java - 通过代码为 STS/WS-Trust 配置 CXF

标签 java cxf ws-trust

我喜欢使用 CXF 访问受 STS/WS-Trust 保护的 SOAP 服务。由于我被迫减少依赖关系,因此我使用 CXFBusFactory 来代替 spring 配置。这意味着我被迫通过代码进行配置,而这在网络上的文档和流行程度相当低。

谁能指出缺少哪些配置设置以及如何通过代码设置它们?

我得到了:

private static void testSo(String endpointUrl, String username, String password) {
    String busFactory = System.getProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME);
    try {
        // Setup the system properties to use the CXFBusFactory not the SpringBusFactory
        System.setProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME, "org.apache.cxf.bus.CXFBusFactory");

        CXFBusFactory bf = new CXFBusFactory();         
        Bus bus = bf.createBus();
        bus.getFeatures().add(new org.apache.cxf.feature.LoggingFeature());

        STSClient stsClient = new STSClient(bus);
        stsClient.setWsdlLocation("https://example.com/adfs/services/trust/mex");
        stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}CustomBinding_IWSTrustFeb2005Async");

        bus.setProperty("ws-security.callback-handler", "com.example.ClientCallbackHandler");
        bus.setProperty("ws-security.username", username);
        bus.setProperty("ws-security.password", password);
        bus.setProperty("ws-security.sts.client", stsClient);

        BusFactory.setDefaultBus(bus);
        BusFactory.setThreadDefaultBus(bus);

        URL wsdlUrl = new URL(endpointUrl + "?singleWsdl");
        Service ss = OrganizationService.create(wsdlUrl, SERVICE_NAME);         
        IOrganizationService port = ss.getPort(IOrganizationService.class);

        ColumnSet cs = new ColumnSet();
        cs.setAllColumns(true);
        Entity e = port.retrieve("account", "323223", cs);          
    } catch (Exception ex) {
        ex.printStackTrace();
    } finally {
        // clean up the system properties
        if (busFactory != null) {
            System.setProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME, busFactory);
        } else {
            System.clearProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME);
        }
    }
}

如果重要的话,目标服务是 MS CRM 2013。

到目前为止我从 CXF 日志记录中得到的信息:

Jul 25, 2014 12:24:55 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNUNG: No assertion builder for type {http://schemas.microsoft.com/xrm/2011/Contracts/Services}AuthenticationPolicy registered.
Jul 25, 2014 12:24:55 PM org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder build
WARNUNG: sp:HttpsToken/wsp:Policy should have a value!

然后是这个异常:

javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied.
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158)
    at com.sun.proxy.$Proxy46.retrieve(Unknown Source)
<小时/>

更新1:我认为主要问题是通过代码设置sp:HttpsToken/wsp:Policy。网络经常向我展示这个示例 spring 配置,但我不知道如何使用代码进行复制(Client client = ClientProxy.getClient(port); 获取客户端)。示例:

  <sp:TransportBinding>
    <wsp:Policy>
        <sp:TransportToken>
            <wsp:Policy>
                <sp:HttpsToken/>
            </wsp:Policy>
        </sp:TransportToken>
        <sp:AlgorithmSuite>
            <wsp:Policy>
                <sp:Basic256/>
            </wsp:Policy>
        </sp:AlgorithmSuite>
        <sp:Layout>
            <wsp:Policy>
                <sp:Lax/>
            </wsp:Policy>
        </sp:Layout>
        <sp:IncludeTimestamp/>
    </wsp:Policy>
  </sp:TransportBinding>
<小时/>

更新2:这是服务服务器的WSDL策略:

<wsp:Policy wsu:Id="CustomBinding_IOrganizationService_policy">
<wsp:ExactlyOne>
<wsp:All>
<ms-xrm:AuthenticationPolicy xmlns:ms-xrm="http://schemas.microsoft.com/xrm/2011/Contracts/Services">
<ms-xrm:Authentication>Federation</ms-xrm:Authentication>
<ms-xrm:SecureTokenService>
<ms-xrm:Identifier>http://sts1.example.com/adfs/services/trust</ms-xrm:Identifier>
</ms-xrm:SecureTokenService>
</ms-xrm:AuthenticationPolicy>
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<Issuer xmlns="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<Address xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</Address>
<Metadata xmlns="http://www.w3.org/2005/08/addressing">
<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<wsx:MetadataSection xmlns="">
<wsx:MetadataReference>
<Address xmlns="http://www.w3.org/2005/08/addressing">https://sts1.edrcrm.com/adfs/services/trust/mex</Address>
</wsx:MetadataReference>
</wsx:MetadataSection>
</Metadata>
</Metadata>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
</trust:KeyType>
<trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize>
<trust:Claims xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity">
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"/>
</trust:Claims>
<trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

最佳答案

请求+响应消息是什么样的? STS的安全策略是什么? HttpsToken 的事情是一个转移注意力的事情,它只是一个警告,表明此实例中 STS 的安全策略不严格符合规范。

科尔姆。

关于java - 通过代码为 STS/WS-Trust 配置 CXF,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24953829/

上一篇:java - 在 Spring bean 中从单个 ${property} 设置数组属性

下一篇:java - 使用 Java HttpClient 发送带有 443 用户 ID 密码提示身份验证的 GET 请求

相关文章:

java - 属性文件中的 @TestPropertySource 和 UTF-8 支持

java - MySQL 和邮件 Java 库之间的冲突

java - 入站和出站网关 AMQP 注释

java - 如何在CXF Client中使用PATCH方法

java - Apache CXF 中未发现加密对象异常

wcf - Azure Active Directory 和 WCF

java - 使用 SLF4J 将 java.util.logging.Logger (JUL) 发送/重定向/路由到 Logback?

soap - 在 Mule Flows 中使用 SOAP 配置 HTTP 端点

java - 替换 java.lang.Object 绑定(bind)到匿名类型

wcf - 使用 Azure ACS 2.0 保护 WCF 4.5 服务

©2024 IT工具网  联系我们