Apache CXF - 无法满足任何策略替代例外

Question

我正在为此https://efactura.dgi.gub.uy:6470/ePrueba/ws_personaGetActEmpresarialPrueba?wsdl第三方wsdl实施webservice客户端。

我使用apache-cxf-3.0.4 wsdl2java生成java clases。

端点需要使用带有X.509证书签名的ws-security进行签名。为了解决这个问题，我配置了一些Out拦截器，但是我得到了一个“无法满足任何策略选择”的例外情况。

这里是配置的拦截器，做德SOAP调用的代码：

Map<String, Object> outProps = new HashMap<String, Object>(); 
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.TIMESTAMP); 
outProps.put(WSHandlerConstants.SIGNATURE_PARTS, ""); 
outProps.put(WSHandlerConstants.USER, "<aliasCertName>"); 
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientCallbackHandler.class.getName()); 
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "client_sign.properties"); 
outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.2/ws-securitypolicy-1.2.xsd}SignedParts;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;"); 
outProps.put(WSHandlerConstants.ENCRYPTION_PARTS, "{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"); 
outProps.put(WSHandlerConstants.ENC_PROP_FILE, "client_sign.properties"); 


/* 
* Create service, port and send the request 
*/ 
ObjectFactory objectFactory = new ObjectFactory(); 
WSPersonaGetActEmpresarialExecute req = objectFactory.createWSPersonaGetActEmpresarialExecute(); 
req.setRut("21047573001133"); 
WSPersonaGetActEmpresarial service = new WSPersonaGetActEmpresarial(); 
WSPersonaGetActEmpresarialSoapPort port = service.getWSPersonaGetActEmpresarialSoapPort(); 

//Obtain a reference to the CXF endpoint using the ClientProxy helper: 
Client client = ClientProxy.getClient(wsPersonaGetActEmpresarialSoapPort); 
client.getOutInterceptors().add(new WSS4JOutInterceptor(outProps)); 


WSPersonaGetActEmpresarialExecuteResponse response = port.execute(req); 

和异常：

03:07:26.227 [main] WARN o.a.c.w.p.AssertionBuilderRegistryImpl - No assertion builder for type {http://www.datapower.com/extensions}summary registered. 
03:07:26.229 [main] WARN o.a.c.w.p.AssertionBuilderRegistryImpl - No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512}SignedParts registered. 
03:07:26.232 [main] DEBUG o.a.cxf.ws.policy.PolicyEngineImpl - Alternative {http://www.datapower.com/extensions}summary is not supported 
03:07:26.233 [main] DEBUG o.a.cxf.ws.policy.PolicyEngineImpl - Alternative {http://www.datapower.com/extensions}summary is not supported 
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied. 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161) 
    at com.sun.proxy.$Proxy33.execute(Unknown Source) 
    at tests.consultaPorRUT.main(consultaPorRUT.java:150) 
Caused by: org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied. 
    at org.apache.cxf.ws.policy.EndpointPolicyImpl.chooseAlternative(EndpointPolicyImpl.java:172) 
    at org.apache.cxf.ws.policy.EndpointPolicyImpl.finalizeConfig(EndpointPolicyImpl.java:146) 
    at org.apache.cxf.ws.policy.EndpointPolicyImpl.initialize(EndpointPolicyImpl.java:142) 
    at org.apache.cxf.ws.policy.PolicyEngineImpl.createEndpointPolicyInfo(PolicyEngineImpl.java:584) 
    at org.apache.cxf.ws.policy.PolicyEngineImpl.getEndpointPolicy(PolicyEngineImpl.java:313) 
    at org.apache.cxf.ws.policy.PolicyEngineImpl.getClientEndpointPolicy(PolicyEngineImpl.java:294) 
    at org.apache.cxf.ws.policy.PolicyDataEngineImpl.getClientEndpointPolicy(PolicyDataEngineImpl.java:61) 
    at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:318) 
    at org.apache.cxf.transport.http.HTTPConduit.updateClientPolicy(HTTPConduit.java:338) 
    at org.apache.cxf.transport.http.HTTPConduit.getClient(HTTPConduit.java:855) 
    at org.apache.cxf.transport.http.HTTPConduit.configureConduitFromEndpointInfo(HTTPConduit.java:360) 
    at org.apache.cxf.transport.http.HTTPConduit.finalizeConfig(HTTPConduit.java:440) 
    at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit(HTTPTransportFactory.java:242) 
    at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:222) 
    at org.apache.cxf.binding.soap.SoapTransportFactory.getConduit(SoapTransportFactory.java:229) 
    at org.apache.cxf.endpoint.AbstractConduitSelector.createConduit(AbstractConduitSelector.java:145) 
    at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit(AbstractConduitSelector.java:107) 
    at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare(UpfrontConduitSelector.java:63) 
    at org.apache.cxf.endpoint.ClientImpl.prepareConduitSelector(ClientImpl.java:849) 
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:509) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) 
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) 
    ... 2 more 

如何需要解决这个错误？

Answer 1

当WSDL中存在安全策略时，可以使用不同的方式来配置WS-Security。您正在通过基于“操作”的方法配置WS-Security。但是，从WSDL看，这项政策并不是标准。所以你可能会更好地保持你当前的配置，但为客户端代码编写一个拦截器来声明相关策略。

Answer 2

，我可以从exception.It看到好像你已经配置了太多令牌系统，如：用户名令牌轮廓，采用X509v3令牌证书，SAML令牌等或其中ATLEAST一个 /和无它们与提供者策略相匹配[提供者为他的所有客户端配置了多个令牌系统凭证]。您的配置必须至少与供应商推荐的凭证令牌之一匹配，如用户名令牌和x509令牌证书，以便您可以访问服务[我认为运行时将确定哪些策略相交]。