当使用以下 SOAP 请求访问生产者 Web 服务时,我收到返回的“无效安全标头”消息。当我使用使用 JAX-WS RI 2.2.4-b01 的 Oracle JDK 7 测试用例时,它工作正常。
我必须像在 Websphere 上一样使用 WSS4j 1.6.0 和 IBM JDK 6——我认为问题出在 IBM JDK 6 附带的 JAX-WS RI 2.1.6 上。
我试图让我的 InclusiveNamspaces 在没有“ec”前缀的情况下如下所示,因为我注意到这是下面显示的 XML 请求中的不同之处之一。
<S:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
S:mustUnderstand="1">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="SIG-A45B0A5E750A47B9AE6EC49A362DB055">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#TS-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="wsse S urn urn1" />
但相反,它带有“ec”前缀
<ec:InclusiveNamespaces PrefixList="wsse S urn urn1" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
我在我的代码中尝试过这个,但它没有删除它。有任何想法吗?
org.apache.xml.security.Init.init();
org.apache.xml.security.utils.ElementProxy.setDefaultPrefix("http://www.w3.org/2001/10/xml-exc-c14n#", "");
这是使用 Oracle JDK 7 时有效的请求,请注意它使用的是 JAX-WS RI 2.2.4-b01
POST /airp/aca/a2a/1095BC_Transmission_AATS2016 HTTP/1.1
Accept: text/xml, multipart/related
Content-Type: multipart/related;start="
<rootpart * d2bbd41-479c-4851-b6fb-5de42ba6573f @
example.jaxws.sun.com>
";type="application/xop+xml";boundary="uuid:6d2bbd41-479c-4851-b6fb-5de42ba6573f";start-info="text/xml"
SOAPAction: "BulkRequestTransmitter"
User-Agent: JAX-WS RI 2.2.4-b01
Host: la.www4.irs.gov
Connection: keep-alive
Content-Length: 325083
--uuid:6d2bbd41-479c-4851-b6fb-5de42ba6573f
Content-Id:
<rootpart * d2bbd41-479c-4851-b6fb-5de42ba6573f @
example.jaxws.sun.com>
Content-Type: application/xop+xml;charset=utf-8;type="text/xml"
Content-Transfer-Encoding: binary
<?xml version="1.0" ?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:urn="urn:us:gov:treasury:irs:ext:aca:air:7.0" xmlns:urn1="urn:us:gov:treasury:irs:common">
<S:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
S:mustUnderstand="1">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="SIG-DEE23B9A923D4A3CA3211DF2A3CD881A">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#TS-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="wsse S urn urn1"></InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>removed=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-4A79A4500D834A1688F0255D34F4B90A">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="S urn1"></InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>removed=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-1447A9BC79B048418D358EF9F861A302">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="S urn urn1"></InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>removed=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>removed==</ds:SignatureValue>
<ds:KeyInfo Id="KI-F84482F8FD684AF9811FCEA580F9FF93">
<wsse:SecurityTokenReference
wsu:Id="STR-71DE006212BB4C9FA21F3F59F79737CA">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">removed</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-1">
<wsu:Created>2016-01-08T23:00:48.578Z</wsu:Created>
<wsu:Expires>2016-01-09T00:00:48.578Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
这是使用具有 JAX-WS 2.1 的 IBM JDK 6 的请求——我能看到的唯一区别是它使用“ec”前缀并明确声明它是 UTF-8
POST /airp/aca/a2a/1095BC_Transmission_AATS2016 HTTP/1.1
Soapaction:
"BulkRequestTransmitter"
Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-type:
multipart/related;start="
<rootpart * e-488d-80b8-4a137e7cb54e @ example.jaxws.sun.com>
";type="application/xop+xml";boundary="uuid:94066996-016e-488d-80b8-4a137e7cb54e";start-info="text/xml"
User-Agent: JAX-WS RI 2.1.6 in JDK 6
Host: la.www4.irs.gov
Connection: keep-alive
Content-Length: 325122
--uuid:94066996-016e-488d-80b8-4a137e7cb54e
Content-Id:
<rootpart * e-488d-80b8-4a137e7cb54e @ example.jaxws.sun.com>
Content-Type: application/xop+xml;charset=utf-8;type="text/xml"
Content-Transfer-Encoding: binary
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:urn="urn:us:gov:treasury:irs:ext:aca:air:7.0" xmlns:urn1="urn:us:gov:treasury:irs:common">
<S:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
S:mustUnderstand="1">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="SIG-2533902FF05A4C3EAD4DF4394DDC7232">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#TS-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="wsse S urn urn1"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>removed=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-7E93AD40DB804D8D9241DE569606EC96">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="S urn1"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>removed=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-2F77BCB77A484ABAB2FF110E580E2DD3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="S urn urn1"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>removed=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>removed==</ds:SignatureValue>
<ds:KeyInfo Id="KI-7A496D73BB5342EAA06616B8AF4FDCB0">
<wsse:SecurityTokenReference
wsu:Id="STR-BF7E3246416240B5B45DA733BC718073">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">removed</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-1">
<wsu:Created>2016-01-08T23:04:33.001Z</wsu:Created>
<wsu:Expires>2016-01-09T00:04:33.001Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>