java - Weblogic 12c : Unable to add security token for identity, 但独立工作

Question

我已经为这个 wsdl 生成了客户端 ws-client:

<wsdl:definitions name="ArkivServiceBasis" targetNamespace="http://acos.no/websak/appservices/contracts/interface/arkivservicebasis/2011/08" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:i0="http://tempuri.org/" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://acos.no/websak/appservices/contracts/interface/arkivservicebasis/2011/08" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsp:Policy wsu:Id="ArkivServiceBasisEP_policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:TransportToken>
                        <wsp:Policy>
                            <sp:HttpsToken RequireClientCertificate="false"/>
                        </wsp:Policy>
                    </sp:TransportToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic256/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Strict/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                </wsp:Policy>
            </sp:TransportBinding>
            <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:WssUsernameToken10/>
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SignedSupportingTokens>
            <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy/>
            </sp:Wss11>
            <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:MustSupportIssuedTokens/>
                    <sp:RequireClientEntropy/>
                    <sp:RequireServerEntropy/>
                </wsp:Policy>
            </sp:Trust10>
            <wsaw:UsingAddressing/>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

    <!-- types,messages,opertaions goes here -->

</wsdl:definitions>

我已经将证书从 wsdls 端点的网站添加到 java cacerts(也添加到 WL keystore - 作为正常的偏执狂)

我也在使用 SecurityHandler:

public final class SecurityHandler implements SOAPHandler<SOAPMessageContext> {

private String username;
private String password;

public SecurityHandler() {
    super();
}

public SecurityHandler(String username, String password) {
    super();
    this.username = username;
    this.password = password;
}

@Override
public boolean handleMessage(final SOAPMessageContext msgCtx) {

    // Indicator telling us which direction this message is going in
    final Boolean outInd = (Boolean) msgCtx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

    // Handler must only add security headers to outbound messages
    if (outInd.booleanValue()) {
        try {
            // Get the SOAP Envelope
            final SOAPEnvelope envelope = msgCtx.getMessage().getSOAPPart().getEnvelope();

            // Header may or may not exist yet
            SOAPHeader header = envelope.getHeader();
            if (header == null) {
                header = envelope.addHeader();
            }
            // Add WSS Usertoken Element Tree 
            final SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            final SOAPElement userToken = security.addChildElement("UsernameToken", "wsse");
            userToken.addChildElement("Username", "wsse").addTextNode(username);
            userToken.addChildElement("Password", "wsse").addTextNode(password);

            msgCtx.getMessage().writeTo(System.out);
            System.out.println();

        }
        catch (final Exception e) {
            return false;
        }
    }
    return true;
}

public Set<QName> getHeaders() {
    QName securityHeader = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
    Set<QName> headers = new HashSet<QName>();
    headers.add(securityHeader);
    return headers;
}

@Override
public boolean handleFault(SOAPMessageContext context) {
    return false;
}

@Override
public void close(MessageContext context) {
}
}

最后，测试类:

public class WebSakPingTest {
private static final String LOGIN = "login";
private static final String PASS = "pass";

@SuppressWarnings("rawtypes")
@Test
public void testSendPingRequest() throws DatatypeConfigurationException, MalformedURLException, SOAPException {

    System.setProperty("javax.net.debug", "all");
    System.setProperty("com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.dump", "true");

    AddressingFeature feature = new AddressingFeature(true, false);

    ArkivServiceBasis service = new ArkivServiceBasis();
    IArkivServiceBasis port = service.getArkivServiceBasisEP(feature);

    final Binding binding = ((BindingProvider) port).getBinding();
    List<Handler> handlerList = binding.getHandlerChain();
    handlerList.add(new SecurityHandler(LOGIN, PASS));
    binding.setHandlerChain(handlerList);

    port.ping("Ping test message");
}
}

这非常有效!

但是当我将代码部署到 weblogic 时 - 我收到此异常:

javax.ejb.EJBException: EJB Exception: ; nested exception is: 
com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Unable to add security token for identity, token uri =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken Please see the server log to find more detail regarding exact cause of the failure.
at com.sun.xml.ws.fault.SOAP12Fault.getProtocolException(SOAP12Fault.java:229)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:125)
at com.sun.xml.ws.client.sei.StubHandler.readResponse(StubHandler.java:253)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:181)
at com.sun.xml.ws.db.DatabindingImpl.deserializeResponse(DatabindingImpl.java:258)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:117)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:91)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:154)
at com.sun.proxy.$Proxy303.nyJournalpostGittJournalpostInformasjon(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
at com.sun.proxy.$Proxy304.nyJournalpostGittJournalpostInformasjon(Unknown Source)
at com.computas.service.websakws.WebSakServiceHandler.nyJournalpostGittJournalpostInformasjon(WebSakServiceHandler.java:82)
at com.computas.lovisa.server.WebSakManagerBean.addJournalpost(WebSakManagerBean.java:91)
at com.computas.lovisa.server.DocumentStorageManager_h43t3b_DocumentStorageManagerImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:34)
at com.computas.lovisa.server.DocumentStorageManager_h43t3b_DocumentStorageManagerImpl.addJournalpost(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:84)
at com.sun.proxy.$Proxy261.addJournalpost(Unknown Source)
at com.computas.lovisa.websakpoc.WebsakPOC.testSkrivSak(WebsakPOC.java:44)

不知道该怎么办

Answer 1

解决方案

我试过了 this jax-ws(不是 rpc)的文章。我已将我的代码更改为示例中保留的代码，仅省略 ClientBSTCredentialProvider - 我已将证书导入 java 默认 keystore 。最终代码如下所示:

    AddressingFeature feature = new AddressingFeature(true, false);
    port = service.getArkivServiceBasisEP(feature);

    objectFactory = new ObjectFactory();
    datatypeFactory = DatatypeFactory.newInstance();

    List<CredentialProvider> credProviders = new ArrayList<CredentialProvider>(); 
    CredentialProvider  cp = new ClientUNTCredentialProvider(username.getBytes(), password.getBytes()); 
    credProviders.add(cp); 

    Map<String, Object> requestContext = ((BindingProvider) port).getRequestContext();
    requestContext.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
    requestContext.put(WSSecurityContext.TRUST_MANAGER, new TrustManager() {
        public boolean certificateCallback(X509Certificate[] chain, int validateErr) {return true;}
    });

现在它可以在 WL 上运行了!