【问题标题】:WebService Client using Apache Axis with WS-Security. No Username Security Token found使用 Apache Axis 和 WS-Security 的 WebService 客户端。未找到用户名安全令牌
【发布时间】:2017-01-30 16:28:22
【问题描述】:

我一直在尝试使用Intellij Idea 13 中的Apache Axis 编写webservice 客户端,但遇到了一些困难。我已经可以将webservice 与.net c# 项目连接起来,现在我需要用java 来实现。 WebService 需要安全标头中的用户名和密码。

这是来自 WebService 的响应:

嵌套错误:在 WS 块中找不到用户名安全令牌,演员:当前演员

这是我使用的代码。

SomeWebServiceServiceLocator locator = new SomeWebServiceServiceLocator();
SomeWebServicePortBindingStub stub = (SomeWebServicePortBindingStub) locator.getSomeWebServicePort();
stub.setUsername("usr111");
stub.setPassword("pass111");

SOAPMessage soapMessage = MessageFactory.newInstance().createMessage();
javax.xml.soap.SOAPPart sOAPPart = soapMessage.getSOAPPart();
SOAPEnvelope envelope = sOAPPart.getEnvelope();
SOAPHeader header = envelope.getHeader();

if (header == null) {
            System.out.println("no header yet, create one");
            header = envelope.addHeader();
        }
        SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");

        Name tUserTokenElementName = envelope.createName("UsernameToken", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        SOAPElement tUserTokenElement = security.addChildElement(tUserTokenElementName);
        tUserTokenElement.removeNamespaceDeclaration("wsse");
        tUserTokenElement.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        //
        tUserTokenElement.addAttribute(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id", "u"), "UsernameToken-usr111");

        // user name child
        Name tUsernameElementName = envelope.createName("Username", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        SOAPElement tUsernameElement = tUserTokenElement.addChildElement(tUsernameElementName);
        tUsernameElement.removeNamespaceDeclaration("wsse");
        tUsernameElement.addTextNode("usr111");

        // password child
        Name tPasswordElementName = envelope.createName("Password", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        SOAPElement tPasswordElement = tUserTokenElement.addChildElement(tPasswordElementName);
        tPasswordElement.removeNamespaceDeclaration("wsse");
        tPasswordElement.addTextNode("pass111");
        tPasswordElement.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");

        Element assertion = (Element) security;
        SOAPHeaderElement header0 = new SOAPHeaderElement(assertion);
        stub.setHeader(header0);

该代码生成以下标头。

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:actor="" soapenv:mustUnderstand="0" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:UsernameToken wsu:Id="UsernameToken-usr111" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>usr111</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass111</wsse:Password>
</wsse:UsernameToken> </wsse:Security>

我还跟踪了工作中的 .net cs 应用程序与 Fiddler 的连接,但未能跟踪我的 java 调用。这是工作请求的标头。

<s:Header>
    <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo1zQ7/YYhJpArMKDUdofV4QAAAAAvGLoItf+KkC8k4KQjqtXUK0D00UQcXJBtCFGkgP0qBkACQAA</VsDebuggerCausalityData>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <o:UsernameToken u:Id="uuid-de9cefc3-6ab9-407f-8658-7ecf007559bc-17">
            <o:Username>usr111</o:Username>
            <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass111</o:Password>
        </o:UsernameToken>
    </o:Security>
</s:Header>

这里还有一个示例 xml 提供自 webservice 所有者

<soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <wsse:UsernameToken wsu:Id="UsernameToken-11111111" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
       <wsse:Username>someuser</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">*****</wsse:Password>
     </wsse:UsernameToken>
  </wsse:Security>

webservice 的所有者还提供了两个 .crt 证书。我将它们添加到 javakeystore 但它没有任何帮助。 最后我不能用 SoapUI 请求webservice

【问题讨论】:

  • 会不会是 wsu:Id="usr111" 而不是你放的?它必须与实际用户名匹配
  • 我试过但得到同样的错误。

标签: java web-services intellij-idea axis


【解决方案1】:

好的,如果其他人遇到这种错误,下面的这个方法对我有用。 我不记得我在哪里找到的,但感谢所有者。。感谢him

void addWsSecurityHeader(org.apache.axis.client.Stub binding, String wsUser,String wsPass)throws SOAPException {

    // Create the top-level WS-Security SOAP header XML name.
    QName headerName = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
    SOAPHeaderElement header = new SOAPHeaderElement(headerName);
    //  no intermediate actors are involved.
    header.setActor(null);
    // not important, "wsse" is standard
    header.setPrefix("wsse");
    header.setMustUnderstand(true);

    // Add the UsernameToken element to the WS-Security header
    SOAPElement utElem = header.addChildElement("UsernameToken");
    SOAPElement userNameElem = utElem.addChildElement("Username");
    userNameElem.removeContents();
    userNameElem.setValue(wsUser);

    SOAPElement passwordElem = utElem.addChildElement("Password");
    passwordElem.setValue(wsPass);
    // Finally, attach the header to the binding.
    binding.setHeader(header);
}

还用于跟踪我使用this发送和接收的内容

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2012-06-30
    • 2013-08-19
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2020-12-20
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多