【发布时间】:2016-01-04 20:35:48
【问题描述】:
我正在编写一个客户端以使用 WSDL 优先方法连接到 SOAP Web 服务。为了实现,我使用的是 Apache CXF 3.1.4 版
测试时出现以下异常:
12:35:15.492 [main] WARN o.a.c.w.p.a.w.Wsdl11AttachmentPolicyProvider - Failed to build the policy 'UsernameToken':sp:UsernameToken must have an inner wsp:Policy element
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: sp:UsernameToken must have an inner wsp:Policy element
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:160)
at com.sun.proxy.$Proxy36.getPing(Unknown Source)
...
Caused by: java.lang.IllegalArgumentException: sp:UsernameToken must have an inner wsp:Policy element
at org.apache.wss4j.policy.builders.UsernameTokenBuilder.build(UsernameTokenBuilder.java:52)
at org.apache.wss4j.policy.builders.UsernameTokenBuilder.build(UsernameTokenBuilder.java:34)
at org.apache.neethi.AssertionBuilderFactoryImpl.invokeBuilder(AssertionBuilderFactoryImpl.java:138)
WSDL 文件的相关部分如下所示:
<wsp:Policy wsu:Id="UsernameToken">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
错误消息表明 CXF 在 UsernameToken 下需要一个策略标记。事实上,在研究过程中,我遇到了comment from CXF bug tracker:
Yes... Per spec, the <sp:UsernameToken> element MUST contain an internal wsp:Policy element. It should look like:
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken11 />
</wsp:Policy>
</sp:UsernameToken>
/sp:UsernameToken/wsp:Policy
This optional element identifies additional requirements for use of the
sp:UsernameToken assertion.
注意:可选。
那么它是哪一个?似乎 CXf 需要一个策略,而规范说它是可选的。我还需要查看其他规范吗?
【问题讨论】:
标签: java web-services soap wsdl cxf