org.apache.axis2.AxisFault: WSHandler: Encryption: error during message processingorg.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5)
The problem comes from Java Cryptography Extension (JCE) policy files
Due to import control restrictions for some countries, the Java Cryptography Extension (JCE) policy files shipped with the J2SE Development
Kit and the J2SE Runtime Environment allow strong but limited cryptography to be used. These files are located at
where <java-home> is the jre directory of the JDK or the top-level directory of the J2SE Runtime Environment.
An unlimited strength version of these files indicating no restrictions on cryptographic strengths is available
on the JDK web site for those living in eligible countries. Those living in eligible countries may download the unlimited strength
version and replace the strong cryptography jar files with the unlimited strength files.
Unlimited strength Jurisdiction Policy Files may be downloaded from the JavaSoft's web site.
Here is the web address: http://java.sun.com/javase/downloads/index.jsp#docs (At the end of the page).(我已经下载了,放到附件里了。如果需要最新的可以到上面网址下下载)
Open the readme.txt and follow the instructions:
Basically replace two existing jar for the two new ones ((US_export_policy.jar and local_policy.jar )
Install the Bouncycastle JAR in the Path of the server Web application (WEB-INF/jar/bcprov- jdk15-132.jar).
because if WSS4J does not find the Bouncycastle in the Path it is not
initialized and registered as security provider. and the default one
Sun Security provider does not support all required algorithms and keystore formats.
(in this case RSA)
[Am not so sure about this step. I think all this happends more in the JRE, but as my config work I add it here as comment. see next point]
I've installed the bouncycastle jar in <jre_home>/lib/ext and i've
changed <jre_home>/lib/security/java.security to add this line:
and ... in the client side i don't have to install "unlimited strength
jce", only with the bouncy castle .jar in classpath is enough to run
在Web Service的世界中,安全问题至关重要,因为它们涉及到诸如身份验证、授权、数据隐私和完整性等多个关键领域。SOAP规范本身并未涵盖安全方面,导致许多人认为Web Service天生就不安全。然而,企业级系统往往需要...
使用时,只需将这些jar文件添加到项目类路径,就可以避免因缺少依赖导致的问题。 7. **注意事项:** 虽然全量jar包方便了使用,但可能会增加项目体积,对于某些对大小有严格要求的项目,可能需要考虑按需引入特定...
