我想使用 JUnit 和 Apache CXF 编写一个简单的集成测试来测试一些支持 WS-Security 的服务。当我尝试运行我的代码时:
MyService myService = new myWsService(MY_SERVICE_WSDL).getMyWs()
Client client = ClientProxy.getClient(myService);
Map<String, Object> ctx = ((BindingProvider) myService).getRequestContext();
ctx.put("ws-security.callback-handler", new KeystorePasswordCallback());
ctx.put("ws-security.signature.crypto", new MyMerlinImpl());
MyMerlinImpl 只是在重写的
loadProperties我得到:
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}WssX509V1Token11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireIssuerSerialReference registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256Sha256 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InclusiveC14N registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Strict registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}OnlySignEntireHeadersAndBody registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}MustSupportRefIssuerSerial registered.
org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.
我做错了什么?这些似乎是相当标准的策略...事实上,我在 JBoss EAP 6.1 WS 客户端上使用相同的代码并且运行良好。
类路径上有 cxf-rt-ws-security jar 吗?
科尔姆。
Chetan 给出的答案有效,但是,如果您收到多个策略的错误,则需要将它们添加到集合中
org.apache.cxf.endpoint.Client client =
org.apache.cxf.frontend.ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry reg = bus.getExtension(PolicyInterceptorProviderRegistry.class);
Set <QName> set = new HashSet<>();
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "IncludeTimestamp") );
set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "TransportBinding"));
reg.register(new IgnorablePolicyInterceptorProvider(set));
我自己的两分钱:在我自己的特殊场景(JAX-WS、WS-Security、WS-SecurityPolicy)中,在执行 client.getConduit() 时发生此错误,如下所示:
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
使用 Apache CXF 2.7.18 时,上面的代码运行时没有抛出任何异常(尽管后来遇到了其他问题) - 当升级到 Apache CXF 3.0.16 时,我开始遇到断言构建器的问题。现在 cxt-rt-ws-security JAR 已位于类路径中,但此版本 CXF 中的 WSS4J 似乎被拆分为多个 JAR,因此我必须将 CXF 下载包中的 wss4j-policy JAR 包含到类路径中。
错误保持不变,但至少来自断言构建器的一长串警告消失了(没有注册类型 T 的断言构建器),现在被替换为:
13:45:55,723 警告 WSSecurityPolicyLoader,main:112 - 无法加载或注册 WS-SecurityPolicy 相关类。请检查(正确版本的)Apache WSS4J 是否位于类路径上:org/apache/wss4j/dom/handler/WSHandler
13:45:55,753 警告 WSSecurityPolicyLoader,main:112 - 无法加载或注册 WS-SecurityPolicy 相关类。请检查(正确版本的)Apache WSS4J 是否位于类路径上:org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor
简而言之,我收到了其他警告(我通过在 CXF 包的 lib 目录中执行盲目 grep 来查找 JAR,并将它们一一包括在内),
最终包含所有 wss4j-*.jar 文件
对 getConduit() 的调用现在至少通过了。哇哦。
如果您使用 Spring Boot,您可以像这样禁用策略检查:
@Bean(name = Bus.DEFAULT_BUS_ID)
public SpringBus springBus() {
SpringBus springBus = new SpringBus();
var e = new PolicyEngineBPDefinitionParser.PolicyEngineConfig(springBus);
e.setEnabled(false);
springBus.getFeatures().add(e);
}
最终通过添加 WSS4JOutInterceptor 解决了这个问题。看来在JBoss中这个拦截器是自动添加的...
Client client = ClientProxy.getClient(myService);
Endpoint endpoint = client.getEndpoint()
endpoint.getOutInterceptors().add(new WSS4JOutInterceptor())
如果 WSDL 文件中定义的策略不标准,那么 CXF 将无法解析它,从而出现错误。
有两种方法—— 你可以忽略它(如果可以忽略的话) 或提供替代提供商。
要忽略 - 创建 IgnorablePolicyInterceptorProvider 的实例并注册它。
下面是忽略 NtlmAuthentication 策略(如果在 WSDL 中定义)的示例。 注意:NtlmAuthentication 的处理方式应与设置肥皂头不同。
Client client = ClientProxy.getClient(port);
Bus bus = client.getBus();
PolicyInterceptorProviderRegistry pipr = bus.getExtension(PolicyInterceptorProviderRegistry.class);
QName ntmlIgnore = new QName("http://schemas.microsoft.com/ws/06/2004/policy/http", "NtlmAuthentication");
interceptorRegProvider.register(new IgnorablePolicyInterceptorProvider(ntmlIgnore));
bus.getExtension(PolicyEngine.class).setEnabled(false);