使用Java调用安全的Web服务
[英]Calling a secured Web Service in Java
问题描述
I need to write a web service client to call a third party web service (SOAP based). 
我需要编写一个Web服务客户端来调用第三方Web服务(基于SOAP)。 The third party published a wsdl and the associated xsd files. 第三方发布了wsdl和相关的xsd文件。
The third party secure their website and services using .p12 certificates 第三方使用.p12证书保护其网站和服务
I used wsdl2java to generate my stubs. 我使用wsdl2java生成我的存根。 I modified the endpoints and called the service. 我修改了端点并调用了服务。 I received the following error: 我收到以下错误:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header></SOAP-ENV:Header>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:InvalidSecurity</faultcode>
<faultstring>SECU1075: An error was discovered processing the <wsse:Security> header</faultstring>
<detail>SECU3510: Signature requirements validation failed: Element (/soapenv:Envelope/soapenv:Body) was not signed</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Hmmm, ok. 嗯,好的。 Makes sense that I should be signing the document. 有道理我应该签署文件。
The strange part (to me) is there isn't a security definition anywhere in the WSDL file. 奇怪的部分(对我来说)是WSDL文件中没有任何安全定义。 Is this normal? 这是正常的吗? I contacted the third party and they sent me a pdf of what the SOAP message needs to look like. 我联系了第三方,他们向我发送了一个关于SOAP消息需要的pdf。 The following tags appear in the header: containing: 标题中显示以下标记:包含:
<wsse:BinarySecurityToken>
and 和
<dsig:SignedInfo>
so from what I gather, it requires my certificate and some digital signatures. 所以从我收集的内容来看,它需要我的证书和一些数字签名。
Can someone recommend how to generate these in Java? 有人可以推荐如何在Java中生成这些? I started down the Axis2/Rampart path but honestly, it seems those are predicated on having the security requirements defined in the WSDL file (correct me if I'm wrong). 我开始沿着Axis2 / Rampart路径开始,但老实说,似乎这些都是基于WSDL文件中定义的安全要求(如果我错了,请纠正我)。
1 个解决方案
解决方案1
4 已采纳 2010-12-07 18:22:34
Looks like you need to sign you message using The WS-Security standard. 看起来您需要使用WS-Security标准为您签名。 The WS-security standard does not specify any security mapping to wsdl file. WS-security标准未指定任何到wsdl文件的安全性映射。 Some application use WS-Security policy and WS-Policy Attachement in conjunction with Ws-security. 某些应用程序将WS-Security策略和WS-Policy Attachement与Ws-security结合使用。 WS-Policy Attachment does specifies the way to map policies to WSDL. WS-Policy Attachment确定了将策略映射到WSDL的方法。
You can learn more about these standard from w3.org 您可以从w3.org了解有关这些标准的更多信息
And yes you are on the right path, could use WSS4J or axis rampart it your choice. 是的,你是在正确的道路上,可以使用WSS4J或轴壁垒你的选择。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.