我正在尝试创建一个启用了安全性的JAX-WS Web服务。我关注了这个教程,并使用我自己以前构建的Web服务完成了这项工作。这只是一个返回当前时间的简单Web服务。因此,客户端是一个独立的Java应用程序,客户端代码如下:
public class CallWS {
public static void main(String[] args) {
TimeService ts = new TimeService();
Time time = ts.getTimePort();
System.out.println(time.timeOfDay());
}
}
但我得到了以下例外:
SEVERE: WSSTUBE0023: Error in creating new instance of SecurityClientTube
java.lang.RuntimeException: WSSTUBE0016: TrustStore URL was obtained as NULL from ConfigAssertion.
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.populateTruststoreProps(SecurityTubeBase.java:1411)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.populateConfigProperties(SecurityTubeBase.java:1314)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.configureClientHandler(SecurityClientTube.java:779)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.<init>(SecurityClientTube.java:170)
at com.sun.xml.wss.provider.wsit.SecurityTubeFactory.createTube(SecurityTubeFactory.java:227)
at com.sun.xml.ws.assembler.TubeCreator.createTube(TubeCreator.java:77)
at com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$MetroTubelineAssembler.createClient(TubelineAssemblerFactoryImpl.java:121)
at com.sun.xml.ws.client.Stub.createPipeline(Stub.java:224)
at com.sun.xml.ws.client.Stub.<init>(Stub.java:201)
at com.sun.xml.ws.client.Stub.<init>(Stub.java:174)
at com.sun.xml.ws.client.sei.SEIStub.<init>(SEIStub.java:81)
at com.sun.xml.ws.client.WSServiceDelegate.createEndpointIFBaseProxy(WSServiceDelegate.java:602)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:344)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:326)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:308)
at javax.xml.ws.Service.getPort(Service.java:99)
at wsclient.TimeService.getTimePort(TimeService.java:72)
at main.CallWS.main(CallWS.java:19)
Exception in thread "main" java.lang.RuntimeException: WSSTUBE0023: Error in creating new instance of SecurityClientTube
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.<init>(SecurityClientTube.java:175)
at com.sun.xml.wss.provider.wsit.SecurityTubeFactory.createTube(SecurityTubeFactory.java:227)
at com.sun.xml.ws.assembler.TubeCreator.createTube(TubeCreator.java:77)
at com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$MetroTubelineAssembler.createClient(TubelineAssemblerFactoryImpl.java:121)
at com.sun.xml.ws.client.Stub.createPipeline(Stub.java:224)
at com.sun.xml.ws.client.Stub.<init>(Stub.java:201)
at com.sun.xml.ws.client.Stub.<init>(Stub.java:174)
at com.sun.xml.ws.client.sei.SEIStub.<init>(SEIStub.java:81)
at com.sun.xml.ws.client.WSServiceDelegate.createEndpointIFBaseProxy(WSServiceDelegate.java:602)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:344)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:326)
at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:308)
at javax.xml.ws.Service.getPort(Service.java:99)
at wsclient.TimeService.getTimePort(TimeService.java:72)
at main.CallWS.main(CallWS.java:19)
Caused by: java.lang.RuntimeException: WSSTUBE0016: TrustStore URL was obtained as NULL from ConfigAssertion.
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.populateTruststoreProps(SecurityTubeBase.java:1411)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.populateConfigProperties(SecurityTubeBase.java:1314)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.configureClientHandler(SecurityClientTube.java:779)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.<init>(SecurityClientTube.java:170)
... 14 more
Java Result: 1
我使用了与教程中提到的相同的安全机制(使用对称密钥的用户名验证),并在客户端和服务器端环境中遵循了完全相同的步骤。
我正在使用
- Netbeans 7.0.1
- Glassfish 3.1
- Java EE 6
- JDK 7
- Metro 2.0库
wsit ws.Time
<?xml version="1.0" encoding="UTF-8"?>
<definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="TimeService" targetNamespace="http%3A%2F%2Fns.soacookbook.com" xmlns:tns="http%3A%2F%2Fns.soacookbook.com" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:sc="http://schemas.sun.com/2006/03/wss/server" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy" xmlns:wsp1="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsaw="http://www.w3.org/2005/08/addressing" xmlns:fi="http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service" xmlns:tcp="http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service" xmlns:sp1="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
>
<message name="timeOfDay"/>
<message name="timeOfDayResponse"/>
<portType name="Time">
<operation name="timeOfDay">
<input message="tns:timeOfDay"/>
<output message="tns:timeOfDayResponse"/>
</operation>
</portType>
<binding name="TimePortBinding" type="tns:Time">
<wsp1:PolicyReference URI="#TimePortBindingPolicy"/>
<operation name="timeOfDay">
<input>
<wsp1:PolicyReference URI="#TimePortBinding_timeOfDay_Input_Policy"/>
</input>
<output>
<wsp1:PolicyReference URI="#TimePortBinding_timeOfDay_Output_Policy"/>
</output>
</operation>
</binding>
<service name="TimeService">
<port name="TimePort" binding="tns:TimePortBinding"/>
</service>
<wsp1:Policy wsu:Id="TimePortBindingPolicy">
<wsp1:ExactlyOne>
<wsp1:All>
<wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" wsp1:Optional="false"/>
<sp1:SymmetricBinding>
<wsp1:Policy>
<sp1:ProtectionToken>
<wsp1:Policy>
<sp1:X509Token sp1:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp1:Policy>
<sp1:WssX509V3Token10/>
<sp1:RequireIssuerSerialReference/>
</wsp1:Policy>
</sp1:X509Token>
</wsp1:Policy>
</sp1:ProtectionToken>
<sp1:Layout>
<wsp1:Policy>
<sp1:Strict/>
</wsp1:Policy>
</sp1:Layout>
<sp1:IncludeTimestamp/>
<sp1:OnlySignEntireHeadersAndBody/>
<sp1:AlgorithmSuite>
<wsp1:Policy>
<sp1:Basic128/>
</wsp1:Policy>
</sp1:AlgorithmSuite>
</wsp1:Policy>
</sp1:SymmetricBinding>
<sp1:Wss11>
<wsp1:Policy>
<sp1:MustSupportRefIssuerSerial/>
<sp1:MustSupportRefThumbprint/>
<sp1:MustSupportRefEncryptedKey/>
</wsp1:Policy>
</sp1:Wss11>
<sp1:SignedSupportingTokens>
<wsp1:Policy>
<sp1:UsernameToken sp1:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp1:Policy>
<sp1:WssUsernameToken10/>
</wsp1:Policy>
</sp1:UsernameToken>
</wsp1:Policy>
</sp1:SignedSupportingTokens>
<sc:KeyStore wspp:visibility="private" location="/home/oshadha/.netbeans/7.0/config/GF3_113/domain1/config/keystore.jks" type="JKS" storepass="changeit" alias="xws-security-server"/>
</wsp1:All>
</wsp1:ExactlyOne>
</wsp1:Policy>
<wsp1:Policy wsu:Id="TimePortBinding_timeOfDay_Input_Policy">
<wsp1:ExactlyOne>
<wsp1:All>
<sp1:EncryptedParts>
<sp1:Body/>
</sp1:EncryptedParts>
<sp1:SignedParts>
<sp1:Body/>
<sp1:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="AckRequested" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp1:Header Name="SequenceAcknowledgement" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp1:Header Name="Sequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp1:Header Name="CreateSequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
</sp1:SignedParts>
</wsp1:All>
</wsp1:ExactlyOne>
</wsp1:Policy>
<wsp1:Policy wsu:Id="TimePortBinding_timeOfDay_Output_Policy">
<wsp1:ExactlyOne>
<wsp1:All>
<sp1:EncryptedParts>
<sp1:Body/>
</sp1:EncryptedParts>
<sp1:SignedParts>
<sp1:Body/>
<sp1:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp1:Header Name="AckRequested" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp1:Header Name="SequenceAcknowledgement" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp1:Header Name="Sequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
<sp1:Header Name="CreateSequence" Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
</sp1:SignedParts>
</wsp1:All>
</wsp1:ExactlyOne>
</wsp1:Policy>
</definitions>
当您使用Netbeans为Web服务客户端配置证书时(与开发默认值一样),有时不会将正确的配置写入配置文件。因此,在这种情况下,您必须手动添加正确的配置。
在这种情况下,缺少的情况是客户端配置中密钥库sit-client.xml或从中导入的另一个配置文件中。
<sc:KeyStore wspp:visibility="private" location="/home/username/.netbeans/7.0/config/GF3_113/domain1/config/keystore.jks" type="JKS" storepass="changeit" alias="xws-security-server"/>
这可以通过Netbeans提供的UI界面来完成,也可以始终使用文件编辑器。可以从wsit ws获取位置。webservice实现中的[Servicename]。