0

已经使用 WSDL 实现了一个 CXF 客户端,其中已经定义了 WS-SecurityPolicy。否则它工作正常,并且被 Web 应用程序大量使用。但是我们在 perf env 中观察到,间歇性地将多个 wsse:Security 标头添加到 SOAP 标头中导致失败。它是间歇性的,无法在开发环境中重现。这是客户端配置:

 <jaxws:client
    xmlns:tns="http://ws.soa.com/service/XYZ/XYZService/"
    name="XYZPort" address="${XYZService.endPoint}"
    serviceClass="com.soa.ws.service.XYZ.XYZService.XYZPortType"
    serviceName="tns:XYZService">
    <jaxws:properties>
        <entry key="ws-security.username" value="${XYZService.auth.username}" />
        <entry key="ws-security.callback-handler" value-ref="XYZServicePasswordCallback" />
    </jaxws:properties>
    <jaxws:inInterceptors>
        <ref bean="logInBound" />
  <ref bean="XYZServiceSOAPResponseInterceptor" />      
    </jaxws:inInterceptors>
    <jaxws:outInterceptors>
        <ref bean="logOutBound" />          
  <ref bean="XYZServiceSOAPRequestInterceptor" />
    </jaxws:outInterceptors>
</jaxws:client>

<bean id="XYZServicePasswordCallback" class="com.services.client.XYZ.XYZServiceClientPasswordCallback" >
    <property name="username" value="${XYZService.auth.username}" />
    <property name="password" value="${XYZService.auth.password}" />
    <!-- Decrypt key defined in keyfile.properties -->
    <property name="secretKey" value="${key}" />
</bean>

这是间歇性问题。安全标头添加了两次

<soap:Header>

<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-   open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-33466425961" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XYZPwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>

<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-33466425962" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XYZPwd</wsse:Password>
 </wsse:UsernameToken>
</wsse:Security>

4

0 回答 0