里是我的pom.xml：

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 
    <modelVersion>4.0.0</modelVersion> 
    <groupId>asco</groupId> 
    <artifactId>testPrimaveraWS</artifactId> 
    <version>1.0</version> 
    <properties> 
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> 
     <cxf.version>3.0.4</cxf.version> 
     <spring.version>3.1.3.RELEASE</spring.version> 
    </properties> 
    <dependencies> 
     <dependency> 
      <groupId>org.springframework</groupId> 
      <artifactId>spring-context</artifactId> 
      <version>4.1.5.RELEASE</version> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework.ws</groupId> 
      <artifactId>spring-ws-security</artifactId> 
      <version>2.2.0.RELEASE</version> 
     </dependency> 
     <dependency> 
      <groupId>org.apache.cxf</groupId> 
      <artifactId>cxf-rt-ws-security</artifactId> 
      <version>${cxf.version}</version> 
     </dependency> 
     <dependency> 
      <groupId>org.apache.cxf</groupId> 
      <artifactId>cxf-rt-databinding-jaxb</artifactId> 
      <version>${cxf.version}</version> 
     </dependency> 
     <dependency> 
      <groupId>org.apache.cxf</groupId> 
      <artifactId>cxf-rt-frontend-jaxws</artifactId> 
      <version>${cxf.version}</version> 
     </dependency> 
     <dependency> 
      <groupId>org.apache.cxf</groupId> 
      <artifactId>cxf-rt-transports-http</artifactId> 
      <version>${cxf.version}</version> 
     </dependency> 
    </dependencies> 
    <build> 
     <plugins> 
      <plugin> 
       <groupId>org.jvnet.jax-ws-commons</groupId> 
       <artifactId>jaxws-maven-plugin</artifactId> 
       <version>2.2</version> 
       <executions> 
        <execution> 
         <id>wsClient</id> 
         <phase>compile</phase> 
         <goals> 
          <goal>wsimport</goal> 
         </goals> 
        </execution> 
       </executions> 
       <configuration> 
        <sourceDestDir>src/main/java</sourceDestDir> 
        <packageName>primavera.ws</packageName> 
        <wsdlUrls> 
         <wsdlUrl>http://port-128:8206/p6ws/services/ProjectService?wsdl</wsdlUrl> 
        </wsdlUrls> 
       </configuration> 
      </plugin> 
     </plugins> 
    </build> 
</project> 

Answer 1

我回答这个CXF邮件列表中的位置：

http://cxf.547215.n5.nabble.com/Apache-CXF-3-0-4-and-Wss4j-problem-with-KeyIdentifier-EncryptedKeySHA1-tp5754719p5754727.html