在服务器内部错误的情况下,我对 axis2+rampart WS-Security 响应有问题。
当服务器返回“200 OK”时,一切似乎都正常。 Rampart 检查响应是否具有正确的时间戳、签名并解密函数响应 XML。但是当服务器返回“500 Internal Server Error”时,axis2/rapart 会抛出异常:
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header
我认为答案有问题并用soapUI进行了测试。无论是安全形式还是解密形式,都会有类似的响应。这些响应仅在 HTTP 状态、指示错误的 XML 响应代码以及 SOAP 标记的大小写方面有所不同。如果反应良好的话
<SOAP-ENV:Envelope ...
如果出现错误:
<soap:Envelope ...
其余结构,包括mustUnderstand="1"
是一样的。
In axis2.xml
我配置了InFlow
and InFaultFlow
与订单相同:
<phase name="Addressing">...</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>
我启用了对我的客户的跟踪,如果得到良好的响应,我会看到:
DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Invoking Handler 'SecurityInHandler' in Phase 'Security'
...there is decrypted message
DEBUG Thread-11 org.apache.rampart.handler.WSDoAllReceiver - WSDoAllReceiver: exit invoke()
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
错误的情况下没有这样的痕迹:
DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter process(MessageContext msgCtx)
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
...
DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext: logID=urn:uuid:UUID] Checking post-conditions for phase "soapmonitorPhase"
DEBUG Thread-11 org.apache.axis2.engine.AxisEngine - MustUnderstand header not processed or registered as understood{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
DEBUG Thread-11 org.apache.axis2.i18n.ProjectResourceBundle - org.apache.axis2.i18n.resource::handleGetObject(mustunderstandfailed)
ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
没有SecurityInHandler
调用。
我希望看到解密的消息,就像肥皂UI 中的“200 OK”状态或类似情况一样。
有什么想法我的配置有什么问题吗?
EDIT
我已经检查过,只有在“500 内部服务器错误”的情况下才会出现此类错误。如果服务器回复“200 OK”和相同的加密内容,则 axis2 能够解密它!