我已经将一个 Spring 应用程序从 Java 7 升级到包含加密 Web 服务的 Java 8。如果我使用测试运行肥皂调用,则会收到以下响应:
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring xml:lang="en">com.sun.xml.wss.impl.WssSoapFaultException: Error while getting SecretKey from EncryptedKey; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Error while getting SecretKey from EncryptedKey</faultstring>
</SOAP-ENV:Fault>
当我查看catalina.out时,请参阅以下堆栈跟踪:
16-Nov-2017 15:54:48.109 SEVERE [tomcat-http--4] com.sun.xml.wss.impl.misc.KeyResolver.getKey WSS0284: SOAP Fault Exception Occured
com.sun.xml.wss.XWSSecurityException: Error while getting SecretKey from EncryptedKey
at com.sun.xml.wss.core.EncryptedKeyToken.getSecretKey(EncryptedKeyToken.java:78)
at com.sun.xml.wss.impl.misc.KeyResolver.processSecurityTokenReference(KeyResolver.java:719)
at com.sun.xml.wss.impl.misc.KeyResolver.getKey(KeyResolver.java:135)
at com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:494)
at com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:339)
at com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:143)
at com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:421)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:81)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:252)
at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:849)
at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:801)
at com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:242)
at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:134)
at org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor.validateMessage(XwsSecurityInterceptor.java:163)
at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:124)
at org.springframework.ws.server.endpoint.interceptor.DelegatingSmartEndpointInterceptor.handleRequest(DelegatingSmartEndpointInterceptor.java:80)
at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:227)
at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:176)
at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:89)
at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:61)
at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:293)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
我试图更新或排除一些 wss 库,但没有效果。
有什么想法吗?
谢谢!
最后,我已经解决了这个问题。
JRE 8 中有一些与 xws 安全不兼容的更改。我不得不将类 EncryptedKeyToken 和 EncryptionProcessor 修补到 JRE 8 更改,它似乎工作正常。
更改非常小:
com.sun.xml.wss.core.EncryptedKeyToken
// Starting line 69
xmlc = XMLCipher.getInstance(algorithm);
xmlc.init(XMLCipher.UNWRAP_MODE, null); // First, init with opMode UNWRAP
// leave the next lines
com.sun.xml.wss.impl.apachecrypto.EncryptionProcessor
// changingline 1053
// _dataEncryptor = XMLCipher.getInstance(dataEncAlgo, _dataCipher);
_dataEncryptor = XMLCipher.getInstance(dataEncAlgo);
可以使用 maven 进行修补,可以在此处查找:
如何替换 Maven 依赖项的类?
为了替换,我使用了以下pom:https://pastebin.com/iYcAkpmH