web-services - 根据GlassFish领域对WS-Security UsernameToken进行身份验证可以得到“Authentication refused”

标签 web-services jakarta-ee glassfish ws-security java-metro-framework

我在GlassFish 3.1.1中使用 bundle 的Metro运行时在EAR的EJB子项目中使用@WebService声明了SOAP Web服务。在类级别已使用常规的@DeclareRoles和@RolesAllowed对其进行了注释。

我有一个使用简单明文密码UsernameToken进行身份验证的WSIT描述符。

在EAR的glassfish-application.xml中,我将该领域指定为GlassFish随附的标准文件领域。在这个领域中,我添加了一个测试用户,该用户属于特定组。该组映射到我在glassfish-ejb-jar.xml中指定的角色。

我还启用了GlassFish的安全管理器以及审核功能。完成此操作后,我重新启动了服务器。

我已经生成了一个客户端,并在回调处理程序中设置了用户名和密码。我登录以确保确实设置了凭据。我也尝试过这样设置凭据:

Map<String, Object> requestContext = ((BindingProvider)port).getRequestContext();
requestContext.put(BindingProvider.USERNAME_PROPERTY, "myUsername");
requestContext.put(BindingProvider.PASSWORD_PROPERTY, "myPassword");

当我调用该服务时,我在服务器上得到了这个:
INFO: SEC5046: Audit: Authentication refused for [myUsername].
INFO: SEC1201: Login failed for user: myUsername
SEVERE: WSS1408: UsernameToken Authentication Failed
SEVERE: WSITPVD0035: Error in Verifying Security in Inbound Message.
com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed
    at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.newSOAPFaultException(SOAPUtil.java:158)
    at com.sun.xml.ws.security.opt.impl.incoming.UsernameTokenHeader.validate(UsernameTokenHeader.java:164)
    at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:341)
    at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:275)
    at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:225)
    at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:586)
    at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:360)
    at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:263)
    at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:173)
    at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:144)
    at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482)
    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:314)
    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:608)
    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:259)
    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:162)
    at org.glassfish.webservices.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:120)
    at org.glassfish.webservices.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:91)
    at org.glassfish.webservices.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:200)
    at org.glassfish.webservices.EjbWebServiceServlet.service(EjbWebServiceServlet.java:131)
    (Rest is snipped away)

我在客户端上得到这个:
Authentication of Username Password Token Failed
javax.xml.ws.soap.SOAPFaultException: Authentication of Username Password Token Failed
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:189)
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:189)
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)

然后,我创建了一个简单的servlet / JSP项目,并在领域上添加了安全限制。在这种情况下,可以使用同一用户进行身份验证。

WS-Security策略如下所示:
  <ns1:Policy xmlns:ns1="http://schemas.xmlsoap.org/ws/2004/09/policy" wsu:Id="MyServicePortBindingPolicy">
    <ns1:ExactlyOne>
      <ns1:All>
    <ns2:SupportingTokens xmlns:ns2="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <ns1:Policy>
        <ns1:ExactlyOne>
          <ns1:All>
        <ns2:UsernameToken ns2:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
          <ns1:Policy>
            <ns1:ExactlyOne>
              <ns1:All>
            <ns2:WssUsernameToken10 />
              </ns1:All>
            </ns1:ExactlyOne>
          </ns1:Policy>
        </ns2:UsernameToken>
          </ns1:All>
        </ns1:ExactlyOne>
      </ns1:Policy>
    </ns2:SupportingTokens>
    <ns3:UsingAddressing xmlns:ns3="http://www.w3.org/2006/05/addressing/wsdl" />
      </ns1:All>
    </ns1:ExactlyOne>
  </ns1:Policy>

这是怎么了任何建议高度赞赏。

最佳答案

当我禁用自己的家庭编程的身份验证机制时,此问题解决了,该机制引发了破坏性异常。简直不敢相信我。

关于web-services - 根据GlassFish领域对WS-Security UsernameToken进行身份验证可以得到“Authentication refused”,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7120138/

上一篇:forms - 多对多对嵌入式形式

下一篇:python-2.7 - PYSNMP for SNMP v3 支持 TRAP 和 Inform Receiver 吗?

相关文章:

尝试从 Glassfish 获取 JMS 资源时出现 javax.naming.NoInitialContextException

.net - 为什么 asmx Web 服务有标记文件?

java - 如何通过非 Spring 配置文件配置 Apache CXF 以使用单个 JAXBContext?

java - JobListeners 在 Quartz 集群中是全局的吗?

maven - 使用 Netbeans(和 Maven)运行正确的上下文根

java - 应用程序仅在 Debug模式下运行

java - 尝试启动 tomcat.bat 时出错

wcf - 使用 SOAP 调用 WCF 服务

javascript - 如何停止 JSF 重新加载页面 "onclick"?

jakarta-ee - ConstraintValidator 两次调用 isValid() 方法

©2024 IT工具网  联系我们