1. 首頁
  2. 問答
  3. 對GlassFish領域的WS-Security UsernameToken進行身份驗證會給出「身份驗證被拒絕」

對GlassFish領域的WS-Security UsernameToken進行身份驗證會給出「身份驗證被拒絕」

2011-08-19 70 views
3

我有一個SOAP webservice,在GlassFish 3.1.1運行的EAR的EJB子項目中使用綁定的Metro運行時使用@WebService聲明。它已經在課堂上用通常的@DeclareRoles和@RolesAllowed進行了註釋。對GlassFish領域的WS-Security UsernameToken進行身份驗證會給出「身份驗證被拒絕」

我有一個WSIT描述符用於使用簡單的明文密碼UsernameToken進行身份驗證。

在EAR的glassfish-application.xml中,我將領域指定爲GlassFish附帶的標準文件領域。對於這個領域,我添加了一個用戶進行測試,屬於一個特定的組。該組映射到我在glassfish-ejb-jar.xml中指定的角色。

我還啓用了GlassFish中的安全管理器以及審計。這樣做後我重新啓動了服務器。

我已經生成了一個客戶端,並在回調處理程序中設置用戶名和密碼。我登錄以確保證書確實設置。我也曾嘗試設置這樣的憑據:

Map<String, Object> requestContext = ((BindingProvider)port).getRequestContext(); 
requestContext.put(BindingProvider.USERNAME_PROPERTY, "myUsername"); 
requestContext.put(BindingProvider.PASSWORD_PROPERTY, "myPassword");

當我調用服務,我得到這個服務器上:

INFO: SEC5046: Audit: Authentication refused for [myUsername]. 
INFO: SEC1201: Login failed for user: myUsername 
SEVERE: WSS1408: UsernameToken Authentication Failed 
SEVERE: WSITPVD0035: Error in Verifying Security in Inbound Message. 
com.sun.xml.wss.impl.WssSoapFaultException: Authentication of Username Password Token Failed 
    at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.newSOAPFaultException(SOAPUtil.java:158) 
    at com.sun.xml.ws.security.opt.impl.incoming.UsernameTokenHeader.validate(UsernameTokenHeader.java:164) 
    at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:341) 
    at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:275) 
    at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:225) 
    at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:586) 
    at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:360) 
    at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:263) 
    at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:173) 
    at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:144) 
    at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119) 
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641) 
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600) 
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585) 
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482) 
    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:314) 
    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:608) 
    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:259) 
    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:162) 
    at org.glassfish.webservices.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:120) 
    at org.glassfish.webservices.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:91) 
    at org.glassfish.webservices.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:200) 
    at org.glassfish.webservices.EjbWebServiceServlet.service(EjbWebServiceServlet.java:131) 
    (Rest is snipped away)

,我得到這個客戶端上:

Authentication of Username Password Token Failed 
javax.xml.ws.soap.SOAPFaultException: Authentication of Username Password Token Failed 
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:189) 
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:189) 
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122) 
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119) 
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89) 
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)

然後我創建了一個簡單的servlet/JSP項目,並在該領域添加了安全限制。在這種情況下使用相同用戶的身份驗證。

的WS-Security策略是這樣的:

<ns1:Policy xmlns:ns1="http://schemas.xmlsoap.org/ws/2004/09/policy" wsu:Id="MyServicePortBindingPolicy"> 
    <ns1:ExactlyOne> 
     <ns1:All> 
    <ns2:SupportingTokens xmlns:ns2="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
     <ns1:Policy> 
     <ns1:ExactlyOne> 
      <ns1:All> 
     <ns2:UsernameToken ns2:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> 
      <ns1:Policy> 
      <ns1:ExactlyOne> 
       <ns1:All> 
      <ns2:WssUsernameToken10 /> 
       </ns1:All> 
      </ns1:ExactlyOne> 
      </ns1:Policy> 
     </ns2:UsernameToken> 
      </ns1:All> 
     </ns1:ExactlyOne> 
     </ns1:Policy> 
    </ns2:SupportingTokens> 
    <ns3:UsingAddressing xmlns:ns3="http://www.w3.org/2006/05/addressing/wsdl" /> 
     </ns1:All> 
    </ns1:ExactlyOne> 
    </ns1:Policy>

什麼錯嗎?任何建議高度讚賞。

來源

2011-08-19 Haakon

回答

1

當我禁用了我自己的homebaked程序認證機制時,它解決了這個問題,它引發了一個破壞性異常。不能相信,以前沒有打我。

來源

2011-08-22 11:48:13 Haakon

相關問題

 相關問題