[英]Generate web service client secure policy from .wsdl for java
I have been researching how to implement a web service client policies from a .wsdl file. 我一直在研究如何从.wsdl文件实施Web服务客户端策略。
The policies of the web services implicates a signature and encryption using a .jks file with the necessary keys (asymmetric privateKey for signing, and a symmetric privateKey for encryption). Web服务的策略使用具有必要密钥(用于签名的非对称privateKey和用于加密的对称privateKey)的.jks文件来进行签名和加密。 The policy is: username:oracle/wss10_username_token_with_message_protection_service_policy . 该策略是: username:oracle / wss10_username_token_with_message_protection_service_policy 。
I am able to make the .xsd files (request, response and service objects) using the wsimport tool for java (or with cxf or axis2). 我可以使用适用于Java的wsimport工具(或使用cxf或axis2)制作.xsd文件(请求,响应和服务对象)。 What i can't resolve is how to make the correct policy. 我无法解决的是如何制定正确的政策。
Is there any way to automatically generate the policies from the .wsdl or do i have to make them by myself 有什么方法可以从.wsdl自动生成策略,还是我必须自己制定策略
The username:oracle/wss10_username_token_with_message_protection_service_policy is solved with spring ws this way: 用户名:oracle / wss10_username_token_with_message_protection_service_policy是通过spring ws通过以下方式解决的:
<!-- == Ougoing interceptor == -->
<bean id="loginOutgoingWss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor">
<property name="securementActions" value="Timestamp Signature Encrypt" />
<!-- == Set Outgoing Signature properties == -->
<property name="securementUsername" value="alias"/>
<property name="securementPassword" value="aliasPass"/>
<property name="securementSignatureKeyIdentifier" value="DirectReference"/>
<property name="securementSignatureCrypto" ref="cryptoFactoryBean" />
<property name="securementSignatureParts" value="{Element}{}Body;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" />
<!-- == Set Outgoing Encryption properties == -->
<property name="securementEncryptionUser" value="alias"/>
<property name="securementEncryptionCrypto" ref="cryptoFactoryBean" />
<property name="securementEncryptionKeyIdentifier" value="DirectReference"/>
<property name="securementEncryptionParts" value="{Content}{}Body;" />
</bean>
<!-- == Incoming interceptor == -->
<bean id="loginIncomingWss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor">
<property name="validationActions" value="Timestamp Signature Encrypt" />
<!-- == Set Validations Response, This validate signature and decrypts response == -->
<property name="validateResponse" value="true" />
<!-- The lower operation validation. Less time consume-->
<property name="validateRequest" value="false" />
<property name="enableSignatureConfirmation" value="false"/>
<!-- == Set Incoming Signature/Decryption keystore == -->
<property name="validationDecryptionCrypto" ref="cryptoFactoryBean" />
<property name="validationSignatureCrypto" ref="cryptoFactoryBean" />
<!-- Sets the {@link org.apache.ws.security.WSPasswordCallback} handler to use when validating messages -->
<property name="validationCallbackHandler">
<bean class="org.springframework.ws.soap.security.wss4j2.callback.KeyStoreCallbackHandler">
<property name="privateKeyPassword" value="aliasPass"/>
</bean>
</property>
</bean>
If you are using policies in WS-SecurityPolicy (1.1 or later) in your wsdl, no need to generate policies nor make them on client side with Apache CXF. 如果您在wsdl的WS-SecurityPolicy(1.1或更高版本)中使用策略,则无需生成策略,也无需使用Apache CXF在客户端将其制成。 With WS-SecurityPolicy, CXF's security runtime is policy driven. 使用WS-SecurityPolicy,CXF的安全运行时由策略驱动。
1) You follow CXF's WSDL-first approach to generate the client code, using either wsdl2java
command-line tool or Maven cxf-codegen-plugin
(wsdl2java goal). 1)您使用wsdl2java
命令行工具或Maven cxf-codegen-plugin
codegen cxf-codegen-plugin
(wsdl2java目标)遵循CXF的WSDL-first方法来生成客户机代码。 This is described in CXF doc's How to develop a client . CXF doc的“ 如何开发客户端”中对此进行了描述。
2) Following CXF's doc on WS-SecurityPolicy usage , you configure the client security properties for the wsdl port you want to use, either using JAX-WS API (on the client's RequestContext
) or Spring XML configuration. 2)按照CXF关于WS-SecurityPolicy用法的文档,您可以使用JAX-WS API(在客户端的RequestContext
)或Spring XML配置为要使用的wsdl端口配置客户端安全属性。 For the list of possible properties, there are the generic XML security ones and WS-Security-specific ones. 对于可能的属性列表,有通用的XML安全性和WS-Security特定的。 Example with Spring XML for UsernameToken policy (from Glen Mazza's blog samples ): 用于UsernameToken策略的Spring XML示例(来自Glen Mazza的博客示例 ):
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPort" createdFromAPI="true">
<!-- Use this for the UsernameToken Symmetric Binding w/X.509 for secret key derivation -->
<jaxws:properties>
<entry key="ws-security.username" value="alice"/>
<entry key="ws-security.callback-handler" value="client.ClientPasswordCallback"/>
<entry key="ws-security.encryption.properties" value="clientKeystore.properties"/>
<entry key="ws-security.encryption.username" value="myservicekey"/>
</jaxws:properties>
<!-- Use this for the UsernameToken Symmetric Binding w/UT password for secret key derivation -->
<!--jaxws:properties>
<entry key="ws-security.username" value="alice"/>
<entry key="ws-security.callback-handler" value="client.ClientPasswordCallback"/>
</jaxws:properties-->
</jaxws:client>
</beans>
Put this in /cxf.xml
on the class path. 将/cxf.xml
放在类路径的/cxf.xml
。 Warning: the example is using a CallbackHandler
subclass ( client.ClientPasswordCallback in this example) to provide the password. 警告:该示例使用CallbackHandler
子类(此示例中为client.ClientPasswordCallback )提供密码。 So you'll need to provide your own implementation. 因此,您需要提供自己的实现。
3) Back to CXF doc's How to develop a client - last part - in the application code, initialize the client using JAX-WS API with arguments: a) the location of the WSDL (URL) having the WS-SecurityPolicy policies (you already have that, as far as I understand); 3)返回CXF文档的“ 如何开发客户端” (最后一部分),在应用程序代码中,使用带有参数的JAX-WS API初始化客户端:a) 具有WS-SecurityPolicy策略的WSDL(URL)的位置(您已经据我所知有); b) service and port's QNames to be used by the client, as defined in the WSDL: b)WSDL中定义的客户端要使用的服务和端口的QName:
final Service service = Service.create(wsdlLocation, SERVICE_QNAME);
final DoubleItPortType transportPort = service.getPort(PORT_QNAME, DoubleItPortType.class);
4) Make sure you have cxf-rt-ws-policy
and cxf-rt-ws-security
modules on the classpath at runtime to enable WS-SecurityPolicy support. 4)确保在运行时类路径上具有cxf-rt-ws-policy
和cxf-rt-ws-security
模块,以启用WS-SecurityPolicy支持。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.