您的位置: 首页  >  技术问答  >  WSS4J不解析SOAP消息

WSS4J不解析SOAP消息

分类: 技术问答 2022-07-14 22:32:29
问题描述:

我有这样的代码:WSS4J不解析SOAP消息

private WSSecurityEngine engine = new WSSecurityEngine(); 
private CallbackHandler callbackHandler = new UsernamePasswordCallbackHandler(); 

@Test 
public void testWss4jEngine() { 

    InputStream in = getClass().getClassLoader().getResourceAsStream("soap/soapWithUsernameTokenRequest.xml"); 

    DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance(); 
    DocumentBuilder docBuilder; 
    Document doc = null; 
    try { 
     docBuilder = builderFactory.newDocumentBuilder(); 

     doc = docBuilder.parse(in); 

    } catch (Exception e) { 
     LOG.error("Error parsing incoming request. Probably it is not a valid XML/SOAP message.", e); 

     return; 
    } 

    List<WSSecurityEngineResult> results = null; 

    try { 
     results = engine.processSecurityHeader(doc, null, callbackHandler, null); 
    } catch (WSSecurityException e) { 
     // TODO Auto-generated catch block 
     e.printStackTrace(); 
    } 

    // the following line raises a NullPointerException 
    WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.UT); 
    UsernameToken receivedToken = (UsernameToken) actionResult.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN); 
    Assert.assertTrue(receivedToken != null); 
}

从传递给WSS4J引擎中的文件的SOAP消息是:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
<SOAP-ENV:Header> 
    <wsse:Security 
     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
     SOAP-ENV:mustUnderstand="1"> 
     <wsse:UsernameToken wsu:Id="UsernameToken-2"> 
      <wsse:Username>wernerd</wsse:Username> 
      <wsse:Password 
       Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">+dCtKLCG5+uDxNM8tLh8BSQSqgY=</wsse:Password> 
      <wsse:Nonce 
       EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">lZlpivFFQ3nhpp2Wf6pu+g==</wsse:Nonce> 
      <wsu:Created>2012-07-10T15:25:46.627Z</wsu:Created> 
     </wsse:UsernameToken> 
    </wsse:Security> 
</SOAP-ENV:Header> 
<SOAP-ENV:Body> 
    <tem:Add xmlns:tem="http://tempuri.org/"> 
     <tem:a>1</tem:a> 
     <tem:b>2</tem:b> 
    </tem:Add> 
</SOAP-ENV:Body>

在我认为它是完全符合WS-Security UsernameToken的消息!

但是,engine.processSecurityHeader()不返回任何安全结果。结果变量保持为空,然后在下一行中提出NPE。这里是堆栈跟踪:

java.lang.NullPointerException 
at org.apache.ws.security.util.WSSecurityUtil.fetchActionResult(WSSecurityUtil.java:845) 
at de.justworks.wssproxy.servlet.test.WssProxyServletTestIT.testWss4jEngine(WssProxyServletTestIT.java:121) 
at org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:76)

任何人都知道我在做什么错了?

感谢 弗兰克

万岁!

发现问题。

这是设置

builderFactory.setNamespaceAware(true)
,你必须要为文档生成器工厂设置

干杯! Frank

相关推荐