使用AXIS2将用户/密码添加到SOAPHeader以进行WebService客户端调用

Question

请帮助：我试图从SOAPUI调用WebService，我注意到该服务需要用户名和密码，我通过请求参数提供。 我注意到原始XML包含添加到SOAPHeader的用户/密码片段。 摘录如下：

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Username>testuser</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">testpassword&amp;</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">RYadQak91mr7dB+5hyt8yw==</wsse:Nonce><wsu:Created>2011-10-24T20:13:43.039Z</wsu:Created></wsse:UsernameToken>
</wsse:Security>

现在我想通过添加用户/密码详细信息来实现同样的目的，如下面的代码所示：代码片段是：

org.tempuri.myService.MyServiceStub stub = new  org.tempuri.myService.MyServiceStub();

ServiceClient sc = stub._getServiceClient();
HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator();
auth.setUsername("testuser");
auth.setPassword("password$");

sc.getOptions().setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE,auth);

org.tempuri.myService.MyServiceDocument myService4 = (org.tempuri.myService.MyServiceDocument)getTestObject(org.tempuri.myService.MyServiceDocument.class);

MyService lval = MyService4.addNewMyService();

MyServiceParameters lvParams = lval.addNewParameters();
lvParams.setA("24");
lvParams.setB("10");

lval.setParameters(lvParams);
myService4.setMyService(lval);

但我得到了Axis故障异常，需要帮助我在上面的代码中犯了错误。 轴故障异常详细信息：

org.apache.axis2.AxisFault: Exception occurred while executing service 'MyService'.
    at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
    at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
    at org.tempuri.myService.MyServiceStub.myService(MyServiceStub.java:182)
    at org.tempuri.myService.MyServiceTest.main(MyServiceTest.java:55)

MyServiceResponseDocument lvdoc = stub.myService(myService4);

Answer 1

我自己解决了这个问题，这段代码可能会帮助一些想要添加其他参数的人（至少这对我有用）：

代码段如下：

OMFactory omFactory = OMAbstractFactory.getOMFactory();
OMElement omSecurityElement = omFactory.createOMElement(new QName( "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security", "wsse"), null);


OMElement omusertoken = omFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "UsernameToken", "wsu"), null);

OMElement omuserName = omFactory.createOMElement(new QName("", "Username", "wsse"), null);
omuserName.setText("myusername");

OMElement omPassword = omFactory.createOMElement(new QName("", "Password", "wsse"), null);
omPassword.addAttribute("Type","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText",null );
omPassword.setText("mypassword");

omusertoken.addChild(omuserName);
omusertoken.addChild(omPassword);
omSecurityElement.addChild(omusertoken);
stub._getServiceClient().addHeader(omSecurityElement);

Answer 2

对于其他任何正在努力使用无效安全标头的人 - 来自Shiv Gopal的答案对我不起作用 - 我收到了WSS1613：不支持安全标头内的UsernameToken元素。

在基本上将我的metro客户端与我的axis2客户端进行比较并将每个片段修改为1：1之后，它归结为：

更改

OMElement omusertoken = omFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "UsernameToken", "wsu"), null);

至

OMElement omusertoken = omFactory.createOMElement(new QName(null, "wsse:UsernameToken", "wsse"), null);

现在认证工作

Answer 3

由axis2：wsdl2code生成的Stub类中的脏代码帮助我：

    public void addWsSecurityHeader(String wsUser, String wsPass)
        {

    OMFactory omFactory = OMAbstractFactory.getOMFactory();
    OMElement omSecurityElement = omFactory.createOMElement(new QName( "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security", "wsse"), null);
            omSecurityElement.addAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-%20wssecurity-utility-1.0.xsd",  null);


    OMElement omusertoken = omFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken", "wsse"), null);
    omusertoken.addAttribute("wsu:Id","UsernameToken-87",null );

    OMElement omuserName = omFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Username", "wsse"), null);
    omuserName.setText(wsUser);

    OMElement omPassword = omFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Password", "wsse"), null);
    omPassword.addAttribute("Type","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText",null );
    omPassword.setText(wsPass);

    omusertoken.addChild(omuserName);
    omusertoken.addChild(omPassword);
    omSecurityElement.addChild(omusertoken);
    this._getServiceClient().addHeader(omSecurityElement);
}

它产生了正确的值

 ...<wsse:UsernameToken wsu:Id="UsernameToken-87">

AA ...

因为当子元素的名称空间与父元素的名称空间重合时，输出子元素就没有了。 所以你不应该使用空命名空间来生成没有它的标签。 但我没有说明如何为同一个标签设置几个xmlns，所以我做了一个脏的黑客来创建第二个xmlns作为标签属性。 可能是我错了，但它确实奏效了。