[英]Secure WS client with UsernameToken(SOAP security header)
我正在努力保护我的WS客户端能够调用WS。
我的代码看起来像这样:
SendSmsService smsService = new SendSmsService();
SendSms sendSMS = smsService.getSendSms();
BindingProvider stub = (BindingProvider)sendSMS;
//Override endpoint with local copy of wsdl.
String URL ="";//here is the wsdl url
Map<String,Object> requestContext = stub.getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, URL);
//Set usernametoken
URL fileURL = loader.getResource("client-config.xml");
File file = new File(fileURL.getFile());
FileInputStream clientConfig = null;
try {
clientConfig = new FileInputStream(file);
} catch (FileNotFoundException e) {
e.printStackTrace();
}
XWSSecurityConfiguration config = null;
try {
config = SecurityConfigurationFactory.newXWSSecurityConfiguration(clientConfig);
} catch (Exception e) {
e.printStackTrace();
log.warn("Exception: "+e.getMessage());
}
requestContext.put(XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config);
//Invoke the web service
String requestId = null;
try {
requestId = sendSMS.sendSms(addresses, senderName, charging, message, receiptRequest);
} catch (PolicyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ServiceException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
并且配置文件如下所示:
<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" optimize="true">
<xwss:Service>
<xwss:SecurityConfiguration dumpMessages="true"
xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:UsernameToken name="username" password="password>
</xwss:SecurityConfiguration>
</xwss:Service>
<xwss:SecurityEnvironmentHandler>
util.SecurityEnvironmentHandler
</xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>
SecurityEnviromentHandler是一个实现javax.security.auth.callback.CallbackHandler的虚拟类。
身份验证必须符合Oasis Web Services安全性用户名令牌配置文件1.0。
但我经常收到“安全标头无效”错误。
我哪里错了,谁能告诉我。
我用wsimport(JAX_WS 2.1为我的客户端生成类)
注意:我只知道关于这个WS的事情是WSDL URL和用户&pass验证
解
我解决了这个问题。 出错的是client-config.xml文件导致我不知道如何正确设置它。 我遇到了这个例子并使用它:
http://www.javadb.com/using-a-message-handler-to-alter-the-soap-header-in-a-web-service-client
只需将链接上的这两个类复制到我的项目结构中并调用它们,如下所示:
SendSmsService smsService = new SendSmsService();
HeaderHandlerResolver handlerResolver = new HeaderHandlerResolver();
smsService.setHandlerResolver(handlerResolver);
SendSms sendSMS = smsService.getSendSms();
现在它完美无缺!
将UsernameToken(WS-Security-Header)添加到SOAP消息中
[英]Adding a UsernameToken (WS-Security-Header) to a SOAP message
具有UsernameToken和SecurityContextToken的SOAP安全标头-CXF
[英]SOAP security header with UsernameToken and SecurityContextToken - CXF
如何将SOAP安全头(UsernameToken)信息添加到代码优先的Webservice生成的WSDL中
[英]How to add SOAP Security Header (UsernameToken) information to code-first Webservice Generated WSDL
用于添加soap标头的C#代码wsse:Security,wsse:BinarySecurityToken,ds:Signature,wsse:UsernameToken,wsu:Timestamp
[英]C# code to add soap header wsse:Security, wsse:BinarySecurityToken,ds:Signature, wsse:UsernameToken,wsu:Timestamp
在Java中为ws-security UsernameToken实现密码摘要
[英]Implementing password digest for ws-security UsernameToken in Java
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.