首页 > 其他分享> > 使用Spring WS的WSS4J：(WSSecurityEngine：无效的时间戳记消息的安全语义已过期)

使用Spring WS的WSS4J：(WSSecurityEngine：无效的时间戳记消息的安全语义已过期)

2019-11-20 20:20:13 作者：互联网

我基于Wss4jSecurityInterceptor的Spring实现开发了ws(肥皂).

配置如下：

...
securementActions=Timestamp Signature Encrypt
...
securementSignatureParts={Element}{...schemas.xmlsoap.org/soap/envelope/}Body;{Element}...www.w3.org/2005/08/addressing}To;{Element}{...www.w3.org/2005/08/addressing}Action;{Element}{...www.w3.org/2005/08/addressing}MessageID;{Element}{...www.w3.org/2005/08/addressing}RelatesTo;{Element}{...docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp

当我将时钟设置为比服务器时钟晚2分钟(或更长时间)时,从客户端调用ws时,我收到以下消息：

org.apache.ws.security.WSSecurityException: The message has expired
(WSSecurityEngine: Invalid timestamp The security semantics of the
message have expired)

我使用SoapUI来测试ws.
根据我得到的响应,主体块无法在客户端解密.

时钟同步时的响应


    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
       <SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
       ...
       </SOAP-ENV:Header>
       <SOAP-ENV:Body wsu:Id="id-148" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
          <SOAP-ENV:Fault>
             <faultcode>SOAP-ENV:Server</faultcode>
             <faultstring xml:lang="en">error label</faultstring>
             <detail>
                <submissionFault xmlns="xxxxxx">
                   <error xmlns="xxxxxxx">
                      <errorCode>error code here</errorCode>
                      <errorDescription>error description here</errorDescription>
                      <errorDetail>errro detail here</errorDetail>
                   </error>
                </submissionFault>
             </detail>
          </SOAP-ENV:Fault>
       </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

两个时钟都不同步时的响应


    <SOAP-ENV:Envelope xmlns:SOAP-ENV="..." xmlns:xenc=&quot...#">
       <SOAP-ENV:Header xmlns:wsa="...">
       ...
       </SOAP-ENV:Header>
       <SOAP-ENV:Body wsu:Id="id-157" xmlns:wsu="...">
          <xenc:EncryptedData Id="EncDataId-162" Type="...">
             <xenc:EncryptionMethod Algorithm="...#aes256-cbc"/>
             <ds:KeyInfo xmlns:ds="...#">
                <wsse:SecurityTokenReference xmlns:wsse="...">
                   <wsse:Reference URI="#EncKeyId-xxxxxxxxxxxxxhhhhhyyyy"/>
                </wsse:SecurityTokenReference>
             </ds:KeyInfo>
             <xenc:CipherData>
                <xenc:CipherValue>PMam8TSjmX9gHDE7+/fekt575W+qWFC2xcMAXzAlTPfxoQ3ctBG9bUPUAsnMNQm41G9ya0EZaQtV
    zRL59IFW0wrowbJXhUHXvW0YPkAbIUSnnmWreQpHwy5oKA5DQWJ+nZTnyMdXq8ukxDPCP5ALlvGD
    wv685Fs14YmWupzXVBGufcu4XSGFI
    ...
    XhUkjHrOlrBL4PHiZ9imt
    nWLswfcay6friGSfkN2Z0U5oJ3XW034sVCONFBdZVNwia51nNmGTGwsMXJFxXLXCxv/lVP1p3tMq
    StoR11Otn8d/gcc06q+jBJDu5KXTgI5V6fHyW17jvV924AorYA44BiZ6ym5u4dti8fvCSFfj8shg
    /4DhGS16ATWFFfZ+QzTxaGEik1+d/+AbMc031wrO60hm7dIMasOegqD0BKUkEgkBbk0totU4TI55
    C3BHPmv44QPGpoOSmkGAjYYzfbv9GE6HeaUBVXviJqaA1q0BiIIklINMmnry9KU53mi59swqBNKz
    pF6cNDjKFGDNeRW9JLGNJq8dsnqK8nn7zE/sE2PxFGwJ+3qk40TuE6mjhA==</xenc:CipherValue>
             </xenc:CipherData>
          </xenc:EncryptedData>
       </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

任何想法？

谢谢

解决方法:

这是预料之中的,您的服务器和客户端时钟应该同步,否则默认的WSS4J TimestampValidator将引发异常

“ org.apache.ws.security.WSSecurityException：消息已过期(WSSecurityEngine：无效的时间戳记.消息的安全语义已过期)”

标签：ws-security,wss4j,timestamp,spring
来源： https://codeday.me/bug/20191120/2046457.html