CXF로 STS/WS-Trust로 보호되는 SOAP 서비스에 액세스하고 싶습니다. 종속성을 줄이기 위해 스프링 구성 대신 CXFBusFactory
을 사용합니다. 이는 코드로 구성해야한다는 것을 의미하며 이는 웹에서 문서화되고 널리 사용되지 않습니다.코드로 STS/WS-Trust에 대한 CXF 구성
누구나 누락 된 구성 설정과 코드로 설정하는 방법을 지적 할 수 있습니까?
내가 가지고 : 그것은 중요한 경우private static void testSo(String endpointUrl, String username, String password) {
String busFactory = System.getProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME);
try {
// Setup the system properties to use the CXFBusFactory not the SpringBusFactory
System.setProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME, "org.apache.cxf.bus.CXFBusFactory");
CXFBusFactory bf = new CXFBusFactory();
Bus bus = bf.createBus();
bus.getFeatures().add(new org.apache.cxf.feature.LoggingFeature());
STSClient stsClient = new STSClient(bus);
stsClient.setWsdlLocation("https://example.com/adfs/services/trust/mex");
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}CustomBinding_IWSTrustFeb2005Async");
bus.setProperty("ws-security.callback-handler", "com.example.ClientCallbackHandler");
bus.setProperty("ws-security.username", username);
bus.setProperty("ws-security.password", password);
bus.setProperty("ws-security.sts.client", stsClient);
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL wsdlUrl = new URL(endpointUrl + "?singleWsdl");
Service ss = OrganizationService.create(wsdlUrl, SERVICE_NAME);
IOrganizationService port = ss.getPort(IOrganizationService.class);
ColumnSet cs = new ColumnSet();
cs.setAllColumns(true);
Entity e = port.retrieve("account", "323223", cs);
} catch (Exception ex) {
ex.printStackTrace();
} finally {
// clean up the system properties
if (busFactory != null) {
System.setProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME, busFactory);
} else {
System.clearProperty(BusFactory.BUS_FACTORY_PROPERTY_NAME);
}
}
}
대상 서비스는 MS CRM 2013.
Jul 25, 2014 12:24:55 PM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
WARNUNG: No assertion builder for type {http://schemas.microsoft.com/xrm/2011/Contracts/Services}AuthenticationPolicy registered.
Jul 25, 2014 12:24:55 PM org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder build
WARNUNG: sp:HttpsToken/wsp:Policy should have a value!
그리고이 예외 :
이까지 내가 CXF 로깅에서 얻을
javax.xml.ws.soap.SOAPFaultException: None of the policy alternatives can be satisfied.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158)
at com.sun.proxy.$Proxy46.retrieve(Unknown Source)
이
가 업데이트 1 : 나는 주요 문제에 의해 sp:HttpsToken/wsp:Policy
을 설정하는 것입니다 생각 암호. 아주 자주 웹은이 샘플 스프링 구성을 보여 주지만 코드로 복제하는 방법을 알지 못합니다 (Client client = ClientProxy.getClient(port);
). 예 :
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
업데이트 2 :
<wsp:Policy wsu:Id="CustomBinding_IOrganizationService_policy">
<wsp:ExactlyOne>
<wsp:All>
<ms-xrm:AuthenticationPolicy xmlns:ms-xrm="http://schemas.microsoft.com/xrm/2011/Contracts/Services">
<ms-xrm:Authentication>Federation</ms-xrm:Authentication>
<ms-xrm:SecureTokenService>
<ms-xrm:Identifier>http://sts1.example.com/adfs/services/trust</ms-xrm:Identifier>
</ms-xrm:SecureTokenService>
</ms-xrm:AuthenticationPolicy>
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<Issuer xmlns="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<Address xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</Address>
<Metadata xmlns="http://www.w3.org/2005/08/addressing">
<Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<wsx:MetadataSection xmlns="">
<wsx:MetadataReference>
<Address xmlns="http://www.w3.org/2005/08/addressing">https://sts1.edrcrm.com/adfs/services/trust/mex</Address>
</wsx:MetadataReference>
</wsx:MetadataSection>
</Metadata>
</Metadata>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
</trust:KeyType>
<trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize>
<trust:Claims xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity">
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"/>
</trust:Claims>
<trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
나는이 경고를 다른 사람들에게 보이는 것처럼 보이기 때문에이 문제를 해결했습니다. 그럼에도 불구하고'SOAPFaultException'은 진짜 문제이며'port'에서'retrieve'를 호출 할 때'try'의 마지막 줄에서 발생합니다. STS 보안 정책은 무엇을 의미합니까? – ZoolWay
CXF는 해당 정책이없는 경우 경고를 기록합니다. 이전에는 오류가 발생했습니다. 로깅 + 클라이언트 -> STS 메시지와 응답이 어떻게 보이는지 살펴보십시오. STS가 요청을 성공적으로 처리하고 있습니까? –
CXF를 사용하지 않고 다른 솔루션으로 전환 했으므로이를 더 확인할 수는 없지만 이것을 도와주는 접근 방식으로 받아들입니다. – ZoolWay