2

在服务器内部错误的情况下,axis2+rampart WS-Security 响应有问题。当服务器返回“200 OK”时,一切似乎都正常。如果响应具有正确的时间戳、签名和解密函数响应 XML,则由壁垒检查响应。但是当服务器返回“500 Internal Server Error”时,axis2/rapart 抛出异常:

ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header

我认为答案有问题并用soapUI对其进行了测试。安全和解密形式都有类似的响应。这些响应仅在 HTTP 状态、指示错误的 XML 响应代码和 SOAP 标记的大小写方面有所不同。在反应良好的情况下

<SOAP-ENV:Envelope ...

如果出现错误:

<soap:Envelope ...

其余的结构,包括mustUnderstand="1"是相同的。

axis2.xml我配置InFlowInFaultFlow与订单相同:

<phase name="Addressing">...</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>

我启用了对我的客户的跟踪,如果反应良好,我会看到:

DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Invoking Handler 'SecurityInHandler' in Phase 'Security'
...there is decrypted message
DEBUG Thread-11 org.apache.rampart.handler.WSDoAllReceiver - WSDoAllReceiver: exit invoke()
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...

在出错的情况下没有这样的踪迹:

DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "soapmonitorPhase"
DEBUG Thread-11 org.apache.axis2.engine.AxisEngine - MustUnderstand header not processed or registered as understood{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
DEBUG Thread-11 org.apache.axis2.i18n.ProjectResourceBundle - org.apache.axis2.i18n.resource::handleGetObject(mustunderstandfailed)
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

没有SecurityInHandler调用。

我想看到解密的消息,就像在“200 OK”状态或soapUI中一样。任何想法我的配置有什么问题?

编辑

我已经检查过,只有在“500 内部服务器错误”的情况下才会出现此类错误。如果服务器回复“200 OK”和相同的加密内容,则axis2能够解密它!

4

1 回答 1

3

我会回答自己:

我搜索了 Rampart 的来源,看看在哪里SecurityInHandler。它在META-INF/module.xmlrampart-1.5.1.mar,但仅在<InFlow>部分中。我把它复制到它<InFaultFlow>,它的工作原理!现在我的<InFaultFlow>部分看起来像:

<InFaultFlow>
    <handler name="PolicyBasedSecurityInHandler" class="org.apache.rampart.handler.RampartReceiver">
        <order phase="Security" phaseFirst="true"/>
    </handler>
    <handler name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
        <order phase="Security"/>
    </handler>
    <handler name="PostDispatchVerificationHandler" class="org.apache.rampart.handler.PostDispatchVerificationHandler">
        <order phase="Dispatch" phaseLast="true"/>
    </handler>
</InFaultFlow>
于 2011-04-05T04:53:52.913 回答