以下是我使用 SoapUI 发送的 SOAP 请求。但是,我收到了一个错误,提示“消息不符合配置策略”。
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:csw="http://www.cargospot.com/crystal/cswebservice">
<soapenv:Header>
<xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:RequireUsernameToken passwordDigestRequired="true" nonceRequired="true"/>
<xwss:UsernameToken name="somename" password="somepassword" useNonce="true" digestPassword="true"/>
</xwss:SecurityConfiguration>
</soapenv:Header>
<soapenv:Body>
<csw:cargoImpMessageRequest>
<csw:content>test</csw:content>
</csw:cargoImpMessageRequest>
</soapenv:Body>
</soapenv:Envelope>
我收到以下响应:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring xml:lang="en">com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]: No Security Header found; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]: No Security Header found</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
以下是Web服务安全配置,
<!-- Web Service Security Configuration -->
<bean id="xwssSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
<description>
This interceptor validates incoming messages according to the policy defined in 'securityPolicy.xml'.
The policy defines that all incoming requests must have a UsernameToken with a password digest in it.
The actual authentication is performed by the Acegi callback handler.
</description>
<property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml"/>
<property name="callbackHandler" ref="digestPasswordCallback" />
</bean>
<bean id="digestPasswordCallback" class="org.springframework.ws.soap.security.xwss.callback.acegi.AcegiDigestPasswordValidationCallbackHandler">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location" value="/WEB-INF/csws-users.properties" />
</bean>
</property>
</bean>
以下是安全策略。
<xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:RequireUsernameToken passwordDigestRequired="true" nonceRequired="true"/>
<xwss:UsernameToken name="somename" password="somepassword" useNonce="true" digestPassword="true"/>-->
</xwss:SecurityConfiguration>
我不确定我在SOAP请求中漏掉了什么,请帮助我找出SOAP请求的问题。
谢谢。