小贝子编程

通过代码配置STS/WS-Trust的CXF



我喜欢使用CXF访问受STS/WS-Trust保护的SOAP服务。当我被迫减少依赖时,我使用CXFBusFactory代替spring配置。这意味着我被迫通过代码进行配置,这在web上很少有文档记录和流行。

谁能指出哪些配置设置缺失以及如何通过代码设置它们?

我:

private static void testSo(String endpointUrl, String username, String password) {
    String busFactory = System.getProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME);
    try {
        // Setup the system properties to use the CXFBusFactory not the SpringBusFactory
        System.setProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME, "org.apache.cxf.bus.CXFBusFactory");
        CXFBusFactory bf = new CXFBusFactory();         
        Bus bus = bf.createBus();
        bus.getFeatures().add(new org.apache.cxf.feature.LoggingFeature());
        STSClient stsClient = new STSClient(bus);
        stsClient.setWsdlLocation("https://example.com/adfs/services/trust/mex");
        stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}CustomBinding_IWSTrustFeb2005Async");
        bus.setProperty("ws-security.callback-handler", "com.example.ClientCallbackHandler");
        bus.setProperty("ws-security.username", username);
        bus.setProperty("ws-security.password", password);
        bus.setProperty("ws-security.sts.client", stsClient);
        BusFactory.setDefaultBus(bus);
        BusFactory.setThreadDefaultBus(bus);
        URL wsdlUrl = new URL(endpointUrl + "?singleWsdl");
        Service ss = OrganizationService.create(wsdlUrl, SERVICE_NAME);         
        IOrganizationService port = ss.getPort(IOrganizationService.class);
        ColumnSet cs = new ColumnSet();
        cs.setAllColumns(true);
        Entity e = port.retrieve("account", "323223", cs);          
    } catch (Exception ex) {
        ex.printStackTrace();
    } finally {
        // clean up the system properties
        if (busFactory != null) {
            System.setProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME, busFactory);
        } else {
            System.clearProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME);
        }
    }
}

如果重要的话,目标服务是MS CRM 2013。

这是我从CXF日志记录中得到的:

Jul 25, 2014 12:24:55 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNUNG: No assertion builder for type {http://schemas.microsoft.com/xrm/2011/Contracts/Services}AuthenticationPolicy registered.
Jul 25, 2014 12:24:55 PM org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder build
WARNUNG: sp:HttpsToken/wsp:Policy should have a value!

然后这个例外:

javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied.
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158)
    at com.sun.proxy.$Proxy46.retrieve(Unknown Source)

Update 1:我认为主要问题是通过代码设置sp:HttpsToken/wsp:Policy。很多时候,网络向我展示了这个示例弹簧配置,但我不知道如何用代码复制(Client client = ClientProxy.getClient(port);让我的客户端)。例子:

  <sp:TransportBinding>
    <wsp:Policy>
        <sp:TransportToken>
            <wsp:Policy>
                <sp:HttpsToken/>
            </wsp:Policy>
        </sp:TransportToken>
        <sp:AlgorithmSuite>
            <wsp:Policy>
                <sp:Basic256/>
            </wsp:Policy>
        </sp:AlgorithmSuite>
        <sp:Layout>
            <wsp:Policy>
                <sp:Lax/>
            </wsp:Policy>
        </sp:Layout>
        <sp:IncludeTimestamp/>
    </wsp:Policy>
  </sp:TransportBinding>

更新2:这是服务服务器的WSDL策略:

<wsp:Policy wsu:Id="CustomBinding_IOrganizationService_policy">
<wsp:ExactlyOne>
<wsp:All>
<ms-xrm:AuthenticationPolicy xmlns:ms-xrm="http://schemas.microsoft.com/xrm/2011/Contracts/Services">
<ms-xrm:Authentication>Federation</ms-xrm:Authentication>
<ms-xrm:SecureTokenService>
<ms-xrm:Identifier>http://sts1.example.com/adfs/services/trust</ms-xrm:Identifier>
</ms-xrm:SecureTokenService>
</ms-xrm:AuthenticationPolicy>
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<Issuer xmlns="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<Address xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</Address>
<Metadata xmlns="http://www.w3.org/2005/08/addressing">
<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<wsx:MetadataSection xmlns="">
<wsx:MetadataReference>
<Address xmlns="http://www.w3.org/2005/08/addressing">https://sts1.edrcrm.com/adfs/services/trust/mex</Address>
</wsx:MetadataReference>
</wsx:MetadataSection>
</Metadata>
</Metadata>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
</trust:KeyType>
<trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize>
<trust:Claims xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity">
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"/>
</trust:Claims>
<trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

请求+响应消息是什么样子的?化粪池系统的保安政策是什么?HttpsToken是一个转移注意力的东西,它只是一个警告,在这个实例中,STS的安全策略并不严格符合规范。

投资银行部。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium