spring-security - Spring WS "The security token could not be authenticated or authorized"

标签 spring-security soapui spring-ws soap-client

我正在使用 SpringWS-Security 为 Web 服务创建一个 Java 客户端使用者。

我的请求 SOAP(我在 SOAP UI 中使用的)

<soapenv:Envelope 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
         xmlns:sch="http://myws.mycompany.com/myws/schema"> 

    <soapenv:Header>
        <wsse:Security soapenv:mustUnderstand="1" 
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

            <wsse:UsernameToken xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility">
                    <wsse:Username>myUsernameString</wsse:Username>
                    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">123</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
        </soapenv:Header>

    <soapenv:Body>
        <sch:GetUserDetails idSender="5"/>
    </soapenv:Body>

</soapenv:Envelope>

我在 WS 中的 servlet.xml。

<bean name="endpointMapping"
  class="org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping">

  <property name="interceptors">
   <list>
    <ref local="wsSecurityInterceptor" />
   </list>
 </property>


    <bean id="wsSecurityInterceptor"
                        class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
        <property name="validationActions" value="UsernameToken" />
        <property name="validationCallbackHandler" ref="springSecurityCallbackHandler" />
    </bean>

    <bean id="springSecurityCallbackHandler"
                        class="org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler">
        <property name="authenticationManager" ref="authenticationManager"/>
    </bean>

    <bean id="authenticationProvider" class="ws.security.CustomAuthenticationProviderImpl">
            <property name="userCommonService" ref="userCommonService" />
        <security:custom-authentication-provider/>
    </bean>

    <security:authentication-manager alias="authenticationManager" />.

在我的 Java 客户端中 - applicationContext.xml

<bean name="webserviceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
        <property name="defaultUri" value="http:/localhost:8080/myws-ws/" />
        <property name="marshaller" ref="marshaller" />
        <property name="unmarshaller" ref="unmarshaller" />
        <property name="interceptors">
            <list>
                <ref local="wsSecurityInterceptor" />
            </list>
        </property>
    </bean>

    <oxm:jaxb2-marshaller id="marshaller"
        contextPath="org.example.bean.schema" />
    <oxm:jaxb2-marshaller id="unmarshaller"
        contextPath="org.example.org.bean.schema" />

    <bean id="client" class="example.client.impl.EfactClientImpl">
        <property name="webServiceTemplate" ref="webserviceTemplate" />
    </bean>

     <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
        <property name="securementActions" value="UsernameToken"/>
    </bean>

当我使用 SOAP UI 使用服务时一切正常,我认为我需要在 Java 客户端及其上下文方面获得一些帮助,因为当我运行它时出现此错误:

The security token could not be authenticated or authorized; nested exception is: 
    javax.security.auth.callback.UnsupportedCallbackException; nested exception is org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized; nested exception is: 
    javax.security.auth.callback.UnsupportedCallbackException

当我调试我的应用程序时,我注意到这个元素正在崩溃:

GetUserRequest request = new GetUserRequest();
        request.setIdentifier(user.getIdentifier());
        request.setPassword(user.getPassword());
        GetUserResponse response = new GetUserResponse();
/* Crashing here. */
response = (GetUserResponse) getWebServiceTemplate().marshalSendAndReceive(request);

仅供引用:我总是在 SpringWS 中看到这个安全的用户列表,但是如果我有很多用户试图访问怎么办。

WS - [servlet-name]-servlet.xml

<bean id="callbackHandler" class="org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler">
    <property name="users">
      <props>
        <prop key="Bert">Ernie</prop>
        <prop key="Mickey">Mouse</prop>
      </props>
    </property>
  </bean>

如何解决此 UnsupportedCallbackException 异常?

最佳答案

您必须在调用时指定 SecurementUsername 和 SecurementPassword。这是一个编程示例:

WebServiceTemplate webServiceTemplate = new WebServiceTemplate();
webServiceTemplate.setDefaultUri(uri);

Wss4jSecurityInterceptor interceptor = new Wss4jSecurityInterceptor();
interceptor.setSecurementActions(securementActions);
interceptor.setSecurementMustUnderstand(true);
interceptor.setSecurementUsername(usuario);
interceptor.setSecurementPassword(contrasena);

webServiceTemplate.setInterceptors(new ClientInterceptor[] {interceptor});

关于spring-security - Spring WS "The security token could not be authenticated or authorized",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13426770/

上一篇:ruby-on-rails-3 - 如何在 Rails 3 中创建有效的嵌套表单? (我收到路由错误。)

下一篇:windows-phone-8 - 通用 Windows 平台 (Win10) 和 Windows Phone 编程之间的区别?

相关文章:

java - 如何在 spring security 中运行自定义登录页面

spring - 如何使用多个相互调用的自定义过滤器?

ssl - 使用 j_username 和 j_password 作为输入字段名称是否存在安全风险

wsdl - 如何访问需要用户名/密码的 SoapUI 中的 wsdl URL?

java - Spring JPA Hibernate 处理大型数据库

session - 多个 Grails 项目的单一身份验证

api - Postman/SoapUI API 调用后的数据存储

c# - SOAPUI 未显示来自 WSDL 的操作

没有 Tomcat(或任何其他容器)的 RESTful WebServices

web-services - 调用 Soap WS,结果出现 "Couldn' 在构造信封时获取 SAX 解析器”错误

©2024 IT工具网  联系我们