[英]Secure web service in WSO2 Application Server 5.3.0
貢卡爾韋斯。 使用WSO2 AS 5.3.0,此配置為我工作。
您需要進入echo.aar / META-INF / service.xml並放入以下xml:
<service name="echo" serviceDocumentation="echo" exposedAllTransports="false" serviceDeployedTime="1386978405019" successfullyAdded="true" serviceActive="true" utEnabled="true">
<operation name="echoStringArrays">
<module name="addressing" version="4.4.1" type="engagedModules"/>
<module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
</operation>
<operation name="echoOMElement">
<module name="addressing" version="4.4.1" type="engagedModules"/>
<module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
</operation>
<operation name="echoInt">
<module name="addressing" version="4.4.1" type="engagedModules"/>
<module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
</operation>
<operation name="throwAxisFault">
<module name="addressing" version="4.4.1" type="engagedModules"/>
<module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
</operation>
<operation name="echoString">
<module name="addressing" version="4.4.1" type="engagedModules"/>
<module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
</operation>
<bindings>
<binding name="echoHttpBinding">
<operation name="echoStringArrays"/>
<operation name="echoOMElement"/>
<operation name="echoInt"/>
<operation name="throwAxisFault"/>
<operation name="echoString"/>
<policyUUID>UTOverTransport</policyUUID>
</binding>
<binding name="echoSoap11Binding">
<operation name="echoStringArrays"/>
<operation name="echoOMElement"/>
<operation name="echoInt"/>
<operation name="throwAxisFault"/>
<operation name="echoString"/>
<policyUUID>UTOverTransport</policyUUID>
</binding>
<binding name="echoSoap12Binding">
<operation name="echoStringArrays"/>
<operation name="echoOMElement"/>
<operation name="echoInt"/>
<operation name="throwAxisFault"/>
<operation name="echoString"/>
<policyUUID>UTOverTransport</policyUUID>
</binding>
</bindings>
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:AppliesTo>
<policy-subject identifier="binding:soap11"/>
<policy-subject identifier="binding:soap12"/>
</wsp:AppliesTo>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
</rampart:RampartConfig>
<sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
<sec:Authorization>
<sec:property name="org.wso2.carbon.security.allowedroles">admin,sys-admin
</sec:property>
</sec:Authorization>
</sec:CarbonSecConfig>
</wsp:Policy>
</wsp:PolicyAttachment>
<transports>
<transport>https</transport>
</transports>
<parameter name="ServiceClass" locked="true">org.wso2.carbon.core.services.echo.Echo</parameter>
<module ref="rampart"/>
</service>
QoS功能已從所有基於碳內核4.4.x的產品中刪除。 因此,您必須使用wso2 Developer Studio或按照@Jorge的說明手動編輯services.xml文件,以便為axis2服務應用安全性。
帶有用戶名策略的示例service.xml如下所示
<service name="echo">
<schema elementFormDefaultQualified="false"/>
<description>
This service echos the input provided to it.
</description>
<transports>
<transport>https</transport>
<transport>http</transport>
</transports>
<parameter name="ServiceClass" locked="true">org.wso2.carbon.core.services.echo.Echo</parameter>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
</rampart:RampartConfig>
<sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
<sec:Authorization>
<sec:property name="org.wso2.carbon.security.allowedroles">admin</sec:property>
</sec:Authorization>
</sec:CarbonSecConfig>
</wsp:Policy>
<module ref="rampart"/>
</service>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.