org.apache.cxf.ws.policy.PolicyException:可以满足 None 个政策备选方案
org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied
我想用 JUnit 和 Apache CXF 编写一个简单的集成测试来测试一些支持 WS-Security 的服务。当我尝试 运行 我的代码时:
MyService myService = new myWsService(MY_SERVICE_WSDL).getMyWs()
Client client = ClientProxy.getClient(myService);
Map<String, Object> ctx = ((BindingProvider) myService).getRequestContext();
ctx.put("ws-security.callback-handler", new KeystorePasswordCallback());
ctx.put("ws-security.signature.crypto", new MyMerlinImpl());
其中 MyMerlinImpl 只是传递所需的 Merln。* 属性 重写 loadProperties 方法中的值,
我得到:
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}WssX509V1Token11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireIssuerSerialReference registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256Sha256 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InclusiveC14N registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Strict registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}OnlySignEntireHeadersAndBody registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}MustSupportRefIssuerSerial registered.
org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.
我做错了什么?这些似乎是相当标准的策略...事实上,我在 JBoss EAP 6.1 WS 客户端上使用相同的代码并且运行良好。
类路径中是否有 cxf-rt-ws-security jar?
冷
终于通过添加 WSS4JOutInterceptor 解决了这个问题。好像在JBoss这个拦截器是自动添加的...
Client client = ClientProxy.getClient(myService);
Endpoint endpoint = client.getEndpoint()
endpoint.getOutInterceptors().add(new WSS4JOutInterceptor())
如果 WSDL 文件中定义的策略是非标准的,则 CXF 将无法解决 it.Hence 错误。
有两种方式——
您可以忽略它(如果可以忽略的话)
或提供替代供应商。
忽略 - 创建一个 IgnorablePolicyInterceptorProvider 实例并注册它。
下面是忽略在 WSDL 中定义的 NtlmAuthentication 策略的示例。
注意:NtlmAuthentication 的处理方式应不同于设置 soap header.
Client client = ClientProxy.getClient(port);
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry pipr = bus.getExtension(PolicyInterceptorProviderRegistry.class);
QName ntmlIgnore = new QName("http://schemas.microsoft.com/ws/06/2004/policy/http", "NtlmAuthentication");
interceptorRegProvider.register(new IgnorablePolicyInterceptorProvider(ntmlIgnore));
Chetan 给出的答案有效,但是,如果您遇到多个策略的错误,您需要将它们添加到一个集合中
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry reg = bus.getExtension(PolicyInterceptorProviderRegistry.class);
Set <QName> set = new HashSet<>();
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "IncludeTimestamp") );
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "TransportBinding"));
reg.register(new IgnorablePolicyInterceptorProvider(set));
我自己的两分钱:在我自己的特殊场景(JAX-WS、WS-Security、WS-SecurityPolicy)中,执行 client.getConduit() 时出现此错误,如下所示:
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
使用 Apache CXF 2.7.18 时,上面的代码 运行 没有抛出任何异常(尽管我后来遇到了其他问题)- 当升级到 Apache CXF 3.0 时,断言构建器开始出现问题。 16.现在 cxt-rt-ws-security JAR 位于类路径中,但似乎此版本 CXF 中的 WSS4J 被拆分为多个 JAR,因此我必须将 CXF 下载包中的 wss4j-policy JAR 添加到类路径中。
错误保持不变,但至少一长串来自断言生成器的警告消失了(没有注册类型 T 的断言生成器),现在被替换为:
13:45:55,723 WARN WSSecurityPolicyLoader,main:112 - Could not load or register WS-SecurityPolicy related classes. Please check that (the correct version of) Apache WSS4J is on the classpath: org/apache/wss4j/dom/handler/WSHandler
13:45:55,753 WARN WSSecurityPolicyLoader,main:112 - Could not load or register WS-SecurityPolicy related classes. Please check that (the correct version of) Apache WSS4J is on the classpath: org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor
长话短说,我收到了其他警告(我通过在 CXF 包的 lib 目录中执行盲目 grep 查找 JAR,然后将它们一一包含),
并最终包括所有 wss4j-*.jar 文件
现在至少通过了对 getConduit() 的调用。呼。
我想用 JUnit 和 Apache CXF 编写一个简单的集成测试来测试一些支持 WS-Security 的服务。当我尝试 运行 我的代码时:
MyService myService = new myWsService(MY_SERVICE_WSDL).getMyWs()
Client client = ClientProxy.getClient(myService);
Map<String, Object> ctx = ((BindingProvider) myService).getRequestContext();
ctx.put("ws-security.callback-handler", new KeystorePasswordCallback());
ctx.put("ws-security.signature.crypto", new MyMerlinImpl());
其中 MyMerlinImpl 只是传递所需的 Merln。* 属性 重写 loadProperties 方法中的值,
我得到:
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}WssX509V1Token11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireIssuerSerialReference registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256Sha256 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InclusiveC14N registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Strict registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}OnlySignEntireHeadersAndBody registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}MustSupportRefIssuerSerial registered.
org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.
我做错了什么?这些似乎是相当标准的策略...事实上,我在 JBoss EAP 6.1 WS 客户端上使用相同的代码并且运行良好。
类路径中是否有 cxf-rt-ws-security jar?
冷
终于通过添加 WSS4JOutInterceptor 解决了这个问题。好像在JBoss这个拦截器是自动添加的...
Client client = ClientProxy.getClient(myService);
Endpoint endpoint = client.getEndpoint()
endpoint.getOutInterceptors().add(new WSS4JOutInterceptor())
如果 WSDL 文件中定义的策略是非标准的,则 CXF 将无法解决 it.Hence 错误。
有两种方式—— 您可以忽略它(如果可以忽略的话) 或提供替代供应商。
忽略 - 创建一个 IgnorablePolicyInterceptorProvider 实例并注册它。
下面是忽略在 WSDL 中定义的 NtlmAuthentication 策略的示例。 注意:NtlmAuthentication 的处理方式应不同于设置 soap header.
Client client = ClientProxy.getClient(port);
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry pipr = bus.getExtension(PolicyInterceptorProviderRegistry.class);
QName ntmlIgnore = new QName("http://schemas.microsoft.com/ws/06/2004/policy/http", "NtlmAuthentication");
interceptorRegProvider.register(new IgnorablePolicyInterceptorProvider(ntmlIgnore));
Chetan 给出的答案有效,但是,如果您遇到多个策略的错误,您需要将它们添加到一个集合中
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry reg = bus.getExtension(PolicyInterceptorProviderRegistry.class);
Set <QName> set = new HashSet<>();
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "IncludeTimestamp") );
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "TransportBinding"));
reg.register(new IgnorablePolicyInterceptorProvider(set));
我自己的两分钱:在我自己的特殊场景(JAX-WS、WS-Security、WS-SecurityPolicy)中,执行 client.getConduit() 时出现此错误,如下所示:
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
使用 Apache CXF 2.7.18 时,上面的代码 运行 没有抛出任何异常(尽管我后来遇到了其他问题)- 当升级到 Apache CXF 3.0 时,断言构建器开始出现问题。 16.现在 cxt-rt-ws-security JAR 位于类路径中,但似乎此版本 CXF 中的 WSS4J 被拆分为多个 JAR,因此我必须将 CXF 下载包中的 wss4j-policy JAR 添加到类路径中。
错误保持不变,但至少一长串来自断言生成器的警告消失了(没有注册类型 T 的断言生成器),现在被替换为:
13:45:55,723 WARN WSSecurityPolicyLoader,main:112 - Could not load or register WS-SecurityPolicy related classes. Please check that (the correct version of) Apache WSS4J is on the classpath: org/apache/wss4j/dom/handler/WSHandler
13:45:55,753 WARN WSSecurityPolicyLoader,main:112 - Could not load or register WS-SecurityPolicy related classes. Please check that (the correct version of) Apache WSS4J is on the classpath: org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor
长话短说,我收到了其他警告(我通过在 CXF 包的 lib 目录中执行盲目 grep 查找 JAR,然后将它们一一包含),
并最终包括所有 wss4j-*.jar 文件
现在至少通过了对 getConduit() 的调用。呼。