我在针对使用 cxf 3.0.4 构建实现的服务器验证我的请求时遇到了一些问题。
WSDL 包含以下策略:
<wsp:Policy wsu:Id="MyWSUID">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
但是当我尝试使用以下 wss 安全部分运行请求时,出现错误:
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-AR32019390G5G595L002020395920395">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
这是错误:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}WssUsernameToken10</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
但是当我尝试对具有另一个实现(它是 IBM 的(的服务器运行相同的请求时,它工作正常。我从这里阅读规范
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
而且我没有从我的请求中找到任何错误的证据。
我发现了这个问题,我没有使用PolicyBasedWSS4JInInterceptor。
无论如何,谢谢大家。