cxf - BSP:R5417: Any SIG_KEY_INFO MUST contain a SECURITY_TOKEN_REFERENCE child element
问题描述
The SOAP-server (which I doesn't control) sent me back the answer, which contains the next section:
<ds:KeyInfo>
<ds:X509Data>
<ds:X509SubjectName>
EMAILADDRESS=***@******, CN=*********, OU=***, O=*****, L=****, ST=***, C=**
</ds:X509SubjectName>
</ds:X509Data>
</ds:KeyInfo>
The specification of Web Services Security
X.509 Certificate Token Profile 1.1 in section 3.2 is saying that <ds:X509Data> must be subelement of <wsse:SecurityTokenReference>.
Am I watching to right docs and am I right that server sending incorrect response?
Is there are ways to fix this on the client side?
p.s. I tried to change WSS4jInInterceptors and set some properties to change key type but I think I did this in incorrect way.
p.p.s And the error stacktrace below:
org.apache.cxf.binding.soap.SoapFault: BSP:R5417: Any SIG_KEY_INFO MUST contain a SECURITY_TOKEN_REFERENCE child element
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:809)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:313)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:93)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1636)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1525)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1330)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:638)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:137)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: BSP:R5417: Any SIG_KEY_INFO MUST contain a SECURITY_TOKEN_REFERENCE child element
at org.apache.wss4j.dom.bsp.BSPEnforcer.handleBSPRule(BSPEnforcer.java:57)
at org.apache.wss4j.dom.processor.SignatureProcessor.handleToken(SignatureProcessor.java:158)
at org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:427)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:257)
... 25 more
解决方案
After some research I just removed the WSS4JInInterceptor and developed my custom validator.
推荐阅读
- exception - 来自烧瓶装饰器的日志异常源
- python-3.x - 我想学习如何在 Python3 中实现 a* 寻路
- python - 如何在创建新模型期间更新 Django 模型的预先存在的记录
- php - 如何在作曲家中解决这个问题?
- javascript - 从 javascript 生成的输出中提取 html 源代码
- kubernetes - 在 pod 中的容器之间共享文件系统
- python - 如何在 Pandas Dataframe Python 中按列总结每 3 行
- c - C指针声明之间的区别
- vb.net - vb.net用ms访问数据库datagrid视图可以更新数量
- file - 批量创建文件夹相同的文件名