spring ws 无法验证请求:未找到 WS-Security header
spring ws Could not validate request: No WS-Security header found
我遇到了上面的错误。
Could not validate request: No WS-Security header found
header 以
开头
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
所以我真的不知道它为什么会抱怨。 body 有一个我想解密的加密部分。
注意我实际上并不控制服务器
@Bean
@Throws(Exception::class)
fun wss4jSecurityInterceptor(): Wss4jSecurityInterceptor {
val securityInterceptor = Wss4jSecurityInterceptor()
// set security actions: Timestamp Signature SAMLTokenSigned SAMLTokenUnsigned
securityInterceptor.setSecurementActions("Timestamp Signature UsernameToken")
//securityInterceptor.setValidationCallbackHandler(securityCallbackHandler())
securityInterceptor.setSecurementUsername("USERNAME")
securityInterceptor.setSecurementPassword("PASSWORD")
securityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT)
// sign the request
securityInterceptor.setSecurementUsername(signingCertName)
securityInterceptor.setSecurementPassword(signingCertPassword)
securityInterceptor.setSecurementTimeToLive(5000)
securityInterceptor.setTimestampStrict(false)
securityInterceptor.setSecurementSignatureCrypto(myCrypto())
securityInterceptor.setSecurementSignatureParts(
"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" +
"{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;" +
"{Element}{http://ebs.health.ontario.ca/}EBS;" +
"{Element}{http://idp.ebs.health.ontario.ca/}IDP;"
)
securityInterceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1")
securityInterceptor.setSecurementSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
securityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference")
securityInterceptor.setSecurementMustUnderstand(true)
securityInterceptor.setValidationDecryptionCrypto(myCrypto())
securityInterceptor.setValidationCallbackHandler(keyStoreCallBack())
securityInterceptor.setSecurementEncryptionParts("{Element}{http://hcv.health.ontario.ca/}validateResponse;")
securityInterceptor.setSecurementEncryptionCrypto(myCrypto())
securityInterceptor.setValidationActions("Encrypt")
securityInterceptor.setValidationActor("PASSWORD")
securityInterceptor.afterPropertiesSet()
return securityInterceptor
}
答案是验证演员。我以为是密码字段,但它实际上指定了安全性header。删除它让我通过了错误
我遇到了上面的错误。
Could not validate request: No WS-Security header found
header 以
开头<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
所以我真的不知道它为什么会抱怨。 body 有一个我想解密的加密部分。
注意我实际上并不控制服务器
@Bean
@Throws(Exception::class)
fun wss4jSecurityInterceptor(): Wss4jSecurityInterceptor {
val securityInterceptor = Wss4jSecurityInterceptor()
// set security actions: Timestamp Signature SAMLTokenSigned SAMLTokenUnsigned
securityInterceptor.setSecurementActions("Timestamp Signature UsernameToken")
//securityInterceptor.setValidationCallbackHandler(securityCallbackHandler())
securityInterceptor.setSecurementUsername("USERNAME")
securityInterceptor.setSecurementPassword("PASSWORD")
securityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT)
// sign the request
securityInterceptor.setSecurementUsername(signingCertName)
securityInterceptor.setSecurementPassword(signingCertPassword)
securityInterceptor.setSecurementTimeToLive(5000)
securityInterceptor.setTimestampStrict(false)
securityInterceptor.setSecurementSignatureCrypto(myCrypto())
securityInterceptor.setSecurementSignatureParts(
"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" +
"{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;" +
"{Element}{http://ebs.health.ontario.ca/}EBS;" +
"{Element}{http://idp.ebs.health.ontario.ca/}IDP;"
)
securityInterceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1")
securityInterceptor.setSecurementSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
securityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference")
securityInterceptor.setSecurementMustUnderstand(true)
securityInterceptor.setValidationDecryptionCrypto(myCrypto())
securityInterceptor.setValidationCallbackHandler(keyStoreCallBack())
securityInterceptor.setSecurementEncryptionParts("{Element}{http://hcv.health.ontario.ca/}validateResponse;")
securityInterceptor.setSecurementEncryptionCrypto(myCrypto())
securityInterceptor.setValidationActions("Encrypt")
securityInterceptor.setValidationActor("PASSWORD")
securityInterceptor.afterPropertiesSet()
return securityInterceptor
}
答案是验证演员。我以为是密码字段,但它实际上指定了安全性header。删除它让我通过了错误