1. 首页
  2. 问答
  3. 通过代码

通过代码

2014-07-25 145 views
1

为STS/WS-Trust配置CXF我喜欢使用CXF访问受STS/WS-Trust保护的SOAP服务。由于我被迫减少依赖性,我使用CXFBusFactory而不是弹簧配置。这意味着我不得不通过代码进行配置,这在网上的文档和流行程度都较低。通过代码

任何人都可以指出缺少哪些配置设置以及如何通过代码设置它们?

我:

private static void testSo(String endpointUrl, String username, String password) { 
    String busFactory = System.getProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME); 
    try { 
     // Setup the system properties to use the CXFBusFactory not the SpringBusFactory 
     System.setProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME, "org.apache.cxf.bus.CXFBusFactory"); 

     CXFBusFactory bf = new CXFBusFactory();   
     Bus bus = bf.createBus(); 
     bus.getFeatures().add(new org.apache.cxf.feature.LoggingFeature()); 

     STSClient stsClient = new STSClient(bus); 
     stsClient.setWsdlLocation("https://example.com/adfs/services/trust/mex"); 
     stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"); 
     stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}CustomBinding_IWSTrustFeb2005Async"); 

     bus.setProperty("ws-security.callback-handler", "com.example.ClientCallbackHandler"); 
     bus.setProperty("ws-security.username", username); 
     bus.setProperty("ws-security.password", password); 
     bus.setProperty("ws-security.sts.client", stsClient); 

     BusFactory.setDefaultBus(bus); 
     BusFactory.setThreadDefaultBus(bus); 

     URL wsdlUrl = new URL(endpointUrl + "?singleWsdl"); 
     Service ss = OrganizationService.create(wsdlUrl, SERVICE_NAME);   
     IOrganizationService port = ss.getPort(IOrganizationService.class); 

     ColumnSet cs = new ColumnSet(); 
     cs.setAllColumns(true); 
     Entity e = port.retrieve("account", "323223", cs);   
    } catch (Exception ex) { 
     ex.printStackTrace(); 
    } finally { 
     // clean up the system properties 
     if (busFactory != null) { 
      System.setProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME, busFactory); 
     } else { 
      System.clearProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME); 
     } 
    } 
}

目标服务MS CRM 2013,如果它很重要。

这远我从CXF日志获得:

Jul 25, 2014 12:24:55 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder 
WARNUNG: No assertion builder for type {http://schemas.microsoft.com/xrm/2011/Contracts/Services}AuthenticationPolicy registered. 
Jul 25, 2014 12:24:55 PM org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder build 
WARNUNG: sp:HttpsToken/wsp:Policy should have a value!

然后这个异常:

javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied. 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158) 
    at com.sun.proxy.$Proxy46.retrieve(Unknown Source)

更新1:我认为主要的问题是建立sp:HttpsToken/wsp:Policy码。很多时候,Web显示了这个示例弹簧配置,但我看不到如何使用代码进行复制(Client client = ClientProxy.getClient(port);让我为客户端)。例如:

<sp:TransportBinding> 
    <wsp:Policy> 
     <sp:TransportToken> 
      <wsp:Policy> 
       <sp:HttpsToken/> 
      </wsp:Policy> 
     </sp:TransportToken> 
     <sp:AlgorithmSuite> 
      <wsp:Policy> 
       <sp:Basic256/> 
      </wsp:Policy> 
     </sp:AlgorithmSuite> 
     <sp:Layout> 
      <wsp:Policy> 
       <sp:Lax/> 
      </wsp:Policy> 
     </sp:Layout> 
     <sp:IncludeTimestamp/> 
    </wsp:Policy> 
    </sp:TransportBinding>

更新2:这是服务服务器的WSDL政策:

<wsp:Policy wsu:Id="CustomBinding_IOrganizationService_policy"> 
<wsp:ExactlyOne> 
<wsp:All> 
<ms-xrm:AuthenticationPolicy xmlns:ms-xrm="http://schemas.microsoft.com/xrm/2011/Contracts/Services"> 
<ms-xrm:Authentication>Federation</ms-xrm:Authentication> 
<ms-xrm:SecureTokenService> 
<ms-xrm:Identifier>http://sts1.example.com/adfs/services/trust</ms-xrm:Identifier> 
</ms-xrm:SecureTokenService> 
</ms-xrm:AuthenticationPolicy> 
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
<wsp:Policy> 
<sp:TransportToken> 
<wsp:Policy> 
<sp:HttpsToken/> 
</wsp:Policy> 
</sp:TransportToken> 
<sp:AlgorithmSuite> 
<wsp:Policy> 
<sp:Basic256/> 
</wsp:Policy> 
</sp:AlgorithmSuite> 
<sp:Layout> 
<wsp:Policy> 
<sp:Strict/> 
</wsp:Policy> 
</sp:Layout> 
<sp:IncludeTimestamp/> 
</wsp:Policy> 
</sp:TransportBinding> 
<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
<wsp:Policy> 
<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> 
<Issuer xmlns="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
<Address xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</Address> 
<Metadata xmlns="http://www.w3.org/2005/08/addressing"> 
<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
<wsx:MetadataSection xmlns=""> 
<wsx:MetadataReference> 
<Address xmlns="http://www.w3.org/2005/08/addressing">https://sts1.edrcrm.com/adfs/services/trust/mex</Address> 
</wsx:MetadataReference> 
</wsx:MetadataSection> 
</Metadata> 
</Metadata> 
</Issuer> 
<sp:RequestSecurityTokenTemplate> 
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> 
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey 
</trust:KeyType> 
<trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize> 
<trust:Claims xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"> 
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"/> 
</trust:Claims> 
<trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm> 
<trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith> 
<trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith> 
<trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm> 
<trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm> 
</sp:RequestSecurityTokenTemplate> 
<wsp:Policy> 
<sp:RequireInternalReference/> 
</wsp:Policy> 
</sp:IssuedToken> 
</wsp:Policy> 
</sp:EndorsingSupportingTokens> 
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
<wsp:Policy/> 
</sp:Wss11> 
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
<wsp:Policy> 
<sp:MustSupportIssuedTokens/> 
<sp:RequireClientEntropy/> 
<sp:RequireServerEntropy/> 
</wsp:Policy> 
</sp:Trust13> 
<wsaw:UsingAddressing/> 
</wsp:All> 
</wsp:ExactlyOne> 
</wsp:Policy>

来源

2014-07-25 ZoolWay

回答

1

是什么请求+响应消息是什么样子? STS的安全政策是什么? HttpsToken是一个红鲱鱼,这只是一个警告,在这种情况下STS的安全策略并不严格符合规范。

Colm。

来源

2014-07-28 09:17:33

+0

我指的是这个警告,因为它看起来像其他人解决了这个问题。 尽管如此,'SOAPFaultException'是真正的问题,并且它在调用''retrieve''上的'try'的最后一行出现。 STS安全策略是什么意思? – ZoolWay

+0

如果该策略丢失,CXF只会记录警告。以前它抛出一个错误。首先启用日志+查看客户端 - > STS消息和响应的外观。 STS是否成功处理请求? –

+0

当我切换到另一个没有CXF的解决方案时,我无法进一步检查,但接受这种方法来帮助我。 – ZoolWay

相关问题

 相关问题