SOAP WSS4JInInterceptor安全处理失败(操作不匹配)
SOAP WSS4JInInterceptor安全处理失败(操作不匹配)
提问于 2021-04-15 08:00:49
我一直在努力,几天来一直试图获得一个简单的SOAP请求来通过WS-Security,在收到许多电子邮件后,我终于能够从服务提供商那里获得一些日志……
请注意,1.2服务是SOAP 1.2
2021-04-11 23:49:24,052:INFO :ajp-nio-127.0.0.1-8009-exec-5:ptor.Soap12FaultOutInterceptor:class org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor$Soap12FaultOutInterceptorInternalapplication/soap+xml
2021-04-11 23:49:47,867:WARN :ajp-nio-127.0.0.1-8009-exec-28:urity.wss4j.WSS4JInInterceptor:Security processing failed (actions mismatch)
2021-04-11 23:49:47,867:WARN :ajp-nio-127.0.0.1-8009-exec-28:xf.phase.PhaseInterceptorChain:Interceptor for {http://[redacted]/rti/cdd/wsdl}CDDService has thrown exception, unwinding now遗憾的是,这并没有太多帮助,因为在搜索这个错误时,它似乎相当模糊,其中一个提到了WSS4JInInterceptor中的一个错误,其中body开始标记和第一个节点之间的空格可能会导致这种情况,但是即使在删除该空格时,我仍然收到相同的错误。
这是我发送的XML (使用Content-Type: application/soap+xml;charset=utf-8;action="mySoapAction"头),服务提供商已经确认他们正在接收完整的XML body:
<?xml version="1.0"?>
<soapenv:Envelope xmlns:sch="http://[redacted]/rti/cdd/schema" xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1618447264">
<wsse:Username>[redacted]</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-tokenprofile-1.0#PasswordText">[redacted]</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<sch:cddRequest clientID="1213" clientCandidateId="3">
<candidateName>
<firstName>Learner</firstName>
<lastName>Learner</lastName>
</candidateName>
<webAccountInfo>
<email>learner@nowhere.com</email>
</webAccountInfo>
<lastUpdate>2021/04/15 00:47:44 BST</lastUpdate>
<primaryAddress>
<addressType>Home</addressType>
<address1>[redacted]</address1>
<address2>[redacted]</address2>
<city>Gold Coast</city>
<postalCode>4218</postalCode>
<country>AU</country>
<phone>
<phoneNumber>[redacted]</phoneNumber>
<phoneCountryCode>[redacted]</phoneCountryCode>
</phone>
</primaryAddress>
<candidatePrefs>
<candidatePref prefType="ConfirmationPreference">
<prefOption>email</prefOption>
</candidatePref>
<candidatePref prefType="ReminderPreference">
<prefOption>email</prefOption>
</candidatePref>
<candidatePref prefType="LocalePreference">
<prefOption>en_GB</prefOption>
</candidatePref>
</candidatePrefs>
</sch:cddRequest>
</soapenv:Body>
</soapenv:Envelope>非常感谢您的帮助。
回答 1
Stack Overflow用户
回答已采纳
发布于 2021-04-17 21:50:40
您为问题WSS4J添加了标签,但是您是否已经手动编写了安全标头?因为所有的命名空间都是错误的:
wsse = http://docs.oasis-open.org/wss/2004/01/oasis200401-wss-wssecurity-secext-1.0.xsd
wsu = http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Type attribute = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-tokenprofile-1.0#PasswordText注意破折号(-)。
正确的命名空间为:
wsse = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
wsu = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Type attribute = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/67100528
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号