XFire中实现WS-Security时出现的异常及原因

最新推荐文章于 2024-02-21 17:01:24 发布
最新推荐文章于 2024-02-21 17:01:24 发布
阅读量555 收藏
点赞数
分类专栏: webservice 文章标签: Security Java Apache SOAP Tomcat
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/youwei0411/article/details/83282271
版权
XFire中实现WS-Security时出现的异常及原因:

1.缺包,在客户端添加xalan.jar 



Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/xml/utils/URI$MalformedURIException

    at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:350)

    at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:703)

    at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:54)

    at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)

    at org.codehaus.xfire.security.wss4j.WSS4JOutHandler.invoke(WSS4JOutHandler.java:158)

    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)

    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)

    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)

    at org.codehaus.xfire.client.Client.invoke(Client.java:336)

    at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)

    at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)

    at $Proxy0.test(Unknown Source)

    at keytool.TestClient.main(TestClient.java:69)



2.在调用服务端方法前未添加Handler,没有对报头添加信息 

Exception in thread "main" org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: Request does not contain required Security header

org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: Request does not contain required Security header

    at org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)

    at org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)

    at org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)

    at org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)

    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)

    at org.codehaus.xfire.client.Client.onReceive(Client.java:406)

    at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)

    at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)

    at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)

    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)

    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)

    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)

    at org.codehaus.xfire.client.Client.invoke(Client.java:336)

    at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)

    at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)

    at $Proxy0.getList(Unknown Source)

    at keytool.TestClient.main(TestClient.java:46)



如果是基于用户名密码的可能报的是这样的错: 

Exception in thread "main" org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: 请求必须包含验证信息
org.codehaus.xfire.fault.XFireFault: 请求必须包含验证信息
    at org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)
    at org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)
    at org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)
    at org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)
    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
    at org.codehaus.xfire.client.Client.onReceive(Client.java:406)
    at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)
    at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
    at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
    at org.codehaus.xfire.client.Client.invoke(Client.java:336)
    at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
    at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
    at $Proxy0.getUser(Unknown Source)
    at test.ClientTest.main(ClientTest.java:35)

就是代表验证不合法,拒绝提供服务。



3. 安装对应JDK 版本的Unlimited Strength Jurisdiction策略文件. 策略文件包括local_policy.jar和US_export_policy.jar文件,将其拷贝到<JAVA_HOME>/jre/lib/security目录下。



你可以从http: //java.sun.com/j2se/1.5.0/download.jsp 或 http://java.sun.com/j2se/1.4.2/download.html页面的底部找到下载的链接。否则在使用WS- Security时,可以会抛出java.security.InvalidKeyException: Illegal key size的错误信息。



4. 安装SecurityProvider

WSS4J使用了BouncyCastle的SecurityProvider,所以需要事先在java.security文件中进行配置,否则运 行加密模式的XFire认证时,会抛出以下的出错信息:org.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used unsupported key

在java.security文件中(位于<JAVA_HOME>/jre/lib/security目录中)添加BouncyCastleProvider的配置:



security.provider.1=sun.security.provider.Sun

security.provider.2=sun.security.rsa.SunRsaSign

security.provider.3=com.sun.net.ssl.internal.ssl.Provider

security.provider.4=com.sun.crypto.provider.SunJCE

security.provider.5=sun.security.jgss.SunProvider

security.provider.6=com.sun.security.sasl.Provider

security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider





5.配置文件里缺少<inHandlers>.... </inHandlers>这段配置或者这段配置有问题。 



Exception in thread "main" org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Header {Security}http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd was not undertsood by the service.

org.codehaus.xfire.fault.XFireFault: Header {Security}http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd was not undertsood by the service.

    at org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)

    at org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)

    at org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)

    at org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)

    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)

    at org.codehaus.xfire.client.Client.onReceive(Client.java:406)

    at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)

    at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)

    at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)

    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)

    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)

    at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)

    at org.codehaus.xfire.client.Client.invoke(Client.java:336)

    at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)

    at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)

    at $Proxy0.test(Unknown Source)

    at keytool.TestClient.main(TestClient.java:69)





Fault occurred!

org.codehaus.xfire.fault.XFireFault: Header {Security}http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd was not undertsood by the service.

    at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.assertUnderstandsHeader(ValidateHeadersHandler.java:76)

    at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.invoke(ValidateHeadersHandler.java:53)

    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)

    at org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)

    at org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)

    at org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:304)

    at org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:129)

    at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)

    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)

    at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)

    at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)

    at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)

    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)

    at java.lang.Thread.run(Thread.java:595)



6.配置文件。。.properties的org.apache.ws.security.crypto.merlin.file有错



Exception in thread "main" org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: org.apache.ws.security.components.crypto.Merlin cannot create instance

org.codehaus.xfire.fault.XFireFault: org.apache.ws.security.components.crypto.Merlin cannot create instance

    at org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)

    at org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)

    at org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)

    at org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)

    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)

    at org.codehaus.xfire.client.Client.onReceive(Client.java:406)

    at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)







7. Unexpected close tag </body>; expected </HR>.服务端缺少xalan.jar。

15:27:36,062 ERROR [STDERR] org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Unexpected close tag </body>; expected </HR>.
at [row,col {unknown-source}]: [1,1013]
15:27:36,062 ERROR [STDERR] org.codehaus.xfire.fault.XFireFault: Unexpected close tag </body>; expected </HR>.
at [row,col {unknown-source}]: [1,1013]
15:27:36,062 ERROR [STDERR] at org.codehaus.xfire.fault.XFireFault.createFault(XFireFault.java:89)
15:27:36,062 ERROR [STDERR] at org.codehaus.xfire.client.Client.onReceive(Client.java:386)



8. java.lang.NoClassDefFoundError: org/apache/xml/serializer/TreeWalker错误
原因:原本这个类是包含在xalan.jar中的,但是xalan-j2.7.0版的发布包中,将serializer包中的类单独打包成serializer.jar,不再包含在xalan.jar中,所以才会即使添加了xalan.jar也无法找到该类,添加后即可解决问题。添加到服务端。



错误内容如下:Unrecognized xbean element mapping: services in namespace http://xfire.codeh.
经过分析得出XFire1.26需要xalan.jar包的支持.因此要添加xalan.jar



错误一:

15:27:36,062 ERROR [STDERR] org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Unexpected close tag </body>; expected </HR>.
at [row,col {unknown-source}]: [1,1013]
15:27:36,062 ERROR [STDERR] org.codehaus.xfire.fault.XFireFault: Unexpected close tag </body>; expected </HR>.
at [row,col {unknown-source}]: [1,1013]
15:27:36,062 ERROR [STDERR] at org.codehaus.xfire.fault.XFireFault.createFault(XFireFault.java:89)
15:27:36,062 ERROR [STDERR] at org.codehaus.xfire.client.Client.onReceive(Client.java:386)

解决方法:调用的地址写错了。这个原因好像不对,在我的项目中遇到这个问题,竟然是因为服务端缺少xalan.jar。





错误二:

Caused by: java.lang.IllegalAccessException: Class org.codehaus.xfire.service.invoker.LocalFactory can not access a member of class

解决方法:接口实现类不是public 的,所以不能实例化。





错误三:java.io.CharConversionException: Invalide char #a323

解决方法:试试添加 xfire 1.1 miscellaneous 库
youwei0411
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
xfire+spring实现ws-security(数字签名和报文加密)
09-16
eclipse下spring+xfire实现ws-security的简单例子,包含服务器和客户端的代码,实现用户名/密码.数字签名和报文加密的安全认证,唯一不足的是没有实现数字签名和报文加密的混合模式(可能是密匙文件的问题,正在努力),如果有疑问或更好的建议,请联系我,邮箱: windjie8@163.com
Webservice实现WS-SecurityXFire
07-30
NULL 博文链接:https://zhaoshijie.iteye.com/blog/839050
XFire实现WS-Security
zlping的博客
02-11 146
在1.1已经支持ws-security了。XFire通过wss4j提供ws-security支持。一、    前提条件:前提条件要安装Unlimited Strength Jurisdiction Policy(可以在http://java.sun.com/j2se/1.5.0/download.jsp或http://java.sun.com/j2se/1.4.2/download.html下载...
xfire+wss4j实现WS-Security (一)
菜鸟吴
01-21 135
最近一直在研究web service,搞完了服务端返回对象,接着搞了WS-Security 走了许多弯路,最后才发现其实可以很容易的。 在MyEclipse里面新建web service项目,加包的候一定要把Security加进去啊,我就是因为刚开始没加入这个,缺了好多包,自己又到处去down,最后版本还不对,总是少这个少那个,绕了一圈突然发现要的东西原来已经在眼前了。 还要注意的是,网...
XFire实现WS-Security完整编
小茗的专栏
03-18 2107
  转自:http://docs.codehaus.org/pages/viewpage.action?pageId=59451  Added by qiujiayu, last edited by qiujiayu on Aug 04, 2006  (view change)
XFire实现WS-Security经典
08-17
标题"XFire实现WS-Security经典"表明了本文将深入探讨如何在XFire框架实现Web服务安全标准——WS-SecurityWS-Security(Web Services Security)是 Oasis 标准组织定义的一套用于保护Web服务交互的安全规范,...
基于XFire实施WS-Security
08-09
综上所述,基于XFire实施WS-Security实现Web Service安全的重要途径,它利用WS-Security标准在应用层提供了一套完整的安全策略。通过WSS4J和XFire的Handler机制,开发人员可以方便地对SOAP报文进行加密、签名和...
xfire1.2.6 ws-security示例
01-15
在这个示例,我们将探讨如何在xfire1.2.6实现和应用WS-SecurityWS-Security标准由OASIS(Organization for the Advancement of Structured Information Standards)制定,旨在提供一种在SOAP消息层进行安全...
xfire ws-security跑起来
czmchen的专栏
01-15 3083
由于开发的需要,要用到xfire,对于开发我比较关心的是安全和速度!所以就找了xfirews-security,利用它的安全证书和key,安全足够了先到网上下载最新版的xfire,一般都去官方网站下载,了解下详情!其官网为http://xfire.codehaus.org现在最新版为1.2.6,把xfire-all-1.2.6.jar 和 xfire-distributi
asix2,xFire,cxf优缺点
04-02
asix2,xFire,cxf三种常见webServer工具类进行了比较,通过对比学习能更深刻的掌握webServer技术
XFire进行自定义异常
半步多
12-28 1686
完整版见https://jadyer.github.io/
Cxf+wss4j的WS-Security实现异常解决续篇)
08-22 5522
在http://blog.csdn.net/wangchsh2008/article/details/6708270,我做了一个最简单的cxf安全认证的demo,在其过程出现了很多问题。 一开始lib下缺少xalan-2.7.1.jar、opensaml-1.1.jar、
HTTP ERROR 403 No valid crumb was included in the request
weixin_60873777的博客
12-27 467
war包安装情况下 找到jenkins目录。修改false为true。重启Jenkins即可。
jenkins远程触发构建报:Error 403 No valid crumb was included in the request
最新发布
小西的博客
02-21 749
jenkins远程触发构建
Nutch爬虫解决页面相对路径问题
weixin_34358092的博客
07-03 117
2019独角兽企业重金招聘Python工程师标准>>> ...
org.codehaus.xfire.transport.http.XFireConfigurableServlet报错 xfire
isunlight001的专栏
07-24 2486
今天在做webservicedemo的候,遇到这个错误,网上查找是由于xfire的配置路径不正确。 xfire的配置文件放哪 ? 答:默认下xfire的配置文件为service.xml放在META-INF的xfire文件夹下,有不对,你要在WEB-INF下建classes文件夹将META-INF文件拷到下面,但这些都不是正解(可以在web.xml这样配置路径)
ClassNotFoundException: org.codehaus.xfire.transport.http.XFireConfigurableServlet怎么解决
草样涂荼
05-18 4715
开发遇到XFireConfigurableServlet not found 奇怪:在build path 明明有引用xfire的jar包,而且eclipse编译通过为什么之行就报notfound? 答:这里要分清一个概念:build path是开发的环境对于一般的java项目可以,但java web项目要注意,它是在部署环境运行的,它最终引用的jar是运行环境(比如tomcat),讲到这里
Spring框架的WebService开发与Spring-WS详解
6. 使用WS-Security安全策略:考虑到Web服务的安全性,章节还将探讨如何在Spring-WS实施WS-Security,以保护敏感数据和防止未授权访问。 通过本章的学习,开发者不仅能理解Spring-WS的核心原理,还能掌握在实际...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值