SOAP WSS4JInInterceptor 安全处理失败(操作不匹配)
SOAP WSS4JInInterceptor Security processing failed (actions mismatch)
几天来,我一直在努力尝试让一个简单的 SOAP 请求通过 WS-Security,在收到许多电子邮件之后,我终于能够从服务提供商那里获得一些日志...
请注意,网络服务是 SOAP 1.2
2021-04-11 23:49:24,052:INFO :ajp-nio-127.0.0.1-8009-exec-5:ptor.Soap12FaultOutInterceptor:class org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternalapplication/soap+xml
2021-04-11 23:49:47,867:WARN :ajp-nio-127.0.0.1-8009-exec-28:urity.wss4j.WSS4JInInterceptor:Security processing failed (actions mismatch)
2021-04-11 23:49:47,867:WARN :ajp-nio-127.0.0.1-8009-exec-28:xf.phase.PhaseInterceptorChain:Interceptor for {http://[redacted]/rti/cdd/wsdl}CDDService has thrown exception, unwinding now
遗憾的是,这并没有多大帮助,因为在搜索这个错误时它似乎很模棱两可,其中一个提到了 WSS4JInInterceptor 中的一个错误,其中 body 打开标记和第一个节点之间有空格可能会导致这种情况,但是即使删除了那个空格,我仍然会收到同样的错误。
这是我发送的 XML(使用 Content-Type: application/soap+xml;charset=utf-8;action="mySoapAction" header),服务提供商已确认他们正在接收 XML body完整:
<?xml version="1.0"?>
<soapenv:Envelope xmlns:sch="http://[redacted]/rti/cdd/schema" xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1618447264">
<wsse:Username>[redacted]</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-tokenprofile-1.0#PasswordText">[redacted]</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<sch:cddRequest clientID="1213" clientCandidateId="3">
<candidateName>
<firstName>Learner</firstName>
<lastName>Learner</lastName>
</candidateName>
<webAccountInfo>
<email>learner@nowhere.com</email>
</webAccountInfo>
<lastUpdate>2021/04/15 00:47:44 BST</lastUpdate>
<primaryAddress>
<addressType>Home</addressType>
<address1>[redacted]</address1>
<address2>[redacted]</address2>
<city>Gold Coast</city>
<postalCode>4218</postalCode>
<country>AU</country>
<phone>
<phoneNumber>[redacted]</phoneNumber>
<phoneCountryCode>[redacted]</phoneCountryCode>
</phone>
</primaryAddress>
<candidatePrefs>
<candidatePref prefType="ConfirmationPreference">
<prefOption>email</prefOption>
</candidatePref>
<candidatePref prefType="ReminderPreference">
<prefOption>email</prefOption>
</candidatePref>
<candidatePref prefType="LocalePreference">
<prefOption>en_GB</prefOption>
</candidatePref>
</candidatePrefs>
</sch:cddRequest>
</soapenv:Body>
</soapenv:Envelope>
非常感谢任何帮助。
您标记了 WSS4J 问题,但您有没有手写安全性 header?因为你所有的命名空间都是错误的:
wsse = http://docs.oasis-open.org/wss/2004/01/oasis200401-wss-wssecurity-secext-1.0.xsd
wsu = http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Type attribute = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-tokenprofile-1.0#PasswordText
注意破折号 (-)。
正确的命名空间是:
wsse = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
wsu = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Type attribute = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
几天来,我一直在努力尝试让一个简单的 SOAP 请求通过 WS-Security,在收到许多电子邮件之后,我终于能够从服务提供商那里获得一些日志...
请注意,网络服务是 SOAP 1.2
2021-04-11 23:49:24,052:INFO :ajp-nio-127.0.0.1-8009-exec-5:ptor.Soap12FaultOutInterceptor:class org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternalapplication/soap+xml
2021-04-11 23:49:47,867:WARN :ajp-nio-127.0.0.1-8009-exec-28:urity.wss4j.WSS4JInInterceptor:Security processing failed (actions mismatch)
2021-04-11 23:49:47,867:WARN :ajp-nio-127.0.0.1-8009-exec-28:xf.phase.PhaseInterceptorChain:Interceptor for {http://[redacted]/rti/cdd/wsdl}CDDService has thrown exception, unwinding now
遗憾的是,这并没有多大帮助,因为在搜索这个错误时它似乎很模棱两可,其中一个提到了 WSS4JInInterceptor 中的一个错误,其中 body 打开标记和第一个节点之间有空格可能会导致这种情况,但是即使删除了那个空格,我仍然会收到同样的错误。
这是我发送的 XML(使用 Content-Type: application/soap+xml;charset=utf-8;action="mySoapAction" header),服务提供商已确认他们正在接收 XML body完整:
<?xml version="1.0"?>
<soapenv:Envelope xmlns:sch="http://[redacted]/rti/cdd/schema" xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1618447264">
<wsse:Username>[redacted]</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-tokenprofile-1.0#PasswordText">[redacted]</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<sch:cddRequest clientID="1213" clientCandidateId="3">
<candidateName>
<firstName>Learner</firstName>
<lastName>Learner</lastName>
</candidateName>
<webAccountInfo>
<email>learner@nowhere.com</email>
</webAccountInfo>
<lastUpdate>2021/04/15 00:47:44 BST</lastUpdate>
<primaryAddress>
<addressType>Home</addressType>
<address1>[redacted]</address1>
<address2>[redacted]</address2>
<city>Gold Coast</city>
<postalCode>4218</postalCode>
<country>AU</country>
<phone>
<phoneNumber>[redacted]</phoneNumber>
<phoneCountryCode>[redacted]</phoneCountryCode>
</phone>
</primaryAddress>
<candidatePrefs>
<candidatePref prefType="ConfirmationPreference">
<prefOption>email</prefOption>
</candidatePref>
<candidatePref prefType="ReminderPreference">
<prefOption>email</prefOption>
</candidatePref>
<candidatePref prefType="LocalePreference">
<prefOption>en_GB</prefOption>
</candidatePref>
</candidatePrefs>
</sch:cddRequest>
</soapenv:Body>
</soapenv:Envelope>
非常感谢任何帮助。
您标记了 WSS4J 问题,但您有没有手写安全性 header?因为你所有的命名空间都是错误的:
wsse = http://docs.oasis-open.org/wss/2004/01/oasis200401-wss-wssecurity-secext-1.0.xsd
wsu = http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Type attribute = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-tokenprofile-1.0#PasswordText
注意破折号 (-)。
正确的命名空间是:
wsse = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
wsu = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Type attribute = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText