使用SOAPUI测试WS安全性 - 在消息有效负载中使用安全标头



我是Web服务和WS安全的新手。我使用CFX Interceptor有一个示例Web服务。以下是我拥有的配置文件。

cfx-servelet.xml:

 <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:jaxws="http://cxf.apache.org/jaxws"
        xsi:schemaLocation="
             http://www.springframework.org/schema/beans 
             http://www.springframework.org/schema/beans/spring-beans.xsd
             http://cxf.apache.org/jaxws
             http://cxf.apache.org/schemas/jaxws.xsd">
        <jaxws:endpoint 
           id="doubleit"
           implementor="service.DoubleItPortTypeImpl"
          address="/doubleit" >
          <!-- Uncomment only if using WS-SecurityPolicy
          <jaxws:properties>
             <entry key="ws-security.callback-handler" value-ref="myPasswordCallback"/>
          </jaxws:properties>
          -->
          <!-- Uncomment only if using standard WSS4J interceptors -->
          <jaxws:inInterceptors>
             <bean
                    class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
                <constructor-arg>
                   <map>
                      <entry key="action" value="UsernameToken"/>
                      <entry key="passwordType" value="PasswordText"/>
                      <entry key="passwordCallbackRef" value-ref="myPasswordCallback"/>
                   </map>
               </constructor-arg>
             </bean>
          </jaxws:inInterceptors>
       </jaxws:endpoint>
      <bean id="myPasswordCallback" class="service.ServerPasswordCallback" />
    </beans>

使用SOAPUI工具在HTTP标头(不在消息有效载荷中)中生成安全属性时,它会起作用。但是我需要传递WSSE:消息有效载荷中的安全属性(如下所示)

肥皂请求:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"        xmlns:doub="http://www.example.org/schema/DoubleIt">
<soapenv:Header>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-   open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-27777511" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>joe</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">joespassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
   <soapenv:Body>
      <doub:DoubleIt>
         <numberToDouble>10</numberToDouble>
      </doub:DoubleIt>
   </soapenv:Body>
</soapenv:Envelope>

它给出错误消息:

肥皂响应:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Body>
      <soap:Fault>
         <faultcode>soap:Server</faultcode>
         <faultstring>Fault occurred while processing.</faultstring>
      </soap:Fault>
   </soap:Body>
</soap:Envelope>

日志文件具有以下例外:

2014-03-07 15:44:20,438 [http-8080-1] WARN  org.apache.cxf.phase.PhaseInterceptorChain    - Interceptor for {http://www.example.org/contract/DoubleIt}DoubleItService has thrown exception, unwinding now
    java.lang.NullPointerException
        at org.apache.cxf.staxutils.StaxUtils.getDocument(StaxUtils.java:944)
        at org.apache.cxf.staxutils.StaxUtils.readDocElements(StaxUtils.java:981)
        at     org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInInterceptor.java:223)
        at     org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getSOAPMessage(WSS4JInInterceptor.java:     154)
        at   org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:203)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:89)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at   org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
        at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
        at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.connecture.stateadvantage.ui.healthplanmanagement.PublicResourceFilter.doFilter(PublicResourceFilter.java:120)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.connecture.services.planservice.ui.PublicResourceFilter.doFilter(PublicResourceFilter.java:108)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.connecture.services.applicationservice.ui.PublicResourceFilter.doFilter(PublicResourceFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
        at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
        at com.connecture.securityservice.ui.SecAnonymousAuthenticationFilter.doFilter(SecAnonymousAuthenticationFilter.java:51)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
        at com.connecture.securityservice.ui.SecureLoginCookieFilter.doFilter(SecureLoginCookieFilter.java:122)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
        at com.connecture.stateadvantage.ui.common.TimerFilter.doFilter(TimerFilter.java:37)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:879)
        at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:600)
        at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1703)
        at java.lang.Thread.run(Unknown Source)

有人可以告诉我我是否在标题上做错了什么?任何帮助将不胜感激。

谢谢

在"肥皂请求:"您提供的示例中,有两个问题:

  1. 有重复的<soapenv:Header>标签
  2. xmlns:wsse="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd中有Whitespace

相关内容

  • 没有找到相关文章

最新更新