我们有一个网络应用程序,它由向我们的前端开发团队公开的各种网络服务组成。我们是一家小商店,所以安全从来都不是我们关心的问题,但我们仍然想知道如何实现它。
我们使用的是 Netbeans 7.0.1、Glassfish 3.1.1 b12 和 SOAP。我们已经通过 Netbeans 中的向导配置了基本的安全性并使其正常工作。然后,我们尝试添加 Transport Security,并验证它已添加到 WSDL 文件中。当我们尝试添加 SSL 时出现以下错误:
在服务器端:
SEVERE: WSS1601: Security Requirements not met - Transport binding configured in policy but incoming message was not SSL enabled SEVERE: WSITPVD0035: Error in Verifying Security in Inbound Message. com.sun.xml.wss.impl.XWSSecurityRuntimeException: WSS1601: Security Requirements not met - Transport binding configured in policy but incoming message was not SSL enabled at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:125) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:983) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:232) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:586) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:360) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:263) at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:173) at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:144) at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119)
在客户端:
09:36:16,464 WARNING [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] (http--127.0.0.1-443-1) Request does not contain Security header, but it's a fault. 09:36:16,467 ERROR [org.jboss.ejb3.invocation] (http--127.0.0.1-443-1) JBAS014134: EJB Invocation failed on component ActivityEJB for method public ja va.util.List com.enginsol.ActivityEJB.getActivities(int): javax.ejb.EJBException: javax.xml.ws.soap.SOAPFaultException: Invalid Security Header at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:166) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:230) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:304) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:190) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.0.Final.jar:7. 1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.0.Final.jar:7 .1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
每个 Web 服务在 sun-ejb-jar.xml 中基本上以相同的方式受到保护:
<ejb>
<ejb-name>ActivityWS</ejb-name>
<webservice-endpoint>
<port-component-name>ActivityWS</port-component-name>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</webservice-endpoint>
</ejb>
我非常确定证书设置已正确完成,因为我们已经清除了与丢失的 keystore 和错误的 keystore 密码相关的启动错误。此外,我们最近添加的 RESTful 服务运行良好(弹出用户名/密码对话框并通过 SSL 运行)。客户端和服务器最初都部署到 Glassfish,但我们创建了一个小型服务使用者并将其部署到 JBoss 7.1 以尝试排除 Glassfish 错误。
这是我们在 SO 上能找到的最接近的答案,而 OP 给出的答案含糊不清,所以我们仍然没有解决办法。 Java Glassfish - How to consume SSL web service?
更新:
我仔细阅读并遵循了 Jim (http://www.ryandelaplante.com/2007/06/ssl-and-http-basic-authentication-with.html) 发布的指南,并稍微调整了我的设置。我向 sun-ejb-jar 添加了安全角色,并向 Web 服务添加了角色允许注释(以前,角色是在 sun-application.xml 和另一个 ejb-jar.xml 中处理的)。我们的服务是 EJB 端点,所以我浏览了指南中的相关信息,但仍然遇到相同的错误。
最佳答案
您将证书添加到哪里? keystore.jks 在 glassfish 的 domain1/config 目录中?您是否将 SSL http 监听器指向新证书的别名?您是否通过 ssl 端口(默认为 8181)连接到 glassfish?
关于web-services - 将 SSL 添加到 Web 服务时无效的安全 header ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10075259/