0

我在端点中使用 WSS4JInInterceptor 来验证授权。

我的端点有那个

这是我的 SOAP 消息

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header>
          <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                 <wsse:UsernameToken wsu:Id="UsernameToken-1">
                       <wsse:Username>username</wsse:Username>
                       <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
                 </wsse:UsernameToken>
          </wsse:Security>
   </SOAP-ENV:Header>
   <SOAP-ENV:Body>
          <newAsset xmlns="http://api.com.acme/">
                 <date xmlns="">2018-02-04T14:35:59Z</date>
                 <assetId xmlns="">1</assetId>
          </newAsset>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

我将消息跟踪到 WSS4JInInterceptor 并发现收到的 SOAP 消息被重写为:(替换的空白名称空间)

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header>
          <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                 <wsse:UsernameToken wsu:Id="UsernameToken-1">
                       <wsse:Username>username</wsse:Username>
                       <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
                 </wsse:UsernameToken>
          </wsse:Security>
   </SOAP-ENV:Header>
   <SOAP-ENV:Body>
          <newAsset xmlns="http://api.com.acme/">
                 <date xmlns="http://api.com.acme/">2018-02-04T14:35:59Z</date>
                 <assetId xmlns="http://api.com.acme/">1</assetId>
          </newAsset>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

这会导致解组错误。

如果我在我的 SOAP 消息中做一些更改(添加前缀)来发送它,WSS4JInInterceptor 不会更改默认命名空间,并且该消息将被接受。

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header>
          <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                 <wsse:UsernameToken wsu:Id="UsernameToken-1">
                       <wsse:Username>username</wsse:Username>
                       <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
                 </wsse:UsernameToken>
          </wsse:Security>
   </SOAP-ENV:Header>
   <SOAP-ENV:Body>
          <api:newAsset xmlns:api="http://api.com.acme/">
                 <date xmlns="">2018-02-04T14:35:59Z</date>
                 <assetId xmlns="">1</assetId>
          </api:newAsset>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

有办法避免吗?第一条消息是有效的,因此应该被接受。我必须在我的 xsd 中放一些东西吗?我用的不合格。我正在使用 CXF 3.0.0

4

1 回答 1

0

更新到 CXF 3.0.3,看看它是否仍然失败。我认为最近修复了一些与此相关的问题。如果仍然失败,请使用测试用例记录错误。

于 2014-12-15T17:37:24.377 回答