Web Services org.apache.cxf.ws.policy.PolicyException:无法满足任何策略备选项

qco9c6ql  于 2022-11-15  发布在  Apache
关注(0)|答案(6)|浏览(262)

我想用JUnit和ApacheCXF编写一个简单的集成测试来测试一些支持WS-Security的服务。

MyService myService = new myWsService(MY_SERVICE_WSDL).getMyWs()
Client client = ClientProxy.getClient(myService);
Map<String, Object> ctx = ((BindingProvider) myService).getRequestContext();
ctx.put("ws-security.callback-handler", new KeystorePasswordCallback());
ctx.put("ws-security.signature.crypto", new MyMerlinImpl());

其中MyMerlinImpl只是在被重写loadProperties方法中传递所需Merln.* 属性值,
我得到:

sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}WssX509V1Token11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RequireIssuerSerialReference registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256Sha256 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InclusiveC14N registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Layout registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Strict registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}OnlySignEntireHeadersAndBody registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11 registered.
sie 12, 2015 11:52:10 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNING: No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}MustSupportRefIssuerSerial registered.

org.apache.cxf.ws.policy.PolicyException: None of the policy alternatives can be satisfied.

我做错了什么?这些似乎是相当标准的策略...事实上,我在一个JBoss EAP 6. 1 WS客户端上使用了相同的代码,它运行得很好。

dsf9zpds

dsf9zpds1#

类路径上是否有cxf-rt-ws-security jar?
科尔姆

ui7jx7zq

ui7jx7zq2#

Chetan给出的答案是有效的,但是,如果多个策略出现错误,则需要将它们添加到一个集中

org.apache.cxf.endpoint.Client client = 
    org.apache.cxf.frontend.ClientProxy.getClient(port);
    org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();

    Bus bus = client.getBus();
    PolicyInterceptorProviderRegistry reg = bus.getExtension(PolicyInterceptorProviderRegistry.class);
    Set <QName> set = new HashSet<>();
    set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "IncludeTimestamp") );
    set.add(new QName("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy", "TransportBinding"));
    reg.register(new IgnorablePolicyInterceptorProvider(set));

This link explains the solution in detail

kfgdxczn

kfgdxczn3#

我自己的两分钱:在我自己特殊场景(JAX-WS、WS-Security、WS-SecurityPolicy)中,在执行client.getConduit()时会发生此错误,如下所示:

org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();

上述代码运行时没有引发任何异常(尽管我后来遇到了其他问题),当使用Apache CXF 2.7.18时-我在升级到Apache CXF 3.0.16时开始遇到Assert构建器的问题。现在cxt-rt-ws-security JAR在类路径上,但似乎这个版本的CXF中的WSS 4J被拆分成了多个JAR,因此我必须将wss 4j-policy JAR从CXF下载包包含到类路径中。
错误保持不变,但至少声明生成器中的一长串警告消失了(No assertion builder for type T registered),现在被替换为:
13:45:55,723警告WSSecurityPolicyLoader,main:112 -无法加载或注册与WS-SecurityPolicy相关的类。请检查Apache WSS 4J(的正确版本)是否位于类路径中:处理程序/WSH处理程序
13:45:55,753警告WSSecurityPolicyLoader,main:112 -无法加载或注册与WS-SecurityPolicy相关的类。请检查Apache WSS 4J(的正确版本)是否位于类路径中:基于策略的WSS 4JIn拦截器
长话短说,我收到了其他警告(我通过在CXF包的lib目录中执行盲grep来查找JAR,并逐个包含它们),
并最终包括所有wss 4j-*.jar文件
对getConduit()的调用现在至少通过了。

pbgvytdp

pbgvytdp4#

如果您使用的是Sping Boot ,则可以按如下方式禁用策略检查:

@Bean(name = Bus.DEFAULT_BUS_ID)
    public SpringBus springBus() {
        SpringBus springBus = new SpringBus();
        var e = new PolicyEngineBPDefinitionParser.PolicyEngineConfig(springBus);
        e.setEnabled(false);
        springBus.getFeatures().add(e);
    }
toiithl6

toiithl65#

最后通过添加WSS4JOutInterceptor解决了这个问题。似乎在JBoss中这个拦截器是自动添加的...

Client client = ClientProxy.getClient(myService);
Endpoint endpoint = client.getEndpoint()
endpoint.getOutInterceptors().add(new WSS4JOutInterceptor())
rwqw0loc

rwqw0loc6#

如果WSDL文件中定义的策略是非标准的,那么CXF将无法解析它。因此出现错误。
有两种方法-您可以忽略它(如果可以忽略的话)或提供一个备用提供程序。
若要忽略-请建立IgnorablePolicyInterceptorProvider的执行严修并注册它。
下面是忽略WSDL中定义的NtlmAuthentication策略的示例。注意:NtlmAuthentication的行程方式应该与设定soap信头的方式不同。

Client client = ClientProxy.getClient(port);
                  Bus bus = client.getBus();
                  PolicyInterceptorProviderRegistry pipr = bus.getExtension(PolicyInterceptorProviderRegistry.class);

QName ntmlIgnore = new QName("http://schemas.microsoft.com/ws/06/2004/policy/http", "NtlmAuthentication");
interceptorRegProvider.register(new IgnorablePolicyInterceptorProvider(ntmlIgnore));

相关问题