David.Turing's blog

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 09:17 江南白衣

酷，XFire終于足夠安全，不用再公司項目那樣，靠防火墻過濾IP白名單了：）  回復(fù)  更多評論   

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 11:40 david.turing

理論上，Sign模式適合分發(fā)型的Webservice結(jié)構(gòu)，舉一個例子，Microsoft公司有一個能夠計算股市走勢的WebService，他當(dāng)然不希望授權(quán)才能訪問，于是，他要求調(diào)用方為每個Soap請求簽名，這樣他可以確保購買了服務(wù)的人才能享受此服務(wù)

Encrypt模式適合集中式的WebService結(jié)構(gòu)，舉一個例子，中國最高人民檢察院提供一個WebService服務(wù)，它希望民間團體能夠向政府舉證揭發(fā)貪污腐敗的官員，于是，他公布了自己的keystore，其中包含了私鑰，于是，民間團體可以通過Encrypt模式加密一些比較私隱的信息(Username)，Only檢察院才能解密(因為他們有私鑰)。  回復(fù)  更多評論   

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 16:14 向大家學(xué)習(xí)

david研究AXIS2沒有？  回復(fù)  更多評論   

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 16:28 david.turing

我和白衣都是從Axis2轉(zhuǎn)移到XFire，僅僅因為XFire是build on在Spring之上，集成Spring更容易。  回復(fù)  更多評論   

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-09 23:07 向大家學(xué)習(xí)

david寫篇wss4j中使用opensaml的文章，網(wǎng)上都找不到相關(guān)文章  回復(fù)  更多評論   

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-11 08:40 david.turing

好建議，我打算做一個Weblogic 9.2和XFire SAML的SSO Demo  回復(fù)  更多評論   

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-11 14:30 向大家學(xué)習(xí)

代表人民感謝你了，只是我用的是AXIS2，很期待你的作品。  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-09-06 02:24 shuangxi

Hi, I have a question regarding to the exception handling. In my app,
the server encrypt the message before sending to client. But when
exception occurs, the client doesn't seem to be able to read the fault,
here is the stacktrace:

org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: Request does not contain required Security header
at org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:159)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:110)
at org.codehaus.xfire.client.Client.onReceive(Client.java:382)
....

Have you experiencing the same problem?

thanks,  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-09-06 10:21 david.turing

it seems that you have not correctly config the xfire configuration.
I meant that if you use Sign-Mode, you should not use the Encrypt-Mode Handler

Carefully check the configuration
<bean id="wss4jInHandlerSign" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="signaturePropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_sign.properties</prop>
<prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>
</props>
</property>
</bean>

check the "Signature" and "signaturePropFile". Be Sure not to confuss by "Encrypt" and "decryptionPropFile".  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-10-13 12:59 guofeng

很高興國內(nèi)有這樣的作品，不過我做了WS-Security測試, Signature簽名這個例子走不通，遇到異常：
org.codehaus.xfire.fault.XFireFault: WSHandler: Signature: error during message processing org.apache..ws.security.WSSecurityException:Signature creation failed; nested exception is: java.lang.NullPointerException
我很希望能夠得到您的指點在WS-Security方面。非常感謝！  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-10-27 12:53 david.turing

Debug一下，我在SpringSide2提供了一個測試的使用類，去借鑒一下？  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-01-12 13:24 三石

兩種方式按照例子都調(diào)通了,不過現(xiàn)在有個問題,我的客戶端是通過wsdl用XFire的wsgen生成的,生成了3個文件:BookServiceClient.java/BookServiceImpl.java/BookServicePortType.java,仍然用例子中的代碼,只是把BookService改成了BookServicePortType,其他基本沒變.
發(fā)布的方法如果返回的是基本類型,能正常訪問到.如果返回的是對象,客戶端就會報錯org.codehaus.xfire.fault.XFireFault: Couldn't instantiate class. javax.xml.bind.JAXBElement.如果返回的是List,客戶端不報錯,但List的size為0
對于復(fù)雜對象應(yīng)該怎么處理?用wsgen生成的客戶端如何才能和WS security關(guān)聯(lián)起來?  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-03-09 15:21 lodzio

http://www.filmati-sadomaso.irsuto.info @X@   回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-10 18:26 王金柱

使用WSS4J,配置Bouncycastle這個SecurityProvider時,不用更改jdk中的java.security.直接將包bcprov-jdk16-136.jar導(dǎo)入工程即可.下載地址是http://www.bouncycastle.org/

  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-10 18:31 王金柱

最近作網(wǎng)關(guān)的安全性功能.david關(guān)于WS-Security的文章講得非常好.對我的
幫助很大.謝謝~~~~~  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-11 10:21 csnowfox

不錯不錯，我也附上我的客戶端中使用spring的Sign模式配置
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans default-autowire="byName">
<bean id="xFireClientFactoryBean"
class="org.codehaus.xfire.spring.remoting.XFireClientFactoryBean">
<property name="serviceClass">
<value>org.cmb.webservice.service.Transaction</value>
</property>
<property name="wsdlDocumentUrl">
<value>http://localhost:9090/transaction.ser?wsdl</value>
</property>
<property name="outHandlers">
<list>
<ref bean="domOutHandler" />
<ref bean="wss4jOutHandlerSign" />
</list>
</property>
</bean>
<bean id="domOutHandler"
class="org.codehaus.xfire.util.dom.DOMOutHandler" />
<bean id="wss4jOutHandlerSign"
class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="user">ws_security</prop>
<prop key="passwordCallbackClass"> org.cmb.client.web.util.PasswordHandler
</prop>
<prop key="signaturePropFile"> org/cmb/client/web/util/insecurity.properties
</prop>
<prop key="signatureKeyIdentifie">IssuerSerial</prop>
</props>
</property>
</bean>
</beans>  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2007-05-24 17:14 kevin

有個問題想要問一下:
一個webservices的發(fā)布接口,既要簽名又要加密該怎么配置?
意思就是客戶端的請求需要用自己的私鑰簽名,用服務(wù)端的公鑰加密,服務(wù)端用客戶端的公鑰驗證簽名,用自己的私鑰解密  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-30 13:39 王金拄

和只作加密或只作簽名時的方法基本一樣。
例如：
在服務(wù)端配置：
<!-- (6)BookWebService 使用 WSS4J驗證 Encrypt & Signature模式-->
<bean id="bookServiceWSS4JSignEnc" class="org.codehaus.xfire.spring.remoting.XFireExporter">
<property name="serviceBean" ref="bookManager"/>
<property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JSignEnc"/>
<property name="inHandlers">
<list>
<ref bean="domInHandler"/>
<ref bean="wss4jInHandlerSignEnc"/>
<ref bean="validateUserTokenHandler"/>
</list>
</property>
</bean>

<bean id="wss4jInHandlerSignEnc" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
<property name="properties">
<props>
<prop key="action">Encrypt Signature</prop>
<prop key="signaturePropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_sign.properties</prop>
<prop key="decryptionPropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_enc.properties</prop>
<prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>
</props>
</property>
</bean>

</beans>

客戶端也作相應(yīng)的修改即可。
注意：1.客戶端在配置WSHandlerConstants.ACTION時，Encrypt Signature的順序不能寫反。
2.用于加密和簽名的密鑰對最好配置成獨立的兩對。  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-30 16:35 王金拄

@kevin
在xfire-distribution-1.2.6中的example文件夾中有個ws-security例子。也可以借鑒一下。  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-31 08:59 yanghuw

我寫Client代碼調(diào)用時為什么拋出異常，說NamespaceURI cannot be null.  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-01 18:27 王金拄

可能是你的服務(wù)端設(shè)置了命名空間而客戶端沒有設(shè)置命名空間。
要把服務(wù)端和客戶端都的命名空間設(shè)置成相同的。或者都用默認(rèn)的  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-03 14:39 sdfa

能和acegi集成實現(xiàn)安全認(rèn)證？  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-04 12:05 yanghuw

我沒有指定命名空間，如果返回的對象的所有屬性都是基本類型的話沒有問題，但是如果屬性包含別的對象就會拋出異常
  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-11 11:04 nesta

為什么我的老是報這個錯誤呢？我使用的是1.26版的。
2007-06-11 10:59:12,640 ERROR - Servlet.service() for servlet jsp threw excepti
on
java.lang.IllegalStateException: getOutputStream() has already been called for t
his response
at org.apache.catalina.connector.Response.getWriter(Response.java:599)
at org.apache.catalina.connector.ResponseFacade.getWriter(ResponseFacade
.java:195)
at org.apache.jasper.runtime.JspWriterImpl.initOut(JspWriterImpl.java:12
4)
at org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.jav
a:117)
at org.apache.jasper.runtime.PageContextImpl.release(PageContextImpl.jav
a:191)
at org.apache.jasper.runtime.JspFactoryImpl.internalReleasePageContext(J
spFactoryImpl.java:115)
at org.apache.jasper.runtime.JspFactoryImpl.releasePageContext(JspFactor
yImpl.java:75)
at org.apache.jsp.image_jsp._jspService(image_jsp.java:129)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
.java:332)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:3
14)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at com.syscanhc.tjy.util.SetCharacterEncodingFilter.doFilter(SetCharacte
rEncodingFilter.java:171)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.p
rocessConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo
int.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFol
lowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:684)
at java.lang.Thread.run(Thread.java:595)  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-12 20:26 ntucz

.net有可能調(diào)用ws-security啊？  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2007-08-29 11:05 Neil

insecurity_sign.properties
這個文件沒有呀  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-09-27 11:29 null

好像是xfire帶的例子的子集  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-10-11 16:20 yd

" Encrypt模式的Client是在客戶端用david的公鑰加密Soap里面的usernameToken，然后發(fā)送到Web服務(wù)，Web服務(wù)用david的私鑰來驗證。這種模式需要客戶端預(yù)先知道服務(wù)器端的公鑰。"
encrypt模式是對usernameToken加密還是對整個soap消息加密?如過是前者,那如何對整個soap消息加密來保證消息的安全性呢？  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-12-23 14:19 srvrv12

我在Sign的模式下一直出現(xiàn)
Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security processing failed
但在Enc的模式下卻是正常的，我檢查過所有的配置及寫法都是正確的，請問一下問題可能出在那裡?

另外，我用Enc的模式在 TCP/IP Monitor裡進(jìn)行觀查，發(fā)現(xiàn)Client所發(fā)出的訊息是有加密，但Server端所回覆的卻是明碼，請問我如何進(jìn)行加密? thanks~~  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2007-12-29 11:38 MagicYang

樓上的第二個問題應(yīng)該是沒有配置outHandlers
<bean id="bookServiceWSS4JEnc" class="org.codehaus.xfire.spring.remoting.XFireExporter">
<property name="serviceBean" ref="bookManager"/>
<property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JEnc"/>
<property name="inHandlers">
<list>
<ref bean="domInHandler"/>
<ref bean="wss4jInHandlerEnc"/>
<ref bean="validateUserTokenHandler"/>
</list>
</property>
<property name="outHandlers">
<list>
...
</list>
</property>
</bean>  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 13:05 bruce

寫的不錯!  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 16:55 william

16:47:32,875 DEBUG [org.codehaus.xfire.handler.HandlerPipeline] Invoking handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler in phase pre-invoke
16:47:32,906 INFO [org.codehaus.xfire.handler.DefaultFaultHandler] Fault occurred!
org.codehaus.xfire.fault.XFireFault: Header {Security}http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd was not undertsood by the service.
at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.assertUnderstandsHeader(ValidateHeadersHandler.java:76)
at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.invoke(ValidateHeadersHandler.java:53)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
at org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
at org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:304)
at org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:129)
at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:413)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 16:56 william

誰能告訴我這個異常是為什么啊?斑竹在嗎?  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 16:56 william

16:47:32,875 DEBUG [org.codehaus.xfire.handler.HandlerPipeline] Invoking handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler in phase pre-invoke
16:47:32,906 INFO [org.codehaus.xfire.handler.DefaultFaultHandler] Fault occurred!
org.codehaus.xfire.fault.XFireFault: Header {Security}http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd was not undertsood by the service.
at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.assertUnderstandsHeader(ValidateHeadersHandler.java:76)
at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.invoke(ValidateHeadersHandler.java:53)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
at org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
at org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:304)
at org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:129)
at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:413)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-18 16:31 william

斑竹能給我一個完整的例子嗎?例如怎么配置services.xml文件,怎么和SPRING 整合,怎么生成私鑰和公鑰和證書等等,還有怎么通過SOAP HEADER來認(rèn)證的,怎么通過SESSION認(rèn)證,怎么實現(xiàn)和ACEGI的整合,怎么解決上面的問題,希望斑竹給個聯(lián)系方式,我們可以交流交流,我的EMAIL是:362726130@QQ.COM,謝謝!  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-04-15 22:17 wmcoo

終于找到了,遲來的星星  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-07-27 01:10 sam

如果客戶端的是多個密鑰的話，服務(wù)端怎么處理，怎么選擇客戶端的公鑰來加密呢？  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-09-24 15:33 hello

SecureX 是什么啊,怎么用啊?  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-09-24 15:33 hello

生成.jks文件的sourceX是什么?怎么用的?什么原理呀?   回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-11-26 13:14 leke_斌

真是好文章 在這篇文章的基礎(chǔ)上我實現(xiàn)了用戶驗證+報文加密的WS-Security，在結(jié)合中出現(xiàn)org.apache.ws.security.components.crypto.Merlin cannot create instance這個異常 花費了我一天的時間才解決這問題 最后我是重新配置了一遍密鑰庫文件,把私鑰和密鑰對的別名的訪問密碼重新設(shè)定。

但現(xiàn)在我這邊還有個問題，因為我這邊是C#與java兩點交互的系統(tǒng) 不知在C＃端能不能怎么加密報文
大家多多指教 email: liubinan@yahoo.com.cn
  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2009-01-15 09:26 賑災(zāi)研究

@三石
Service serviceModel = new ObjectServiceFactory(
new AegisBindingProvider(new JaxbTypeRegistry()))
.create(UserServiceComPortType.class);

myeclipse自動生成的web service與xfire默認(rèn)的綁定方式不一樣造成的。
xfire默認(rèn)的綁定方式是：aegis。而生成的客戶端是用的JAXB@三石
  回復(fù)  更多評論   

# re: [原創(chuàng)]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2011-06-02 21:10 xuezhishou

不知樓主現(xiàn)在是否還能回答下問題！本人遇到了和srvrv12的第一個問題一樣的問題，即在Sign的模式下一直出現(xiàn) Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security processing failed ，不知是否已經(jīng)有人解決了，可否賜教下
  回復(fù)  更多評論