0

我在使用 Apache Rampart/C 1.3.0 设置 AXIS2/C Web 服务(axis2/c 1.6.0)时遇到问题(不要与他们的 java 对应物混淆,也就是“axis2”和“rampart”)为 UsernameToken验证。我不想加密,因为我首先尝试使用 SoapUI 进行测试;当我得到这个工作时,我会添加加密的东西(我也无法在没有安全策略的情况下设置 Rampart/c,它只会给我一个配置错误)。没有 Rampart,Web 服务工作得非常好。但是当我尝试为安全性配置 Rampart 时,我在响应中收到此错误:

<soapenv:Fault>
     <faultcode>soapenv:Client</faultcode>
     <faultstring>No Error</faultstring>
</soapenv:Fault>

当我转到 Axis2 日志时,我发现以下错误:

[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1815) [rampart]Processing security header in Strict layout
[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1824) [rampart]Processing security header element (null)
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1908) [rampart]Unknown security header (null)
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1915) [rampart](null) processing failed
[Thu May 16 12:17:59 2013] [error] rampart_in_handler.c(143) [rampart][rampart_in_handler] Security Header processing failed.

这很奇怪,就好像它根本找不到安全标头一样。我怀疑 SOAP 请求可能有问题,但我不知道那可能是什么。或者我发现了一个罕见的 Rampart/c 错误?

对于用户名和密码,我使用了 Rampart 示例提供的回调 .so,用户名“Alice”和密码“abcd!1234”。

以下是相关文件的完整列表(IP 地址已编辑):

服务.xml:

<service name="ws_vacaciones">
    <parameter name="wsdl_path">/informix/AXIS2C/services/ws_vacaciones/ws_vacaciones.wsdl</parameter>
    <parameter name="ServiceClass">ws_vacaciones</parameter>
    <description> I4GL-SOA Published Service - ws_vacaciones </description>

    <module ref="rampart"/>
    <operation name="ve_traba"/>

    <wsp:Policy
      xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
      xmlns:sec="http://schemas.xmlsoap.org/ws/2012/12/secext"
      xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        <wsp:ExactlyOne>
            <wsp:All>
                  <wsp:Policy>
                     <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
                  </wsp:Policy>
                  <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
                    <rampc:User>Alice</rampc:User>
                    <rampc:PasswordType>PasswordText</rampc:PasswordType>
                    <rampc:PasswordCallbackClass>/informix/AXIS2C/samples/lib/rampartc/libpwcb.so</rampc:PasswordCallbackClass>
                  </rampc:RampartConfig>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
</service>

services.xml (替代;给出相同的错误):

<service name="ws_vacaciones">
    <parameter name="wsdl_path">/informix/AXIS2C/services/ws_vacaciones/ws_vacaciones.wsdl</parameter>
    <parameter name="ServiceClass">ws_vacaciones</parameter>
    <parameter name="InflowSecurity">
        <action>
           <items>UsernameToken</items>
           <passwordCallbackClass>/informix/AXIS2C/samples/lib/rampartc/libpwcb.so</passwordCallbackClass>
        </action>
    </parameter>

    <description> I4GL-SOA Published Service - ws_vacaciones </description>
    <module ref="rampart"/>
    <operation name="ve_traba"/>

    <wsp:Policy
      xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
      xmlns:sec="http://schemas.xmlsoap.org/ws/2012/12/secext"
      xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        <wsp:ExactlyOne>
            <wsp:All>
                  <wsp:Policy>
                     <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
                  </wsp:Policy>
                  <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
                    <rampc:User>Alice</rampc:User>
                    <rampc:PasswordType>PasswordText</rampc:PasswordType>
                    <rampc:PasswordCallbackClass>/informix/AXIS2C/samples/lib/rampartc/libpwcb.so</rampc:PasswordCallbackClass>
                  </rampc:RampartConfig>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
</service>

SOAPUI 请求:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
  xmlns:ws="http://XX.XX.XX.XXX:9090/axis2/services/ws_vacaciones"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="0">
      <!-- set to 0 for debugging purposes; using 1 gives same errors -->
          <wsse:UsernameToken wsu:Id="blah">
              <wsse:Username>Alice</wsse:Username>
              <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">abcd!1234</wsse:Password>
              <wsu:Created>2013-05-14T15:15:00</wsu:Created>
              <wsu:Expires>2019-05-14T15:15:00</wsu:Expires>
          </wsse:UsernameToken>   
      </wsse:Security>    
   </soapenv:Header>
   <soapenv:Body>
      <ws:ve_traba_request>
         <ws:employeeid>12345</ws:employeeid>
         <ws:date>2013-04-09</ws:date>
      </ws:ve_traba_request>
   </soapenv:Body>
</soapenv:Envelope>

回复:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header/>
   <soapenv:Body>
      <soapenv:Fault>
         <faultcode>soapenv:Client</faultcode>
         <faultstring>No Error</faultstring>
      </soapenv:Fault>
   </soapenv:Body>
</soapenv:Envelope>

axis2.log(相关部分):

[Thu May 16 12:17:54 2013] [info]  Starting HTTP server thread
[Thu May 16 12:17:59 2013] [debug] http_worker.c(200) Client HTTP version HTTP/1.1
[Thu May 16 12:17:59 2013] [debug] soap_builder.c(930) Identified soap version is soap11
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler request_uri_based_dispatcher within the phase Transport
[Thu May 16 12:17:59 2013] [debug] req_uri_disp.c(100) Checking for service using target endpoint address : http://XX.XX.XXX.XX:9090/axis2/services/ws_vacaciones
[Thu May 16 12:17:59 2013] [debug] req_uri_disp.c(121) Service found using target endpoint address
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler AddressingInHandler within the phase Transport
[Thu May 16 12:17:59 2013] [info]  Starting addressing in handler
[Thu May 16 12:17:59 2013] [info]  addr_in_handler.c
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler addressing_based_dispatcher within the phase Transport
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler rest_dispatcher within the phase Dispatch
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler soap_message_body_based_dispatcher within the phase Dispatch
[Thu May 16 12:17:59 2013] [debug] soap_body_disp.c(231) Checking for operation using SOAP messagebody's first child's local name : ve_traba__request
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler soap_action_based_dispatcher within the phase Dispatch
[Thu May 16 12:17:59 2013] [debug] soap_action_disp.c(115) Checking for operation using SOAPAction : ve_traba
[Thu May 16 12:17:59 2013] [debug] soap_action_disp.c(146) Operation found using SOAPAction
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler dispatch_post_conditions_evaluator within the phase PostDispatch
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler context_handler within the phase PostDispatch
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler RampartInHandler within the phase Security
[Thu May 16 12:17:59 2013] [debug] rampart_util.c(32) [rampart]Trying to load module /informix/AXIS2C/samples/lib/rampartc/libpwcb.so
[Thu May 16 12:17:59 2013] [debug] class_loader.c(140) /informix/AXIS2C/samples/lib/rampartc/libpwcb.so shared lib loaded successfully
[Thu May 16 12:17:59 2013] [debug] rampart_util.c(48) [rampart]Successfully loaded module /informix/AXIS2C/samples/lib/rampartc/libpwcb.so
[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1815) [rampart]Processing security header in Strict layout
[Thu May 16 12:17:59 2013] [debug] rampart_sec_header_processor.c(1824) [rampart]Processing security header element (null)
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1908) [rampart]Unknown security header (null)
[Thu May 16 12:17:59 2013] [error] rampart_sec_header_processor.c(1915) [rampart](null) processing failed
[Thu May 16 12:17:59 2013] [error] rampart_in_handler.c(143) [rampart][rampart_in_handler] Security Header processing failed.
[Thu May 16 12:17:59 2013] [error] phase.c(233) Handler RampartInHandler invoke failed within phase Security
[Thu May 16 12:17:59 2013] [error] engine.c(696) Invoking phase Security failed
[Thu May 16 12:17:59 2013] [error] engine.c(279) Invoking operation specific phases failed for operation ve_traba
[Thu May 16 12:17:59 2013] [debug] phase.c(210) Invoke the handler RampartOutHandler within the phase MessageOut
[Thu May 16 12:17:59 2013] [debug] rampart_handler_util.c(247) [rampart][rhu] Service is NULL. Check if the security is enabled in the Conf
[Thu May 16 12:17:59 2013] [error] rampart_engine.c(159) [rampart][rampart_engine] Cannot get saved rampart_context
[Thu May 16 12:17:59 2013] [error] rampart_out_handler.c(136) [rampart][rampart_out_handler] ramaprt_context creation failed.
[Thu May 16 12:17:59 2013] [error] phase.c(233) Handler RampartOutHandler invoke failed within phase MessageOut
[Thu May 16 12:17:59 2013] [error] engine.c(696) Invoking phase MessageOut failed
[Thu May 16 12:17:59 2013] [info]  Request served in 0.019 seconds
[Thu May 16 12:18:00 2013] [info]  Received signal SIGINT. Server shutting down
[Thu May 16 12:18:00 2013] [info]  Terminating HTTP server thread
[Thu May 16 12:18:00 2013] [debug] http_svr_thread.c(181) Terminating HTTP server thread.
[Thu May 16 12:18:00 2013] [info]  Successfully terminated  HTTP server thread
[Thu May 16 12:18:00 2013] [info]  Shutdown complete ...
4

1 回答 1

1

终于知道是怎么回事了。显然,SoapUI 在提交之前删除了 Security 标头;因此,(空)安全标头消息。

要指定安全标头,我需要双击项目,单击“WS-Security Configurations”,添加一个 Outgoing WS-Security Configuration,然后在该配置中添加一个 Username 条目。

稍后,在请求的左下角,我单击与身份验证和安全设置对应的“...”按钮,然后在“传出 WSS:”下选择我刚刚添加的配置。

执行此操作后,soapfault 更改为 wsse:InvalidSecurityToken,描述为“不期望用户名令牌”。所以这意味着我需要修复壁垒/c 配置。但至少现在我知道发生了什么。

于 2013-05-17T16:55:07.567 回答