问题描述
我有用 Spring 编写并在 Java 15 上运行的 SOAP 服务。 当我们收到请求时,我们会回复:
<?xml version="1.0"?>
<env:Envelope xmlns:product="http://www.product.net/ws/communication/product/2020/12/"
xmlns:env="http://www.w3.org/2003/05/soap-envelope"
xmlns:sndich="http://www.product.net/ws/communication/sendinterchange/2020/12/">
<env:Header>
<sndich:sessionResponse>
<product:sessionID>210505a02EhN</product:sessionID>
<product:sessionResponseTime>2021-05-05T11:19:11.681+02:00</product:sessionResponseTime>
<product:sessionTotals>
<product:totals product:type="ACCEPTED">
<product:totalNo>1</product:totalNo>
<product:totalSize>868</product:totalSize>
</product:totals>
<product:totals product:type="REJECTED">
<product:totalNo>0</product:totalNo>
<product:totalSize>0</product:totalSize>
</product:totals>
</product:sessionTotals>
</sndich:sessionResponse>
</env:Header>
<env:Body>
<sndich:sendInterchangeResponse>
<sndich:interchangesResponse>
<sndich:interchangeResponse>
<product:productInterchangeID>210505a02EhO</product:productInterchangeID>
<product:dataFormat>EDI</product:dataFormat>
<product:senderID>RETAILER</product:senderID>
<product:recipientID>supplier</product:recipientID>
<product:interchangeControlReference>12345553</product:interchangeControlReference>
<product:testMessage>true</product:testMessage>
<product:messageType>ORDERS</product:messageType>
<product:messageSize>868</product:messageSize>
<product:sendingTime>2021-05-05T11:19:11.272+02:00</product:sendingTime>
<product:gatewayTransmission>true</product:gatewayTransmission>
</sndich:interchangeResponse>
</sndich:interchangesResponse>
</sndich:sendInterchangeResponse>
</env:Body>
</env:Envelope>
响应在发送给客户端之前根据我们的模式进行验证。 这工作正常。 现在我接到了为其添加签名的任务,并决定使用 Wss4jSecurityInterceptor。
拦截器实例化如下:
@Bean(name = "securityInterceptorSend")
public Wss4jSecurityInterceptor securityInterceptorSend() throws Exception
{
var securityInterceptor = securityInterceptorBase();
securityInterceptor.setSecurementSignatureParts(SECUREMENT_ELEMENTS_SEND);
return securityInterceptor;
}
private Wss4jSecurityInterceptor securityInterceptorBase() throws Exception
{
Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();
Cryptofactorybean crypto = new Cryptofactorybean();
crypto.setKeyStoreLocation(new ClassPathResource(keyStoreLocation));
crypto.setKeyStorePassword(keyStorePassword);
crypto.setKeyStoreType("JKS");
crypto.afterPropertiesSet();
securityInterceptor.setSecurementActions(WSHandlerConstants.SIGNATURE);
securityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference");
securityInterceptor.setSecurementSignatureCrypto(crypto.getobject());
securityInterceptor.setSecurementUsername(keyStorePK);
securityInterceptor.setSecurementPassword(keyStorePkPassword);
securityInterceptor.setSecurementSignatureAlgorithm(WSS4JConstants.RSA_SHA256);
securityInterceptor.setSecurementSignatureDigestAlgorithm(WSS4JConstants.SHA256);
return securityInterceptor;
}
SECUREMENT_ELEMENTS_SEND 定义了我们希望 Body 和 sndich:sessionResponse 签名。
签名后,我们的回复如下所示:
<?xml version="1.0"?>
<env:Envelope xmlns:product="http://www.product.net/ws/communication/product/2020/12/"
xmlns:env="http://www.w3.org/2003/05/soap-envelope"
xmlns:sndich="http://www.product.net/ws/communication/sendinterchange/2020/12/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="true">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-9ef69771-4b8f-4062-8725-62db93a9729e">MIID6z---shortened---42HmAB5EoE/p2unM=</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-73eb278c-799c-4f22-af21-8f1bc4d8203c">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="product env sndich wsu"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#id-1e0171da-3fcb-4a04-8385-dddd1df2d933">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="product sndich"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>Ciqrq8MQxhJbHcseKKRsjb2KCLdMpB9b7FI/UzvWeIg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-7f62968d-54e3-4525-9924-e0055a93668b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="product env"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>1yMj+dzkex5FE3N9/Pd9c8QeaeUmzkTRTSDM83ZhrFQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>WezK--shortened--rwQ==</ds:SignatureValue>
<ds:KeyInfo Id="KI-0d696b3d-ea31-4202-be5e-00a9198e8bdc">
<wsse:SecurityTokenReference wsu:Id="STR-0ff8ab07-4da4-4b47-b820-f2e8e5edc03d">
<wsse:Reference URI="#X509-9ef69771-4b8f-4062-8725-62db93a9729e" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<sndich:sessionResponse wsu:Id="id-7f62968d-54e3-4525-9924-e0055a93668b">
<product:sessionID>210505a02EhP</product:sessionID>
<product:sessionResponseTime>2021-05-05T11:19:14.420+02:00</product:sessionResponseTime>
<product:sessionTotals>
<product:totals product:type="ACCEPTED">
<product:totalNo>1</product:totalNo>
<product:totalSize>868</product:totalSize>
</product:totals>
<product:totals product:type="REJECTED">
<product:totalNo>0</product:totalNo>
<product:totalSize>0</product:totalSize>
</product:totals>
</product:sessionTotals>
</sndich:sessionResponse>
</env:Header>
<env:Body wsu:Id="id-1e0171da-3fcb-4a04-8385-dddd1df2d933">
<sndich:sendInterchangeResponse>
<sndich:interchangesResponse>
<sndich:interchangeResponse>
<product:productInterchangeID>210505a02EhQ</product:productInterchangeID>
<product:dataFormat>EDI</product:dataFormat>
<product:senderID>RETAILER</product:senderID>
<product:recipientID>supplier</product:recipientID>
<product:interchangeControlReference>12345553</product:interchangeControlReference>
<product:testMessage>true</product:testMessage>
<product:messageType>ORDERS</product:messageType>
<product:messageSize>868</product:messageSize>
<product:sendingTime>2021-05-05T11:19:14.309+02:00</product:sendingTime>
<product:gatewayTransmission>true</product:gatewayTransmission>
</sndich:interchangeResponse>
</sndich:interchangesResponse>
</sndich:sendInterchangeResponse>
</env:Body>
</env:Envelope>
这对我来说似乎还不错。但是当我尝试验证它时,它失败并显示错误:
SOAP web service response 'sendInterchangeResponse' schema validation error: cvc-complex-type.2.4.c: The matching wildcard is strict,but no declaration can be found for element 'ec:InclusiveNamespaces'
作为我们服务一部分的所有模式都存储在我们的服务器本地,即使是第三方模式,如“http://www.w3.org/2003/05/soap-envelope”,并通过导入和公开wsdl 以防止架构的下载位置不可用的情况。过去我们有多个这样的问题。这些将导入到我们的架构中,并提供给验证器。
解决方案尝试 1
我添加了 org.apache.santuario:xmlsec:2.2.1 依赖项,它确实具有此架构,因为这是我发现建议解决此问题的解决方案之一。
解决方案尝试 2
我已经从第 1 点中提到的包中提取了架构,并使用
将其导入到我们的架构 sndich(以及所有其他架构)中<xs:import namespace="http://www.w3.org/2001/10/xml-exc-c14n#" schemaLocation="./exc-c14n.xsd"/>
这导致验证器崩溃:
java.lang.Arrayindexoutofboundsexception: Index -1 out of bounds for length 16
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.mergeContext(XMLSchemaValidator.java:493) ~[?:?]
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.endElementPSVI(XMLSchemaValidator.java:2560) ~[?:?]
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleEndElement(XMLSchemaValidator.java:2476) ~[?:?]
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.endElement(XMLSchemaValidator.java:943) ~[?:?]
at com.sun.org.apache.xerces.internal.jaxp.validation.DOMValidatorHelper.finishNode(DOMValidatorHelper.java:341) ~[?:?]
at com.sun.org.apache.xerces.internal.jaxp.validation.DOMValidatorHelper.validate(DOMValidatorHelper.java:246) ~[?:?]
at com.sun.org.apache.xerces.internal.jaxp.validation.DOMValidatorHelper.validate(DOMValidatorHelper.java:189) ~[?:?]
at com.sun.org.apache.xerces.internal.jaxp.validation.ValidatorImpl.validate(ValidatorImpl.java:108) ~[?:?]
at javax.xml.validation.Validator.validate(Validator.java:124) ~[?:?]
at at.company.product.soap.ws.soap.message.soapMessageService.validateSchema(SoapMessageService.java:268) ~[classes/:?]
at at.company.product.soap.ws.soap.endpoint.soapWsEndpointBase.validateSchemaResponse(SoapWsEndpointBase.java:106) ~[classes/:?]
at at.company.product.soap.ws.soap.endpoint.soapWsEndpointBase.signAndValidateResponse(SoapWsEndpointBase.java:91) ~[classes/:?]
at at.company.product.soap.ws.soap.endpoint.soapWsSendInterchangeEndpoint.handleSendInterchangeTransmissionIdStandard(SoapWsSendInterchangeEndpoint.java:185) ~[classes/:?]
at at.company.product.soap.ws.soap.endpoint.soapWsSendInterchangeEndpoint.handleSendInterchange(SoapWsSendInterchangeEndpoint.java:105) ~[classes/:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:564) ~[?:?]
at org.springframework.ws.server.endpoint.MethodEndpoint.invoke(MethodEndpoint.java:134) ~[spring-ws-core-3.0.10.RELEASE.jar:?]
at org.springframework.ws.server.endpoint.adapter.DefaultMethodEndpointAdapter.invokeInternal(DefaultMethodEndpointAdapter.java:291) ~[spring-ws-core-3.0.10.RELEASE.jar:?]
at org.springframework.ws.server.endpoint.adapter.AbstractMethodEndpointAdapter.invoke(AbstractMethodEndpointAdapter.java:55) ~[spring-ws-core-3.0.10.RELEASE.jar:?]
at org.springframework.ws.server.Messagedispatcher.dispatch(Messagedispatcher.java:236) [spring-ws-core-3.0.10.RELEASE.jar:?]
at org.springframework.ws.server.Messagedispatcher.receive(Messagedispatcher.java:176) [spring-ws-core-3.0.10.RELEASE.jar:?]
at at.company.product.soap.ws.soap.soapWsWebServiceMessageReceiverHandlerAdapter.handleConnectionInSession(SoapWsWebServiceMessageReceiverHandlerAdapter.java:217) [classes/:?]
at at.company.product.soap.ws.soap.soapWsWebServiceMessageReceiverHandlerAdapter.handle(SoapWsWebServiceMessageReceiverHandlerAdapter.java:87) [classes/:?]
at org.springframework.ws.transport.http.MessagedispatcherServlet.doService(MessagedispatcherServlet.java:293) [spring-ws-core-3.0.10.RELEASE.jar:?]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) [spring-webmvc-5.2.12.RELEASE.jar:5.2.12.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) [spring-webmvc-5.2.12.RELEASE.jar:5.2.12.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:652) [servlet-api.jar:4.0.FR]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) [spring-webmvc-5.2.12.RELEASE.jar:5.2.12.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) [servlet-api.jar:4.0.FR]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [catalina.jar:9.0.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.41]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) [tomcat-websocket.jar:9.0.41]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:9.0.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.41]
at at.company.product.soap.ws.util.soapWsRequestSizefilter.doFilter(SoapWsRequestSizefilter.java:87) [classes/:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:9.0.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.41]
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) [log4j-web-2.14.0.jar:2.14.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:9.0.41]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.41]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) [catalina.jar:9.0.41]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [catalina.jar:9.0.41]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) [catalina.jar:9.0.41]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) [catalina.jar:9.0.41]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [catalina.jar:9.0.41]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690) [catalina.jar:9.0.41]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [catalina.jar:9.0.41]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [catalina.jar:9.0.41]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374) [tomcat-coyote.jar:9.0.41]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-coyote.jar:9.0.41]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888) [tomcat-coyote.jar:9.0.41]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597) [tomcat-coyote.jar:9.0.41]
at org.apache.tomcat.util.net.socketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:9.0.41]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:9.0.41]
at java.lang.Thread.run(Thread.java:832) [?:?]
解决方案尝试 3
我已经向我们的验证器提供了“ec”模式。当它缺少要验证的架构 xsd 时,我遇到了相同的验证器崩溃。 但是,在这种情况下,提供架构并不能解决问题,并且会发生与尝试 nr.2 中相同的验证器崩溃。 nr.2和nr.3的组合也有同样的结果。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)