我正在尝试构建一个与使用 WS-Trust 的 .NET WCF 服务进行通信的 Java 客户端。
我的 .net STS 使用 WS2007Http 绑定(bind)和基于 UserNameToken 的身份验证,托管在 http 端点上。
var binding = new WS2007HttpBinding();
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.NegotiateServiceCredential = false;
设置 NegotiateServiceCredential 设置为 false 以禁止使用 Apache CXF 不支持的 SslContextToken。
我的Java客户端代码如下:
public static void main(String[] args) throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = Main.class.getResource("/cxf.xml");
Bus bus = bf.createBus(busFile.toString());
STSClient sts = new STSClient(bus);
sts.setWsdlLocation("http://localhost:19308/MainTenantManager/SecurityTokenService?singlewsdl");
sts.setServiceName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}SecurityTokenService");
sts.setEndpointName("{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}WS2007HttpBinding_IWSTrust13Sync");
sts.setSpnego(true);
sts.setSecureConv(true);
sts.setSoap12();
Properties p = new Properties();
p.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
p.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "pass1234!");
p.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", "localhost!");
p.setProperty("org.apache.ws.security.crypto.merlin.file", "keystore.jks");
org.apache.ws.security.components.crypto.Merlin m = new Merlin(p);
sts.getRequestContext().put(SecurityConstants.ENCRYPT_CRYPTO, m);
sts.getRequestContext().put(SecurityConstants.USERNAME, "admin");
sts.getRequestContext().put(SecurityConstants.PASSWORD, "qwe");
sts.requestSecurityToken("http://localhost:19308/MainTenantManager/Service");
}
结果是异常:
1437 [main] WARN org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {http://docs.oasis-open.org/ws-sx/ws-trust/200512/wsdl}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/wsdl}RequestSecurityToken has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: No encryption crypto object found.
at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:395)
at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.handleBinding(SymmetricBindingHandler.java:124)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:162)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:757)
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:635)
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:627)
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.issueToken(SecureConversationOutInterceptor.java:159)
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:69)
at org.apache.cxf.ws.security.policy.interceptors.SecureConversationOutInterceptor.handleMessage(SecureConversationOutInterceptor.java:44)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:757)
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:635)
at org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:627)
at com.medius.cxf.client.Main.main(Main.java:55)
Caused by: org.apache.cxf.ws.policy.PolicyException: No encryption crypto object found.
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:307)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.setEncryptionUser(AbstractBindingBuilder.java:1590)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.getEncryptedKeyBuilder(AbstractBindingBuilder.java:1413)
at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.setupEncryptedKey(SymmetricBindingHandler.java:827)
at org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler.doSignBeforeEncrypt(SymmetricBindingHandler.java:296)
... 23 more
这似乎是完全错误的,因为加密对象是在代码中设置的。我尝试过使用 .properties 文件通过 jaxws:client 配置配置加密并在代码中进行设置。
最佳答案
您使用的是哪个版本的 CXF?创建 Properties 对象并用它实例化 Merlin 对象 + 然后将其用于 ENCRYPT_CRYPTO 的风格适用于最新的 CXF trunk + 2.7.x-fixes 代码。如果您使用的是旧版本的 CXF,也许可以尝试使用更新的版本?
科尔姆。
关于java - Apache CXF 中未发现加密对象异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24513430/