[春季安全] [CXF]混合身份驗證

Question

我有一個與我的項目之一的Spring Security身份驗證問題。

這裏是我的項目的技術architeture：

• TIBCO BPM其公開Web服務（我沒有能力 修改這一部分，因爲它是一個供應商
• BPM-包裝-WS ：CXF的Web服務，簡化並顯露出一些 的BPM Web服務調用使用Spring Security通過安全：CAS， 用戶名令牌和基本身份驗證

BPM-包裝-ws可以被稱爲或者通過：

• 一個CAS通過BPM認證的用戶通過web應用
• 的程序通過一個默認的UsernameToken
• 。在這種情況下，它有點複雜，因爲我需要驗證用戶，但BPM只能處理WSS（使用默認用戶名）。 因此，我使用WSS身份驗證來驗證呼叫，然後使用自定義代碼自己設置已驗證的用戶。

例子：

public void completeWorkitemForProcess(@WebParam(name = "processId") String processId, @WebParam(name = "workItemName") String workItemName, @WebParam(name= "username") String username) { 
    // Authenticated with a generic user 
    // Setting the login of the user passed in the parameters of the method 
    TibcoAuthenticationHolder.setLogin(username); 

    final WorkItemSearchCriteria searchCriteria = new WorkItemSearchCriteria(); 
    searchCriteria.setProcessId(processId); 
    searchCriteria.setWorkItemName(workItemName); 
    searchCriteria.setFirstResult(0); 
    searchCriteria.setMaxResults(1); 

    final SearchResult<WorkItem> result = findWorkItems(userGuid, username, searchCriteria); 
    if (result != null && result.getTotalRecords() == 1) { 
     WorkItem workItem = result.getResult().get(0); 
     if (workItem.getState() == WorkItemState.OFFERED) { 
      workItem = openWorkitem(userGuid, workItem.getId()); 
     } 

     // do the TIBCO BPM call (use ClientPasswordCallback and BpmAuthenticator) 
     completeWorkitem(workItem); 
    } else { 
     if (LOGGER.isDebugEnabled()) { 
      LOGGER.debug("completeWorkitemForProcess - aucun workItem trouvé [username=" + username 
       + ", processId=" + processId + ", workItemName=" + workItemName + "]"); 
     } 
    } 

    // Delete the authentication 
    TibcoAuthenticationHolder.clear(); 
    SecurityContextHolder.clearContext(); 
} 

我不得不添加以下行，以便能夠做到的BPM完整的呼叫：

<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> 
    <property name="targetClass" 
    value="org.springframework.security.core.context.SecurityContextHolder" /> 
    <property name="targetMethod" value="setStrategyName" /> 
    <property name="arguments"> 
     <list> 
      <value>MODE_INHERITABLETHREADLOCAL</value> 
     </list> 
    </property> 
</bean> 

顯然，問題是，CXF創建一個workqueue（因爲它是一個新的線程），其中沒有上面的行我沒有認證（SecurityContextHolder.getContext（）。getAuthentication（）返回null）。

第一個問題：我對嗎？

我的問題是，有時認證用戶會混淆不同種類的認證。 實施例：

• 用戶A調用web服務BPM-包裝
• 在同一時間的方法1，用戶B調用Web服務的方法2 BPM-包裝

我有處理BPM調用的事件收集器，我看到：userB完成method1和userA完成方法2

您知道我的問題在哪裏嗎？以及如何糾正這一點？

問候，

傑里米

的WS-Security上下文。XML：彈簧安全配置文件

<sec:http authentication-manager-ref="authenticationManager" 
     use-expressions="true"> 
     <sec:http-basic /> 
     <sec:intercept-url pattern="/**" 
      access="isAuthenticated() and hasRole('ACCES_APP')" /> 

     <sec:custom-filter ref="casAuthenticationFilter" 
      position="CAS_FILTER" /> 
     <sec:custom-filter ref="usernameTokenAuthenticationFilter" 
      after="BASIC_AUTH_FILTER" /> 
    </sec:http> 

    <sec:authentication-manager alias="authenticationManager" 
     erase-credentials="false"> 
     <sec:authentication-provider ref="casAuthenticationProvider" /> 
     <sec:authentication-provider 
      user-service-ref="inMemoryUserService"> 
      <sec:password-encoder base64="true" ref="passwordEncoder" /> 
     </sec:authentication-provider> 
    </sec:authentication-manager> 

    <bean 
     class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> 
     <property name="targetClass" 
      value="org.springframework.security.core.context.SecurityContextHolder" /> 
     <property name="targetMethod" value="setStrategyName" /> 
     <property name="arguments"> 
      <list> 
       <value>MODE_INHERITABLETHREADLOCAL</value> 
      </list> 
     </property> 
    </bean> 

    <bean id="usernameTokenAuthenticationFilter" 
     class="com.agipi.spring.commons.security.wss.filter.UsernameTokenAuthenticationFilter"> 
     <constructor-arg ref="authenticationManager" /> 
    </bean> 

    <bean id="casAuthenticationFilter" 
     class="com.agipi.spring.commons.security.cas.filter.WebServiceCasAuthenticationFilter"> 
     <property name="authenticationManager" ref="authenticationManager" /> 
     <property name="serviceProperties" ref="serviceProperties" /> 
     <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" /> 
     <property name="proxyReceptorUrl" value="/j_spring_cas_security_proxyreceptor" /> 
     <property name="authenticationDetailsSource"> 
      <bean 
       class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource" /> 
     </property> 
    </bean> 

    <bean id="casAuthenticationProvider" 
     class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> 
     <property name="authenticationUserDetailsService" ref="userDetailsService" /> 
     <property name="serviceProperties" ref="serviceProperties" /> 
     <property name="ticketValidator" ref="proxyTicketValidator" /> 
     <property name="key" value="an_id_for_this_auth_provider_only" /> 
     <property name="statelessTicketCache"> 
      <bean 
       class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache"> 
       <property name="cache"> 
        <bean class="net.sf.ehcache.Cache" init-method="initialise" 
         destroy-method="dispose"> 
         <constructor-arg value="casTickets" /> 
         <constructor-arg value="50" /> 
         <constructor-arg value="false" /> 
         <constructor-arg value="false" /> 
         <constructor-arg value="3600" /> 
         <constructor-arg value="900" /> 
        </bean> 
       </property> 
      </bean> 
     </property> 
    </bean> 

    <bean id="proxyTicketValidator" 
     class="com.agipi.spring.commons.security.cas.validator.ProxyTicketValidator"> 
     <constructor-arg index="0" value="${cas.url}" /> 
     <property name="proxyCallbackUrl" value="${proxy.callback.url}" /> 
     <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" /> 
     <property name="acceptAnyProxy" value="true" /> 
     <property name="customParameters"> 
      <util:map> 
       <entry key="profil" value="${cas.profil}" /> 
       <entry key="ptr" value="j_spring_cas_security_proxyreceptor" /> 
      </util:map> 
     </property> 
    </bean> 

    <bean id="proxyGrantingTicketStorage" 
     class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" /> 

    <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> 
     <property name="service" value="${service.url}" /> 
     <property name="sendRenew" value="false" /> 
     <property name="authenticateAllArtifacts" value="true" /> 
    </bean> 

    <bean id="userDetailsService" 
     class="com.agipi.spring.commons.security.service.impl.UserDetailsServiceImpl"> 
     <property name="userDetailsClass" 
      value="com.agipi.spring.commons.security.domain.DefaultUserDetails" /> 
    </bean> 

    <bean id="inMemoryUserService" 
     class="com.agipi.spring.commons.security.service.impl.InMemoryUserDetailsServiceImpl"> 
     <constructor-arg ref="usersProps" /> 
     <constructor-arg> 
      <list> 
       <value>service.pid</value> 
       <value>fabric.zookeeper.pid</value> 
      </list> 
     </constructor-arg> 
    </bean> 

    <bean id="passwordEncoder" 
     class="org.springframework.security.authentication.encoding.PlaintextPasswordEncoder" /> 

TibcoAuthenticationHolder：類保持所述 當前登錄用戶（僅在SOAP消息的情況下，使用具有 WSS報頭）的登錄：

public class TibcoAuthenticationHolder { 
    private static final ThreadLocal<String> CONTEXT_HOLDER = new InheritableThreadLocal<String>(); 

    public static boolean hasLogin() { 
     return StringUtils.isNotBlank(CONTEXT_HOLDER.get()); 
    } 

    public static String getLogin() { 
     return CONTEXT_HOLDER.get(); 
    } 

    public static void setLogin(String login) { 
     CONTEXT_HOLDER.set(login); 
    } 

    public static void clear() { 
     CONTEXT_HOLDER.remove(); 
    } 
} 

BpmAuthenticator ：重新獲得當前認證用戶的實用程序類別（登錄名/密碼）

public String[] getCurrentCredentials() { 
     String[] currentCredentials = null; 

     // Hack permettant d'authentifier un utilisateur ayant appelé le service depuis un process BPM 
     if (TibcoAuthenticationHolder.hasLogin()) { 
      currentCredentials = new String[2]; 
      currentCredentials[0] = StringUtils.lowerCase(TibcoAuthenticationHolder.getLogin()); 
      currentCredentials[1] = globalPassword; 
     } else { 
      final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); 
      if (authentication != null && springAuthentication) { 
       if (authentication instanceof CasAuthenticationToken) { 
        currentCredentials = new String[2]; 
        currentCredentials[0] = StringUtils.lowerCase(authentication.getName()); 
        currentCredentials[1] = globalPassword; 
       } else if (authentication instanceof UsernamePasswordAuthenticationToken) { 
        currentCredentials = new String[2]; 
        currentCredentials[0] = StringUtils.lowerCase(authentication.getName()); 
        currentCredentials[1] = globalPassword; 
       } 
      } 
     } 

     return currentCredentials; 
    } 

ws-standalon電子context.xml中：全局彈簧配置文件

<!-- Web services --> 
<bean id="workItemService" class="com.agipi.bpm.wrapper.service.impl.WorkItemServiceImpl" /> 
<bean id="processService" class="com.agipi.bpm.wrapper.service.impl.ProcessServiceImpl" /> 
<bean id="orgModelService" class="com.agipi.bpm.wrapper.service.impl.OrgModelServiceImpl" /> 
<bean id="userService" class="com.agipi.bpm.wrapper.service.impl.UserServiceImpl" /> 

<!-- Intercepteur pour supprimer les headers WSS --> 
<bean id="wssHeaderInterceptor" class="com.agipi.bpm.wrapper.util.WssHeaderInterceptor" /> 

<!-- JAX-WS Service Endpoint --> 
<jaxws:endpoint id="workItemWs" implementor="#workItemService" 
    address="${ws.workitem.url}"> 
    <jaxws:inInterceptors> 
     <ref bean="wssHeaderInterceptor" /> 
    </jaxws:inInterceptors> 
    <jaxws:dataBinding> 
     <bean class="com.agipi.commons.xml.CustomJAXBDataBinding"> 
      <property name="basePackage" value="com.agipi.bpm" /> 
     </bean> 
    </jaxws:dataBinding> 
</jaxws:endpoint> 

<jaxws:endpoint id="processWs" implementor="#processService" 
    address="${ws.process.url}"> 
    <jaxws:inInterceptors> 
     <ref bean="wssHeaderInterceptor" /> 
    </jaxws:inInterceptors> 
    <jaxws:dataBinding> 
     <bean class="com.agipi.commons.xml.CustomJAXBDataBinding"> 
      <property name="basePackage" value="com.agipi.bpm" /> 
     </bean> 
    </jaxws:dataBinding> 
</jaxws:endpoint> 

Answer 1

log_error.log：調試日誌的呼叫從CAS認證的用戶（不MODE_INHERITABLETHREADLOCAL）

18:24:28 | [DEBUG] | [http-bio-8082-exec-9] (ProxyGrantingTicketStorageImpl.java:save:94) Saving ProxyGrantingTicketIOU and ProxyGrantingTicket combo: [PGTIOU-4798-NWBAuWFslzNucvHilQxHaWKcteRmGgDwIto3USoFotyx9ZOjoZ, PGT-4797-P66p0r8rrg52Gas7tsaFCCtXdbrs5ABrf7Qq4AhweAzOcBOg1j] 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (ProxyGrantingTicketStorageImpl.java:retrieve:83) Returned ProxyGrantingTicket of [PGT-4797-P66p0r8rrg52Gas7tsaFCCtXdbrs5ABrf7Qq4AhweAzOcBOg1j] 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (UsernameTokenAuthenticationFilter.java:doFilter:101) Header soapaction : "completeWorkitem" 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (ServletController.java:invokeDestination:244) Service http request on thread: Thread[http-bio-8082-exec-10,5,main] 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (AbstractHTTPDestination.java:invoke:230) Create a new message for processing 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (Headers.java:copyFromRequest:358) Request Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], content-type=[text/xml; charset=UTF-8], host=[10.70.5.233:8082], pragma=[no-cache], SOAPAction=["completeWorkitem"], ticket=[PT-4796-nmG9YRBHG4zZt3wybQkn], transfer-encoding=[chunked], user-agent=[Apache CXF 2.7.14]} 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:add:206) Adding interceptor org.apache.cxf.transport.https.CertConstraintsInterceptor@5b467a6b to phase pre-stream 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:outputChainToLog:687) Chain org.apache.cxf.phase.PhaseInterceptorChain@3279db7a was created. Current flow: 
    receive [PolicyInInterceptor, AttachmentInInterceptor] 
    pre-stream [CertConstraintsInterceptor] 
    post-stream [StaxInInterceptor] 
    read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor, StartBodyInterceptor] 
    pre-protocol [WssHeaderInterceptor, MustUnderstandInterceptor] 
    post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack] 
    unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor] 
    pre-logical [OneWayProcessorInterceptor] 
    post-logical [WrapperClassInInterceptor] 
    pre-invoke [SwAInInterceptor, HolderInInterceptor] 
    invoke [ServiceInvokerInterceptor] 
    post-invoke [OutgoingChainInterceptor] 

18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@c93f9d 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.interceptor.AttachmentInInterceptor@275c67aa 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.transport.https.CertConstraintsInterceptor@5b467a6b 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.interceptor.StaxInInterceptor@2399de16 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:add:206) Adding interceptor org.apache.cxf.interceptor.StaxInEndingInterceptor@4d30cb64 to phase post-invoke 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:outputChainToLog:685) Chain org.apache.cxf.phase.PhaseInterceptorChain@3279db7a was modified. Current flow: 
    receive [PolicyInInterceptor, AttachmentInInterceptor] 
    pre-stream [CertConstraintsInterceptor] 
    post-stream [StaxInInterceptor] 
    read [WSDLGetInterceptor, ReadHeadersInterceptor, SoapActionInInterceptor, StartBodyInterceptor] 
    pre-protocol [WssHeaderInterceptor, MustUnderstandInterceptor] 
    post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack] 
    unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor] 
    pre-logical [OneWayProcessorInterceptor] 
    post-logical [WrapperClassInInterceptor] 
    pre-invoke [SwAInInterceptor, HolderInInterceptor] 
    invoke [ServiceInvokerInterceptor] 
    post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor] 

18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.frontend.WSDLGetInterceptor@e3419f 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor@1f898b34 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor@4ac3889c 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor@7f121318 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor com.agipi.bpm.wrapper.util.WssHeaderInterceptor@47e92e2d 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor@3f1e58b6 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor@7ba3cdd4 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack@8e685a5 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.interceptor.DocLiteralInInterceptor@6b3de01c 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor@2b448545 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.interceptor.OneWayProcessorInterceptor@7ce87a47 
18:24:28 | [DEBUG] | [http-bio-8082-exec-10] (ServletController.java:invokeDestination:253) Finished servicing http request on thread: Thread[http-bio-8082-exec-10,5,main] 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.WrapperClassInInterceptor@2b40b62 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.SwAInInterceptor@7a59f2ef 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.HolderInInterceptor@7a575050 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.interceptor.ServiceInvokerInterceptor@3f201aec 
18:24:28 | [DEBUG] | [default-workqueue-2] (ClientImpl.java:doInvoke:502) Invoke, operation info: [BindingOperationInfo: {http://services.brm.n2.tibco.com}completeWorkItem], params: [com.tibco.n2.brm.api.CompleteWorkItem@512f7220[workItemID=com.tibco.n2.brm.api.ManagedObjectID@1edbc84[version=7,id=1130],workItemPayload=com.tibco.n2.brm.api.WorkItemBody@1ef37f19[dataModel=com.tibco.n2.common.datamodel.DataModel@41d522f[inputs=[com.tibco.n2.common.datamodel.FieldType@35416116[simpleSpec=com.tibco.n2.common.datamodel.FieldType$SimpleSpec@20fe8dc5[value=[processName: 'processSouscriptionAN', pvmId: 'pvm:0a1213d', idActe: '43411'],length=<null>,decimal=<null>],complexSpec=<null>,name=refLog,type=String,optional=false,array=<null>]],outputs=[],inouts=[com.tibco.n2.common.datamodel.FieldType@50053e75[simpleSpec=<null>,complexSpec=com.tibco.n2.common.datamodel.FieldType$ComplexSpec@280d916f[value=[[value: null]],className=<null>],name=processData,type=Complex,optional=false,array=<null>]]]],getNextPiledItem=false]] 
18:24:28 | [DEBUG] | [default-workqueue-2] (ClientImpl.java:setContext:711) set requestContext to message be{java.lang.reflect.Method=public abstract com.tibco.n2.brm.api.CompleteWorkItemResponse com.tibco.n2.brm.services.WorkItemManagementService.completeWorkItem(com.tibco.n2.brm.api.CompleteWorkItem) throws com.tibco.n2.brm.services.SecurityFault,com.tibco.n2.brm.services.WorkItemRescheduledFault,com.tibco.n2.brm.services.WorkItemAPIScriptCancelFault,com.tibco.n2.brm.services.InvalidVersionFault,com.tibco.n2.brm.services.InternalServiceFault,com.tibco.n2.brm.services.InvalidWorkItemFault,com.tibco.n2.brm.services.WorkItemFault, org.apache.cxf.jaxws.context.WrappedMessageContext.SCOPES={org.apache.cxf.message.Message.ENDPOINT_ADDRESS=APPLICATION}, org.apache.cxf.message.Message.ENDPOINT_ADDRESS=http://virbpm03dev.devlinuxagipi.local:8090/amxbpm/WorkItemManagementService} 
18:24:28 | [DEBUG] | [default-workqueue-2] (ClientImpl.java:setupInterceptorChain:989) Interceptors contributed by bus: [org.apache.cxf.ws.policy.PolicyOutInterceptor@4a8b0c11] 
18:24:28 | [DEBUG] | [default-workqueue-2] (ClientImpl.java:setupInterceptorChain:993) Interceptors contributed by client: [org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor@6ec55652] 
18:24:28 | [DEBUG] | [default-workqueue-2] (ClientImpl.java:setupInterceptorChain:997) Interceptors contributed by endpoint: [org.apache.cxf.interceptor.MessageSenderInterceptor@3eaaee02, org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@47efe572, org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@56c0c443, org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@9953734] 
18:24:28 | [DEBUG] | [default-workqueue-2] (ClientImpl.java:setupInterceptorChain:1001) Interceptors contributed by binding: [org.apache.cxf.interceptor.AttachmentOutInterceptor@235b3bd6, org.apache.cxf.interceptor.StaxOutInterceptor@3ab570bc, org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@d32608f, org.apache.cxf.interceptor.WrappedOutInterceptor@5dfc64c0, org.apache.cxf.interceptor.BareOutInterceptor@653aa974, org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@6e4b3297, org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@ae69013] 
18:24:28 | [DEBUG] | [default-workqueue-2] (ClientImpl.java:setupInterceptorChain:1007) Interceptors contributed by databinding: [] 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:outputChainToLog:687) Chain org.apache.cxf.phase.PhaseInterceptorChain@4fc7cacd was created. Current flow: 
    setup [PolicyOutInterceptor] 
    pre-logical [HolderOutInterceptor, SwAOutInterceptor, WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor] 
    post-logical [SoapPreProtocolOutInterceptor] 
    prepare-send [MessageSenderInterceptor] 
    pre-stream [AttachmentOutInterceptor, StaxOutInterceptor] 
    pre-protocol [WSS4JOutInterceptor] 
    write [SoapOutInterceptor] 
    marshal [WrappedOutInterceptor, BareOutInterceptor] 

18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyOutInterceptor@4a8b0c11 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@9953734 
18:24:28 | [DEBUG] | [default-workqueue-2] (HolderOutInterceptor.java:handleMessage:57) op: [OperationInfo: {http://services.brm.n2.tibco.com}completeWorkItem] 
18:24:28 | [DEBUG] | [default-workqueue-2] (HolderOutInterceptor.java:handleMessage:59) op.hasOutput(): true 
18:24:28 | [DEBUG] | [default-workqueue-2] (HolderOutInterceptor.java:handleMessage:61) op.getOutput().size(): 1 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@47efe572 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@56c0c443 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@d32608f 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@6e4b3297 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@3eaaee02 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:add:206) Adding interceptor org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@49036b77 to phase prepare-send-ending 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:outputChainToLog:685) Chain org.apache.cxf.phase.PhaseInterceptorChain@4fc7cacd was modified. Current flow: 
    setup [PolicyOutInterceptor] 
    pre-logical [HolderOutInterceptor, SwAOutInterceptor, WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor] 
    post-logical [SoapPreProtocolOutInterceptor] 
    prepare-send [MessageSenderInterceptor] 
    pre-stream [AttachmentOutInterceptor, StaxOutInterceptor] 
    pre-protocol [WSS4JOutInterceptor] 
    write [SoapOutInterceptor] 
    marshal [WrappedOutInterceptor, BareOutInterceptor] 
    prepare-send-ending [MessageSenderEndingInterceptor] 

18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor@235b3bd6 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.interceptor.StaxOutInterceptor@3ab570bc 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:add:206) Adding interceptor org.apache.cxf.interceptor.StaxOutEndingInterceptor@2be6e01e to phase pre-stream-ending 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:outputChainToLog:685) Chain org.apache.cxf.phase.PhaseInterceptorChain@4fc7cacd was modified. Current flow: 
    setup [PolicyOutInterceptor] 
    pre-logical [HolderOutInterceptor, SwAOutInterceptor, WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor] 
    post-logical [SoapPreProtocolOutInterceptor] 
    prepare-send [MessageSenderInterceptor] 
    pre-stream [AttachmentOutInterceptor, StaxOutInterceptor] 
    pre-protocol [WSS4JOutInterceptor] 
    write [SoapOutInterceptor] 
    marshal [WrappedOutInterceptor, BareOutInterceptor] 
    pre-stream-ending [StaxOutEndingInterceptor] 
    prepare-send-ending [MessageSenderEndingInterceptor] 

18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor@6ec55652 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:add:206) Adding interceptor org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor@3a9c384d to phase pre-protocol-ending 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:outputChainToLog:685) Chain org.apache.cxf.phase.PhaseInterceptorChain@4fc7cacd was modified. Current flow: 
    setup [PolicyOutInterceptor] 
    pre-logical [HolderOutInterceptor, SwAOutInterceptor, WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor] 
    post-logical [SoapPreProtocolOutInterceptor] 
    prepare-send [MessageSenderInterceptor] 
    pre-stream [AttachmentOutInterceptor, StaxOutInterceptor] 
    pre-protocol [WSS4JOutInterceptor] 
    write [SoapOutInterceptor] 
    marshal [WrappedOutInterceptor, BareOutInterceptor] 
    pre-protocol-ending [SAAJOutEndingInterceptor] 
    pre-stream-ending [StaxOutEndingInterceptor] 
    prepare-send-ending [MessageSenderEndingInterceptor] 

18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:add:206) Adding interceptor org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal@6634654a to phase post-protocol 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:outputChainToLog:685) Chain org.apache.cxf.phase.PhaseInterceptorChain@4fc7cacd was modified. Current flow: 
    setup [PolicyOutInterceptor] 
    pre-logical [HolderOutInterceptor, SwAOutInterceptor, WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor] 
    post-logical [SoapPreProtocolOutInterceptor] 
    prepare-send [MessageSenderInterceptor] 
    pre-stream [AttachmentOutInterceptor, StaxOutInterceptor] 
    pre-protocol [WSS4JOutInterceptor] 
    write [SoapOutInterceptor] 
    marshal [WrappedOutInterceptor, BareOutInterceptor] 
    post-protocol [WSS4JOutInterceptorInternal] 
    pre-protocol-ending [SAAJOutEndingInterceptor] 
    pre-stream-ending [StaxOutEndingInterceptor] 
    prepare-send-ending [MessageSenderEndingInterceptor] 

18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@ae69013 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:add:206) Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor@6dd141a0 to phase write-ending 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:outputChainToLog:685) Chain org.apache.cxf.phase.PhaseInterceptorChain@4fc7cacd was modified. Current flow: 
    setup [PolicyOutInterceptor] 
    pre-logical [HolderOutInterceptor, SwAOutInterceptor, WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor] 
    post-logical [SoapPreProtocolOutInterceptor] 
    prepare-send [MessageSenderInterceptor] 
    pre-stream [AttachmentOutInterceptor, StaxOutInterceptor] 
    pre-protocol [WSS4JOutInterceptor] 
    write [SoapOutInterceptor] 
    marshal [WrappedOutInterceptor, BareOutInterceptor] 
    post-protocol [WSS4JOutInterceptorInternal] 
    write-ending [SoapOutEndingInterceptor] 
    pre-protocol-ending [SAAJOutEndingInterceptor] 
    pre-stream-ending [StaxOutEndingInterceptor] 
    prepare-send-ending [MessageSenderEndingInterceptor] 

18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.interceptor.WrappedOutInterceptor@5dfc64c0 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.interceptor.BareOutInterceptor@653aa974 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:doIntercept:269) Invoking handleMessage on interceptor org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal@6634654a 
18:24:28 | [DEBUG] | [default-workqueue-2] (WSS4JOutInterceptor.java:handleMessage:161) WSS4JOutInterceptor: enter handleMessage() 
18:24:28 | [DEBUG] | [default-workqueue-2] (WSS4JOutInterceptor.java:handleMessage:235) Action: 1 
18:24:28 | [DEBUG] | [default-workqueue-2] (WSS4JOutInterceptor.java:handleMessage:236) Actor: null 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal@6634654a 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.interceptor.BareOutInterceptor@653aa974 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.interceptor.WrappedOutInterceptor@5dfc64c0 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@ae69013 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor@6ec55652 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.interceptor.StaxOutInterceptor@3ab570bc 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor@235b3bd6 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@3eaaee02 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@6e4b3297 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@d32608f 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@56c0c443 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@47efe572 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@9953734 
18:24:28 | [DEBUG] | [default-workqueue-2] (PhaseInterceptorChain.java:unwind:442) Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyOutInterceptor@4a8b0c11 
18:24:28 | [ WARN] | [default-workqueue-2] (LogUtils.java:doLog:452) Interceptor for {http://services.brm.n2.tibco.com}WorkItemManagementServiceService#{http://services.brm.n2.tibco.com}completeWorkItem has thrown exception, unwinding now 
org.apache.cxf.binding.soap.SoapFault: Security processing failed. 

文件