Weblogic 12c: Unable to add security-token für die Identität, funktioniert aber standalone
Habe ich generiert-client ws-client für diese wsdl:
<wsdl:definitions name="ArkivServiceBasis" targetNamespace="http://acos.no/websak/appservices/contracts/interface/arkivservicebasis/2011/08" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:i0="http://tempuri.org/" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://acos.no/websak/appservices/contracts/interface/arkivservicebasis/2011/08" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsp:Policy wsu:Id="ArkivServiceBasisEP_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<!-- types,messages,opertaions goes here -->
</wsdl:definitions>
Habe ich Zertifikat von wsdls Endpunkt auf der Webseite des java cacerts (auch WL-keystores - wie normal-paranoid)
Auch ich bin mit SecurityHandler:
public final class SecurityHandler implements SOAPHandler<SOAPMessageContext> {
private String username;
private String password;
public SecurityHandler() {
super();
}
public SecurityHandler(String username, String password) {
super();
this.username = username;
this.password = password;
}
@Override
public boolean handleMessage(final SOAPMessageContext msgCtx) {
//Indicator telling us which direction this message is going in
final Boolean outInd = (Boolean) msgCtx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
//Handler must only add security headers to outbound messages
if (outInd.booleanValue()) {
try {
//Get the SOAP Envelope
final SOAPEnvelope envelope = msgCtx.getMessage().getSOAPPart().getEnvelope();
//Header may or may not exist yet
SOAPHeader header = envelope.getHeader();
if (header == null) {
header = envelope.addHeader();
}
//Add WSS Usertoken Element Tree
final SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
final SOAPElement userToken = security.addChildElement("UsernameToken", "wsse");
userToken.addChildElement("Username", "wsse").addTextNode(username);
userToken.addChildElement("Password", "wsse").addTextNode(password);
msgCtx.getMessage().writeTo(System.out);
System.out.println();
}
catch (final Exception e) {
return false;
}
}
return true;
}
public Set<QName> getHeaders() {
QName securityHeader = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
Set<QName> headers = new HashSet<QName>();
headers.add(securityHeader);
return headers;
}
@Override
public boolean handleFault(SOAPMessageContext context) {
return false;
}
@Override
public void close(MessageContext context) {
}
}
Und schließlich die test-Klasse:
public class WebSakPingTest {
private static final String LOGIN = "login";
private static final String PASS = "pass";
@SuppressWarnings("rawtypes")
@Test
public void testSendPingRequest() throws DatatypeConfigurationException, MalformedURLException, SOAPException {
System.setProperty("javax.net.debug", "all");
System.setProperty("com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.dump", "true");
AddressingFeature feature = new AddressingFeature(true, false);
ArkivServiceBasis service = new ArkivServiceBasis();
IArkivServiceBasis port = service.getArkivServiceBasisEP(feature);
final Binding binding = ((BindingProvider) port).getBinding();
List<Handler> handlerList = binding.getHandlerChain();
handlerList.add(new SecurityHandler(LOGIN, PASS));
binding.setHandlerChain(handlerList);
port.ping("Ping test message");
}
}
Und das funktioniert perfekt!
Aber wenn ich den code bereitstellen auf weblogic - erhalte ich diese exception:
javax.ejb.EJBException: EJB Exception: ; nested exception is:
com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Unable to add security token for identity, token uri =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken Please see the server log to find more detail regarding exact cause of the failure.
at com.sun.xml.ws.fault.SOAP12Fault.getProtocolException(SOAP12Fault.java:229)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:125)
at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:253)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:181)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:258)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:117)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:91)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:154)
at com.sun.proxy.$Proxy303.nyJournalpostGittJournalpostInformasjon(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
at com.sun.proxy.$Proxy304.nyJournalpostGittJournalpostInformasjon(Unknown Source)
at com.computas.service.websakws.WebSakServiceHandler.nyJournalpostGittJournalpostInformasjon(WebSakServiceHandler.java:82)
at com.computas.lovisa.server.WebSakManagerBean.addJournalpost(WebSakManagerBean.java:91)
at com.computas.lovisa.server.DocumentStorageManager_h43t3b_DocumentStorageManagerImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:34)
at com.computas.lovisa.server.DocumentStorageManager_h43t3b_DocumentStorageManagerImpl.addJournalpost(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
at com.sun.proxy.$Proxy261.addJournalpost(Unknown Source)
at com.computas.lovisa.websakpoc.WebsakPOC.testSkrivSak(WebsakPOC.java:44)
Nicht wissen, was zu tun
Klingt wie Sie haben ein Problem, die Einstellung Ihres Nutzer - /pass. oracle.com/technetwork/articles/entarch/... Vielleicht können Sie versuchen, ein einfaches Beispiel für den Aufruf ohne die Verwendung Ihrer eigenen SecurityHandler Klasse wie das, was hier geleistet wird weblogic-wonders.com/weblogic/2011/05/24/...
Vielen Dank für die Antwort. Bitte, siehe mein update
Vielen Dank für die Antwort. Bitte, siehe mein update
InformationsquelleAutor user715022 | 2014-03-24
Du musst angemeldet sein, um einen Kommentar abzugeben.
LÖSUNG
Habe ich versucht, diese Artikel für jax-ws (nicht rpc). Ich habe mein code geändert, was bleibt es im Beispiel, das weglassen nur ClientBSTCredentialProvider - ich habe importierten Zertifikate zum java-Standard-key-store. Der endgültige code sieht wie folgt aus:
So, jetzt funktioniert es von WL!
InformationsquelleAutor user715022