stackoom
  简体   繁体   中英

How to add SOAP Security Header (UsernameToken) information to code-first Webservice Generated WSDL

 原文  2013-11-01 06:27:57       java/ web-services/ soap/ wsdl/ cxf

Question

I'm developing a code-first WebService with Apache CXF + Spring. My web service expects the UsernameToken to be present in SOAP request header in order to authenticate the calling client. My question is, is there any way to add SOAP security header (UsernameToken) definition somewhere in the Java code or configuration file, so the generated WSDL will have the security (UsernameToken) included? Please advice.

Many thanks :)

1 answers

solution1
 3 ACCPTED  2013-11-01 11:58:51

Information about required tokens can be published in WSDL using WS-Policies. For username token I use the following policy: 

<wsp:Policy wsu:Id="UP_policy" xmlns:wsp="http://www.w3.org/ns/ws-policy"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <sp:SupportingTokens
        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:Policy>
            <sp:UsernameToken
                sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                <wsp:Policy>
                    <sp:WssUsernameToken11 />
                </wsp:Policy>
            </sp:UsernameToken>
        </wsp:Policy>
    </sp:SupportingTokens>
</wsp:Policy>

It requires UT only for request message ( AlwaysToRecipient ). To include such policy in your generated WSDL:

  • save it to file available in classpath, eg ut.policy.xml
  • add @Policies({ @Policy(uri = "ut.policy.xml") }) annotations to your service class or interface

I modified example CXF project. It shows how to do that. You can find it here .

As a result your WSDL will have appropriate instance of WS-SecurityPolicy attached, telling clients that Username token is expected: 

<wsdl:definitions ...>
    ...
    <wsdl:service name="GreeterService">
        <wsdl:port binding="tns:GreeterServiceSoapBinding" name="GreeterPort">
            <soap:address location="http://localhost:9000/SoapContext/GreeterPort"/>
        </wsdl:port>
        <wsp:PolicyReference URI="#UP_policy"/>
    </wsdl:service>
    <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" wsu:Id="UP_policy">
        <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
            <wsp:Policy>
                <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                    <wsp:Policy>
                        <sp:WssUsernameToken11/>
                    </wsp:Policy>
                </sp:UsernameToken>
            </wsp:Policy>
        </sp:SupportingTokens>
    </wsp:Policy>
</wsdl:definitions>

More about configuring WS-SecurityPolicy with CXF can be found here and how to handle any WS-Policy here .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C# code to add soap header wsse:Security, wsse:BinarySecurityToken,ds:Signature, wsse:UsernameToken,wsu:Timestamp How to get Soap Header Information by CXF WSDL2JAVA Generated Code? How to add Signature security information in soap header Add Security Header info to Java Code generated from WSDL Secure WS client with UsernameToken(SOAP security header) SOAP security header with UsernameToken and SecurityContextToken - CXF Specification of SOAP wsdl for UsernameToken Java Soap Service Add UsernameToken Header How to add soap header when making a soap request using the java objects generated by wsdl Adding soap header authentication to wsdl2java generated code
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM