FSET 服务。无法实现web服务,soap客户端
Posted
技术标签:
【中文标题】FSET 服务。无法实现web服务,soap客户端【英文标题】:FSETSERVICE. can not implement web service, soap client 【发布时间】:2019-05-20 13:06:08 【问题描述】:我正在尝试为这个网络服务创建一个客户端,https://fsettestversion.edd.ca.gov/fsetwcfproxywebservice/fsetservice.svc
根据上面的 fset 文档,xml 是请求的示例。我曾尝试使用 wcf.js、soap.js、.NET、JAVA JAX WS (wsimport)、CFX,但我无法进行成功的 PING 调用。
这里有没有人可以给我一盏灯?我收到以下响应(.NET、node js、JAVA):
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"><s:Header><a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action><a:RelatesTo>urn:uuid:9effd4c4-2ad4-4b13-a5d2-5b387221b3d7</a:RelatesTo></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Sender</s:Value><s:Subcode><s:Value xmlns:a="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512">a:BadContextToken</s:Value></s:Subcode></s:Code><s:Reason><s:Text xml:lang="en-US">The message could not be processed. This is most likely because the action 'http://edd.ca.gov/IFsetService/Ping' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the ser
a:InvaildSecurity
在java中显示错误
[main] INFO org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean - 创建服务 http://edd.ca.gov/IFsetServiceService
来自类 com.hrx.fset.model.IFsetService
org.apache.cxf.binding.soap.SoapFault:验证消息的安全性时出错。
javax.xml.ws.soap.SOAPFaultException:验证消息的安全性时出错。
在 org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
以下是基于文档的示例肥皂信封:https://edd.ca.gov/pdf_pub_ctr/de545.pdf
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://edd.ca.gov/IFsetService/Ping</a:Action>
<a:MessageID>urn:uuid:a301683e-e0cc-4afc-95f2-68fa8d7d47b0</a:MessageID>
<a:ReplyTo>
<a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://fsettestversion.edd.ca.gov/fsetwcfproxywebservice/fsetservice.svc</a:To>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
<u:Timestamp u:Id="_0">
<u:Created>2016-07-07T19:53:30.188Z</u:Created>
<u:Expires>2016-07-07T19:58:30.188Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-c433d300-8e53-4794-9e79-97bf9946df61-19">
<o:Username>UserName</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-usernametoken-profile-1.0#PasswordText">Password123</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Ping xmlns="http://edd.ca.gov/" />
</s:Body>
以下是在 .net 项目中作为 Web 服务引用导入时的输出配置:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpEndPoint" messageEncoding="Mtom">
<security mode="TransportWithMessageCredential" />
</binding>
</basicHttpBinding>
<customBinding>
<binding name="basicHttpCustomLegacyEndPoint">
<security defaultAlgorithmSuite="Default" authenticationMode="UserNameOverTransport" requireDerivedKeys="true" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings detectReplays="false" />
<localServiceSettings detectReplays="false" />
</security>
<mtomMessageEncoding messageVersion="Soap11WSAddressingAugust2004" />
<httpsTransport />
</binding>
</customBinding>
<ws2007HttpBinding>
<binding name="wsHttpBindingEndPoint" messageEncoding="Mtom">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<client>
<endpoint address="https://fsettestversion.edd.ca.gov/FSETWCFProxyWebService/FsetService.svc/wsHttp" binding="ws2007HttpBinding" bindingConfiguration="wsHttpBindingEndPoint" contract="ServiceReference1.IFsetService" name="wsHttpBindingEndPoint" />
<endpoint address="https://fsettestversion.edd.ca.gov/FSETWCFProxyWebService/FsetService.svc" binding="customBinding" bindingConfiguration="basicHttpCustomLegacyEndPoint" contract="ServiceReference1.IFsetService" name="basicHttpCustomLegacyEndPoint" />
<endpoint address="https://fsettestversion.edd.ca.gov/FSETWCFProxyWebService/FsetService.svc/basic" binding="basicHttpBinding" bindingConfiguration="basicHttpEndPoint" contract="ServiceReference1.IFsetService" name="basicHttpEndPoint" />
</client>
以下代码适用于.net(使用basicHttpBinding)
BasicHttpBinding myBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
EndpointAddress ea = new
EndpointAddress("https://fsettestversion.edd.ca.gov/FSETWCFProxyWebService/FsetService.svc/basic");
ServiceReference1.FsetServiceClient client = new ServiceReference1.FsetServiceClient(myBinding, ea);
client.ClientCredentials.UserName.UserName = username;
client.ClientCredentials.UserName.Password = password;
client.Open();
Console.WriteLine(client.Ping());
client.Close();
输出是:
El tipo de contenido multipart/related; type="application/xop+xml";start="@987654323@";boundary="uuid:4cdfd7cb-0959-4b6f-9009-1abf534d8253+id=79";start-info="text/xml" del mensaje de respuesta no coincide con el tipo de contenido del enlace (text/xml; charset=utf-8). Si usa un codificador personalizado, asegúrese de que el método IsContentTypeSupported se implemente correctamente. Los primeros 591 bytes de la respuesta fueron: '
--uuid:4cdfd7cb-0959-4b6f-9009-1abf534d8253+id=79
Content-ID: @987654324@
Content-Transfer-Encoding: 8bit
Content-Type: application/xop+xml;charset=utf-8;type="text/xml"
a:InvalidSecurityAn error occurred when verifying security for the message.
--uuid:4cdfd7cb-0959-4b6f-9009-1abf534d8253+id=79--
'.
对于wshttpbinding如下代码:
static void wsHttpTest1()
mSecurty.InitiateSSLTrust();
WSHttpBinding binding = new WSHttpBinding();
EndpointAddress ea = new EndpointAddress(new Uri("https://fsettestversion.edd.ca.gov/FSETWCFProxyWebService/FsetService.svc/wsHttp"));
binding.Name = "wsHttpBindingEndPoint";
binding.MessageEncoding = WSMessageEncoding.Text; //FaultException when using Mtom as should be based on binding.
binding.Security = new WSHttpSecurity();
binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
binding.Security.Transport = new HttpTransportSecurity();
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
binding.Security.Message = new NonDualMessageSecurityOverHttp();
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.Security.Message.EstablishSecurityContext = false;
FsetServiceClient proxy = new FsetServiceClient(binding, ea);
proxy.ClientCredentials.UserName.UserName = username;
proxy.ClientCredentials.UserName.Password = password;
proxy.Open();
String response = proxy.Ping();
Console.WriteLine(response);
proxy.Close();
响应显示:
El tipo de contenido multipart/related; type="application/xop+xml";start="@987654325@";boundary="uuid:c6214f11-8f31-49ed-9108-ff0572d7a532+id=8";start-info="application/soap+xml" del mensaje de respuesta no coincide con el tipo de contenido del enlace (application/soap+xml; charset=utf-8). Si usa un codificador personalizado, asegúrese de que el método IsContentTypeSupported se implemente correctamente. Los primeros 1024 bytes de la respuesta fueron: '
--uuid:c6214f11-8f31-49ed-9108-ff0572d7a532+id=8
Content-ID: @987654326@
Content-Transfer-Encoding: 8bit
Content-Type: application/xop+xml;charset=utf-8;type="application/soap+xml"
@987654327@urn:uuid:c60805c6-579a-4333-9dec-035200e20fe2s:Sendera:BadContextTokenThe message could not be processed. This is most likely because the action '@987654328@' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the ser'.
编辑 1. 正如@Popo 所建议的,我添加了一个证书。如果我错了,请纠正我,但鉴于 App.config 证书中的绑定输出不是必需的。贝娄另一个失败的方法。我使用 > makecert.exe -sr Oscarrico-ss My -a sha1 -n CN=WcfClient -sky exchange -pe 创建了一个证书。并添加了您信任的商店。
static void basingBindingTest03()
BasicHttpBinding binding = new BasicHttpBinding();
EndpointAddress ea = new EndpointAddress(new Uri("https://fsettestversion.edd.ca.gov/FSETWCFProxyWebService/FsetService.svc/basic"));
binding.Name = "basicHttpEndPoint";
binding.MessageEncoding = WSMessageEncoding.Text; //FaultException when using Mtom.
binding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
binding.Security.Transport = new HttpTransportSecurity();
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
FsetServiceClient proxy = new FsetServiceClient(binding, ea);
proxy.ClientCredentials.UserName.UserName = username;
proxy.ClientCredentials.UserName.Password = password;
proxy.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.CurrentUser,
StoreName.TrustedPeople,
X509FindType.FindBySubjectName,
"WcfClient");
proxy.Open();
String response = proxy.Ping();
Console.WriteLine(response);
proxy.Close();
以前的 basicBindingTest03 的输出:
Excepción no controlada del tipo 'System.ServiceModel.ProtocolException' en mscorlib.dll
The content type multipart/related; type="application/xop+xml";start="";boundary="uuid:b47a3223-de29-49f8-b101-708c1ccac45c+id=95";start-info="text/xml" of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 591 bytes of the response were: '
--uuid:b47a3223-de29-49f8-b101-708c1ccac45c+id=95
Content-ID:
Content-Transfer-Encoding: 8bit
Content-Type: application/xop+xml;charset=utf-8;type="text/xml"
a:InvalidSecurityAn error occurred when verifying security for the message.
--uuid:b47a3223-de29-49f8-b101-708c1ccac45c+id=95--
'.
【问题讨论】:
SOAP 消息使用哪个绑定来发送此请求?你试过 SOAPUI 测试吗? 我尝试了所有端点,但主要是 basicHttpEndPoint。是的,我也尝试过 SOAPUI。但收到相同的错误消息 那个肥皂信封是你打电话的例子吗?或者你有打电话的例子吗? 是如何调用的示例,取自文档:edd.ca.gov/pdf_pub_ctr/de545.pdf。 【参考方案1】:如果您将 basicHttpBinding 更改为:
<basicHttpBinding>
<binding name="basicHttpEndPoint" messageEncoding="Mtom">
<security mode="TransportWithMessageCredential" />
</binding>
</basicHttpBinding>
收件人:
<basicHttpBinding>
<binding name="basicHttpEndPoint" messageEncoding="Mtom">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
然后在后面的代码中调用 web 方法,如下所示:
public void test2()
string resp;
FsetServiceClient client = new FsetServiceClient("basicHttpEndPoint");
client.ClientCredentials.UserName.UserName = "UserName";
client.ClientCredentials.UserName.Password = "Password123";
// client.ClientCredentials.ClientCertificate.Certificate = GetCertificateFromStore("3db96ac58545346382d0e6d1456bfcd7145d3514")
try
resp = client.Ping();
catch (Exception ex)
Debug.WriteLine(ex.ToString());
你得到不同的结果吗?我假设您的示例中的用户名和密码无效。您可能还需要通过证书。
【讨论】:
问候波波先生。我尝试了你所倾倒的东西,但没有成功。它们都以: System.ServiceModel.Security.MessageSecurityException 结尾:从另一方收到不安全或不正确安全的故障。我设置了他的证书并更改了绑定。仅供参考,是的,我有一个无效的用户名和有效的密码。感谢您的建议。 @OscarRico 是您在不安全故障上遇到的内部异常? '验证消息的安全性时出错。' 是的,请参阅内部的 FaultException 了解故障代码和详细信息。 ---> System.ServiceModel.FaultException: 验证消息安全时出错。 @OscarRico 嗯,我想说联系他们的支持,看看他们是否能告诉你什么是不正确的。我按照他们的 WSDL 中的定义设置了一个 wsHttpBinding,我的 ping 请求看起来与他们文档中的完全一样,但我仍然收到操作错误,一定是其他原因。以上是关于FSET 服务。无法实现web服务,soap客户端的主要内容,如果未能解决你的问题,请参考以下文章
WCF Soap 客户端无法解析签名中的 URI 以计算摘要
在 JBoss EAP 6.2 中无法通过 SSL 连接到 SOAP 服务