解决(CXF)：The security token could not be authenticated or authorized

程序员文章站 2022-03-02 13:17:42

...

1，使用cxf回调函数，服务端setPassword和客户端不同时，抛出下列异常

org.apache.cxf.binding.soap.SoapFault: The security token could not be authenticated or authorized

at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:641)

at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)

at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)

at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:123)

at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:206)

at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)

at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)

at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:126)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:184)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:107)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:163)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)

at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:852)

at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:584)

at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1508)

at java.lang.Thread.run(Thread.java:619)

Caused by: org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized

at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:203)

at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)

at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)

at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:131)

at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:65)

at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)

at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)

... 23 more

#################################################################

服务端没有设置password时,抛出下列异常：

java.lang.IllegalArgumentException: pwd == null but a password is needed

at org.apache.ws.security.message.token.UsernameToken.setPassword(UsernameToken.java:462)

at org.apache.ws.security.message.WSSecUsernameToken.prepare(WSSecUsernameToken.java:214)

at org.apache.ws.security.message.WSSecUsernameToken.build(WSSecUsernameToken.java:269)

at org.apache.ws.security.action.UsernameTokenAction.execute(UsernameTokenAction.java:59)

at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:202)

at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)

at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)

at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)

at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:535)

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:465)

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:368)

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:321)

at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)

at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)

at $Proxy36.say(Unknown Source)

at test.saa.Client.main(Client.java:40)

Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: pwd == null but a password is needed

at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)

at $Proxy36.say(Unknown Source)

at test.saa.Client.main(Client.java:40)

Caused by: java.lang.IllegalArgumentException: pwd == null but a password is needed