David.Turing's blog

# re: 實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 09:17 江南白衣

酷，XFire終于足夠安全，不用再公司項(xiàng)目那樣，靠防火墻過(guò)濾IP白名單了：）  回復(fù)  更多評(píng)論   

# re: 實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 11:40 david.turing

理論上，Sign模式適合分發(fā)型的Webservice結(jié)構(gòu)，舉一個(gè)例子，Microsoft公司有一個(gè)能夠計(jì)算股市走勢(shì)的WebService，他當(dāng)然不希望授權(quán)才能訪問(wèn)，于是，他要求調(diào)用方為每個(gè)Soap請(qǐng)求簽名，這樣他可以確保購(gòu)買了服務(wù)的人才能享受此服務(wù)

Encrypt模式適合集中式的WebService結(jié)構(gòu)，舉一個(gè)例子，中國(guó)最高人民檢察院提供一個(gè)WebService服務(wù)，它希望民間團(tuán)體能夠向政府舉證揭發(fā)貪污腐敗的官員，于是，他公布了自己的keystore，其中包含了私鑰，于是，民間團(tuán)體可以通過(guò)Encrypt模式加密一些比較私隱的信息(Username)，Only檢察院才能解密(因?yàn)樗麄冇兴借€)。  回復(fù)  更多評(píng)論   

# re: 實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 16:14 向大家學(xué)習(xí)

david研究AXIS2沒(méi)有？  回復(fù)  更多評(píng)論   

# re: 實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 16:28 david.turing

我和白衣都是從Axis2轉(zhuǎn)移到XFire，僅僅因?yàn)閄Fire是build on在Spring之上，集成Spring更容易。  回復(fù)  更多評(píng)論   

# re: 實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-09 23:07 向大家學(xué)習(xí)

david寫篇wss4j中使用opensaml的文章，網(wǎng)上都找不到相關(guān)文章  回復(fù)  更多評(píng)論   

# re: 實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-11 08:40 david.turing

好建議，我打算做一個(gè)Weblogic 9.2和XFire SAML的SSO Demo  回復(fù)  更多評(píng)論   

# re: 實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-11 14:30 向大家學(xué)習(xí)

代表人民感謝你了，只是我用的是AXIS2，很期待你的作品。  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-09-06 02:24 shuangxi

Hi, I have a question regarding to the exception handling. In my app,
the server encrypt the message before sending to client. But when
exception occurs, the client doesn't seem to be able to read the fault,
here is the stacktrace:

org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: Request does not contain required Security header
at org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:159)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:110)
at org.codehaus.xfire.client.Client.onReceive(Client.java:382)
....

Have you experiencing the same problem?

thanks,  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-09-06 10:21 david.turing

it seems that you have not correctly config the xfire configuration.
I meant that if you use Sign-Mode, you should not use the Encrypt-Mode Handler

Carefully check the configuration
<bean id="wss4jInHandlerSign" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="signaturePropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_sign.properties</prop>
<prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>
</props>
</property>
</bean>

check the "Signature" and "signaturePropFile". Be Sure not to confuss by "Encrypt" and "decryptionPropFile".  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-10-13 12:59 guofeng

很高興國(guó)內(nèi)有這樣的作品，不過(guò)我做了WS-Security測(cè)試, Signature簽名這個(gè)例子走不通，遇到異常：
org.codehaus.xfire.fault.XFireFault: WSHandler: Signature: error during message processing org.apache..ws.security.WSSecurityException:Signature creation failed; nested exception is: java.lang.NullPointerException
我很希望能夠得到您的指點(diǎn)在WS-Security方面。非常感謝！  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-10-27 12:53 david.turing

Debug一下，我在SpringSide2提供了一個(gè)測(cè)試的使用類，去借鑒一下？  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-01-12 13:24 三石

兩種方式按照例子都調(diào)通了,不過(guò)現(xiàn)在有個(gè)問(wèn)題,我的客戶端是通過(guò)wsdl用XFire的wsgen生成的,生成了3個(gè)文件:BookServiceClient.java/BookServiceImpl.java/BookServicePortType.java,仍然用例子中的代碼,只是把BookService改成了BookServicePortType,其他基本沒(méi)變.
發(fā)布的方法如果返回的是基本類型,能正常訪問(wèn)到.如果返回的是對(duì)象,客戶端就會(huì)報(bào)錯(cuò)org.codehaus.xfire.fault.XFireFault: Couldn't instantiate class. javax.xml.bind.JAXBElement.如果返回的是List,客戶端不報(bào)錯(cuò),但List的size為0
對(duì)于復(fù)雜對(duì)象應(yīng)該怎么處理?用wsgen生成的客戶端如何才能和WS security關(guān)聯(lián)起來(lái)?  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-03-09 15:21 lodzio

http://www.filmati-sadomaso.irsuto.info @X@   回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-10 18:26 王金柱

使用WSS4J,配置Bouncycastle這個(gè)SecurityProvider時(shí),不用更改jdk中的java.security.直接將包bcprov-jdk16-136.jar導(dǎo)入工程即可.下載地址是http://www.bouncycastle.org/

  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-10 18:31 王金柱

最近作網(wǎng)關(guān)的安全性功能.david關(guān)于WS-Security的文章講得非常好.對(duì)我的
幫助很大.謝謝~~~~~  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-11 10:21 csnowfox

不錯(cuò)不錯(cuò)，我也附上我的客戶端中使用spring的Sign模式配置
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans default-autowire="byName">
<bean id="xFireClientFactoryBean"
class="org.codehaus.xfire.spring.remoting.XFireClientFactoryBean">
<property name="serviceClass">
<value>org.cmb.webservice.service.Transaction</value>
</property>
<property name="wsdlDocumentUrl">
<value>http://localhost:9090/transaction.ser?wsdl</value>
</property>
<property name="outHandlers">
<list>
<ref bean="domOutHandler" />
<ref bean="wss4jOutHandlerSign" />
</list>
</property>
</bean>
<bean id="domOutHandler"
class="org.codehaus.xfire.util.dom.DOMOutHandler" />
<bean id="wss4jOutHandlerSign"
class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="user">ws_security</prop>
<prop key="passwordCallbackClass"> org.cmb.client.web.util.PasswordHandler
</prop>
<prop key="signaturePropFile"> org/cmb/client/web/util/insecurity.properties
</prop>
<prop key="signatureKeyIdentifie">IssuerSerial</prop>
</props>
</property>
</bean>
</beans>  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄](méi) 2007-05-24 17:14 kevin

有個(gè)問(wèn)題想要問(wèn)一下:
一個(gè)webservices的發(fā)布接口,既要簽名又要加密該怎么配置?
意思就是客戶端的請(qǐng)求需要用自己的私鑰簽名,用服務(wù)端的公鑰加密,服務(wù)端用客戶端的公鑰驗(yàn)證簽名,用自己的私鑰解密  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-30 13:39 王金拄

和只作加密或只作簽名時(shí)的方法基本一樣。
例如：
在服務(wù)端配置：
<!-- (6)BookWebService 使用 WSS4J驗(yàn)證 Encrypt & Signature模式-->
<bean id="bookServiceWSS4JSignEnc" class="org.codehaus.xfire.spring.remoting.XFireExporter">
<property name="serviceBean" ref="bookManager"/>
<property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JSignEnc"/>
<property name="inHandlers">
<list>
<ref bean="domInHandler"/>
<ref bean="wss4jInHandlerSignEnc"/>
<ref bean="validateUserTokenHandler"/>
</list>
</property>
</bean>

<bean id="wss4jInHandlerSignEnc" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
<property name="properties">
<props>
<prop key="action">Encrypt Signature</prop>
<prop key="signaturePropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_sign.properties</prop>
<prop key="decryptionPropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_enc.properties</prop>
<prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>
</props>
</property>
</bean>

</beans>

客戶端也作相應(yīng)的修改即可。
注意：1.客戶端在配置WSHandlerConstants.ACTION時(shí)，Encrypt Signature的順序不能寫反。
2.用于加密和簽名的密鑰對(duì)最好配置成獨(dú)立的兩對(duì)。  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-30 16:35 王金拄

@kevin
在xfire-distribution-1.2.6中的example文件夾中有個(gè)ws-security例子。也可以借鑒一下。  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-31 08:59 yanghuw

我寫Client代碼調(diào)用時(shí)為什么拋出異常，說(shuō)NamespaceURI cannot be null.  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-01 18:27 王金拄

可能是你的服務(wù)端設(shè)置了命名空間而客戶端沒(méi)有設(shè)置命名空間。
要把服務(wù)端和客戶端都的命名空間設(shè)置成相同的。或者都用默認(rèn)的  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-03 14:39 sdfa

能和acegi集成實(shí)現(xiàn)安全認(rèn)證？  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-04 12:05 yanghuw

我沒(méi)有指定命名空間，如果返回的對(duì)象的所有屬性都是基本類型的話沒(méi)有問(wèn)題，但是如果屬性包含別的對(duì)象就會(huì)拋出異常
  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-11 11:04 nesta

為什么我的老是報(bào)這個(gè)錯(cuò)誤呢？我使用的是1.26版的。
2007-06-11 10:59:12,640 ERROR - Servlet.service() for servlet jsp threw excepti
on
java.lang.IllegalStateException: getOutputStream() has already been called for t
his response
at org.apache.catalina.connector.Response.getWriter(Response.java:599)
at org.apache.catalina.connector.ResponseFacade.getWriter(ResponseFacade
.java:195)
at org.apache.jasper.runtime.JspWriterImpl.initOut(JspWriterImpl.java:12
4)
at org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.jav
a:117)
at org.apache.jasper.runtime.PageContextImpl.release(PageContextImpl.jav
a:191)
at org.apache.jasper.runtime.JspFactoryImpl.internalReleasePageContext(J
spFactoryImpl.java:115)
at org.apache.jasper.runtime.JspFactoryImpl.releasePageContext(JspFactor
yImpl.java:75)
at org.apache.jsp.image_jsp._jspService(image_jsp.java:129)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
.java:332)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:3
14)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at com.syscanhc.tjy.util.SetCharacterEncodingFilter.doFilter(SetCharacte
rEncodingFilter.java:171)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.p
rocessConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo
int.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFol
lowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:684)
at java.lang.Thread.run(Thread.java:595)  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-12 20:26 ntucz

.net有可能調(diào)用ws-security啊？  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄](méi) 2007-08-29 11:05 Neil

insecurity_sign.properties
這個(gè)文件沒(méi)有呀  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-09-27 11:29 null

好像是xfire帶的例子的子集  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-10-11 16:20 yd

" Encrypt模式的Client是在客戶端用david的公鑰加密Soap里面的usernameToken，然后發(fā)送到Web服務(wù)，Web服務(wù)用david的私鑰來(lái)驗(yàn)證。這種模式需要客戶端預(yù)先知道服務(wù)器端的公鑰。"
encrypt模式是對(duì)usernameToken加密還是對(duì)整個(gè)soap消息加密?如過(guò)是前者,那如何對(duì)整個(gè)soap消息加密來(lái)保證消息的安全性呢？  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-12-23 14:19 srvrv12

我在Sign的模式下一直出現(xiàn)
Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security processing failed
但在Enc的模式下卻是正常的，我檢查過(guò)所有的配置及寫法都是正確的，請(qǐng)問(wèn)一下問(wèn)題可能出在那裡?

另外，我用Enc的模式在 TCP/IP Monitor裡進(jìn)行觀查，發(fā)現(xiàn)Client所發(fā)出的訊息是有加密，但Server端所回覆的卻是明碼，請(qǐng)問(wèn)我如何進(jìn)行加密? thanks~~  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄](méi) 2007-12-29 11:38 MagicYang

樓上的第二個(gè)問(wèn)題應(yīng)該是沒(méi)有配置outHandlers
<bean id="bookServiceWSS4JEnc" class="org.codehaus.xfire.spring.remoting.XFireExporter">
<property name="serviceBean" ref="bookManager"/>
<property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JEnc"/>
<property name="inHandlers">
<list>
<ref bean="domInHandler"/>
<ref bean="wss4jInHandlerEnc"/>
<ref bean="validateUserTokenHandler"/>
</list>
</property>
<property name="outHandlers">
<list>
...
</list>
</property>
</bean>  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄](méi) 2008-01-15 13:05 bruce

寫的不錯(cuò)!  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄](méi) 2008-01-15 16:55 william

16:47:32,875 DEBUG [org.codehaus.xfire.handler.HandlerPipeline] Invoking handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler in phase pre-invoke
16:47:32,906 INFO [org.codehaus.xfire.handler.DefaultFaultHandler] Fault occurred!
org.codehaus.xfire.fault.XFireFault: Header {Security}http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd was not undertsood by the service.
at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.assertUnderstandsHeader(ValidateHeadersHandler.java:76)
at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.invoke(ValidateHeadersHandler.java:53)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
at org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
at org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:304)
at org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:129)
at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:413)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄](méi) 2008-01-15 16:56 william

誰(shuí)能告訴我這個(gè)異常是為什么啊?斑竹在嗎?  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄](méi) 2008-01-15 16:56 william

16:47:32,875 DEBUG [org.codehaus.xfire.handler.HandlerPipeline] Invoking handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler in phase pre-invoke
16:47:32,906 INFO [org.codehaus.xfire.handler.DefaultFaultHandler] Fault occurred!
org.codehaus.xfire.fault.XFireFault: Header {Security}http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd was not undertsood by the service.
at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.assertUnderstandsHeader(ValidateHeadersHandler.java:76)
at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.invoke(ValidateHeadersHandler.java:53)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
at org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
at org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:304)
at org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:129)
at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:413)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄](méi) 2008-01-18 16:31 william

斑竹能給我一個(gè)完整的例子嗎?例如怎么配置services.xml文件,怎么和SPRING 整合,怎么生成私鑰和公鑰和證書等等,還有怎么通過(guò)SOAP HEADER來(lái)認(rèn)證的,怎么通過(guò)SESSION認(rèn)證,怎么實(shí)現(xiàn)和ACEGI的整合,怎么解決上面的問(wèn)題,希望斑竹給個(gè)聯(lián)系方式,我們可以交流交流,我的EMAIL是:362726130@QQ.COM,謝謝!  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-04-15 22:17 wmcoo

終于找到了,遲來(lái)的星星  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄](méi) 2008-07-27 01:10 sam

如果客戶端的是多個(gè)密鑰的話，服務(wù)端怎么處理，怎么選擇客戶端的公鑰來(lái)加密呢？  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-09-24 15:33 hello

SecureX 是什么啊,怎么用啊?  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-09-24 15:33 hello

生成.jks文件的sourceX是什么?怎么用的?什么原理呀?   回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-11-26 13:14 leke_斌

真是好文章 在這篇文章的基礎(chǔ)上我實(shí)現(xiàn)了用戶驗(yàn)證+報(bào)文加密的WS-Security，在結(jié)合中出現(xiàn)org.apache.ws.security.components.crypto.Merlin cannot create instance這個(gè)異常 花費(fèi)了我一天的時(shí)間才解決這問(wèn)題 最后我是重新配置了一遍密鑰庫(kù)文件,把私鑰和密鑰對(duì)的別名的訪問(wèn)密碼重新設(shè)定。

但現(xiàn)在我這邊還有個(gè)問(wèn)題，因?yàn)槲疫@邊是C#與java兩點(diǎn)交互的系統(tǒng) 不知在C＃端能不能怎么加密報(bào)文
大家多多指教 email: liubinan@yahoo.com.cn
  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2009-01-15 09:26 賑災(zāi)研究

@三石
Service serviceModel = new ObjectServiceFactory(
new AegisBindingProvider(new JaxbTypeRegistry()))
.create(UserServiceComPortType.class);

myeclipse自動(dòng)生成的web service與xfire默認(rèn)的綁定方式不一樣造成的。
xfire默認(rèn)的綁定方式是：aegis。而生成的客戶端是用的JAXB@三石
  回復(fù)  更多評(píng)論   

# re: [原創(chuàng)]實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2011-06-02 21:10 xuezhishou

不知樓主現(xiàn)在是否還能回答下問(wèn)題！本人遇到了和srvrv12的第一個(gè)問(wèn)題一樣的問(wèn)題，即在Sign的模式下一直出現(xiàn) Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security processing failed ，不知是否已經(jīng)有人解決了，可否賜教下
  回復(fù)  更多評(píng)論