spring ws无法验证请求:未找到WS-Security标头

问题描述 投票:0回答:1

我收到上面的错误。

Could not validate request: No WS-Security header found

标题以。开头

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

所以我真的不知道它为什么抱怨。正文有一个我要解密的加密部分。

注意我实际上并不控制服务器

@Bean
    @Throws(Exception::class)
    fun wss4jSecurityInterceptor(): Wss4jSecurityInterceptor {
        val securityInterceptor = Wss4jSecurityInterceptor()


        // set security actions: Timestamp Signature SAMLTokenSigned SAMLTokenUnsigned
        securityInterceptor.setSecurementActions("Timestamp Signature UsernameToken")
        //securityInterceptor.setValidationCallbackHandler(securityCallbackHandler())
        securityInterceptor.setSecurementUsername("USERNAME")
        securityInterceptor.setSecurementPassword("PASSWORD")
        securityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT)

        // sign the request
        securityInterceptor.setSecurementUsername(signingCertName)
        securityInterceptor.setSecurementPassword(signingCertPassword)
        securityInterceptor.setSecurementTimeToLive(5000)
        securityInterceptor.setTimestampStrict(false)
        securityInterceptor.setSecurementSignatureCrypto(myCrypto())
        securityInterceptor.setSecurementSignatureParts(
                "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" +
                "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;" +
                "{Element}{http://ebs.health.ontario.ca/}EBS;" +
                "{Element}{http://idp.ebs.health.ontario.ca/}IDP;"
        )
        securityInterceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1")
        securityInterceptor.setSecurementSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
        securityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference")
        securityInterceptor.setSecurementMustUnderstand(true)

        securityInterceptor.setValidationDecryptionCrypto(myCrypto())
        securityInterceptor.setValidationCallbackHandler(keyStoreCallBack())
        securityInterceptor.setSecurementEncryptionParts("{Element}{http://hcv.health.ontario.ca/}validateResponse;")
        securityInterceptor.setSecurementEncryptionCrypto(myCrypto())
        securityInterceptor.setValidationActions("Encrypt")
        securityInterceptor.setValidationActor("PASSWORD")

        securityInterceptor.afterPropertiesSet()
        return securityInterceptor
    }
spring-boot soap-client spring-ws
1个回答
0
投票

答案是验证演员。我认为这是一个密码字段,但它实际上指定了安全标头。删除它让我传递了错误

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.