我正在编写一个客户端,使用WSDL第一种方法连接到SOAP Web服务。为了实现,我使用的是Apache CXF 3.1.4版
测试时,我得到以下异常:
12:35:15.492 [main] WARN o.a.c.w.p.a.w.Wsdl11AttachmentPolicyProvider - Failed to build the policy 'UsernameToken':sp:UsernameToken must have an inner wsp:Policy element
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: sp:UsernameToken must have an inner wsp:Policy element
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:160)
at com.sun.proxy.$Proxy36.getPing(Unknown Source)
...
Caused by: java.lang.IllegalArgumentException: sp:UsernameToken must have an inner wsp:Policy element
at org.apache.wss4j.policy.builders.UsernameTokenBuilder.build(UsernameTokenBuilder.java:52)
at org.apache.wss4j.policy.builders.UsernameTokenBuilder.build(UsernameTokenBuilder.java:34)
at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
WSDL文件的相关部分如下所示:
<wsp:Policy wsu:Id="UsernameToken">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
错误消息表明CXF需要UsernameToken下的策略标记。事实上,在研究时我遇到了comment from CXF bug tracker:
Yes... Per spec, the <sp:UsernameToken> element MUST contain an internal wsp:Policy element. It should look like:
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken11 />
</wsp:Policy>
</sp:UsernameToken>
/sp:UsernameToken/wsp:Policy
This optional element identifies additional requirements for use of the
sp:UsernameToken assertion.
注意:可选。
那是哪一个?似乎CXf需要一个策略,而规范说它是可选的。我需要看另一个规范吗?
答案 0 :(得分:2)
似乎这个问题在SO上没有引起注意,但是谷歌在这里引导某人,我不妨发布解决方案。
我在Apache CXF user mailing list上发布了相同的问题并得到了回复:
这是我刚刚解决的WSS4J中的一个错误: https://issues.apache.org/jira/browse/WSS-564
WS-SecurityPolicy 1.2 + 1.3需要策略元素,但1.1不需要。 在下一个WSS4J发布之前,您最好的选择就是制定一个空策略 元素。