【问题标题】:WS Security - Username token ProfileWS 安全 - 用户名令牌配置文件
【发布时间】:2013-08-16 20:17:56
【问题描述】:

我有一个 wsdl 文件,我正在 WAS 8.0 中为此编写一个客户端

我在 ApplicationResources.properties 中保留了肥皂请求所需的用户名/密码。

我正在使用“wss-username-token-profile-1.0”,

我无法找到如何实现这一点。

我需要知道,如何编写policy.xml以及如何在Webservice clienr中使用。

【问题讨论】:

    标签: web-services websphere ws-security


    【解决方案1】:

    Soap 请求必须包含用户名令牌 wss 配置文件的相应标头元素。如果您使用 Java,您可以使用 Soap 处理程序或 SAAJ 手动创建元素。在 Websphere 中,您可以使用称为“策略集”的功能通过配置各种策略集和绑定来对这种支持进行元编程。

    这是一篇很好的文章,描述了如何使用配置方法完成此操作: http://www.ibm.com/developerworks/websphere/library/techarticles/1103_balakrishnan/1103_balakrishnan.html

    这是一个使用 SAAJ 以编程方式添加此标头的示例:

    public class WssHandler implements SOAPHandler<SOAPMessageContext> {
    
        private static final Logger cTRACE = Logger.getLogger(WssHandler.class.getName());
    
        // SOAP
        private static final String cWSSE = "wsse";
        private static final String cURL = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
        private static final String cNODE_SECURITY = "Security";
        private static final String cNODE_USRTOKEN = "UsernameToken";
        private static final String cNODE_USERNAME = "Username";
        private static final String cNODE_PASSWORD = "Password";
    
        private String iUsername;
        private String iPassword;
    
        /**
         * Constructor for SOAP handler with specific wss credentials.
         * @param aUsername wss username
         * @param aPassword wss password
         */
        public WssHandler(String username, String passwd) {
            super();
            iUsername = username;
            iPassword = passwd;
        }
    
        @Override
        public boolean handleMessage(SOAPMessageContext context) {
            if (cTRACE.isLoggable(Level.FINEST)) {
                cTRACE.logp(Level.FINEST,
                        WssHandler.class.getName(),
                        "handleMessage", "add WSS credentials for user "+iUsername);
            }
    
            try {
                SOAPMessage tMessage = context.getMessage();
                SOAPEnvelope tSoapEnvelope = tMessage.getSOAPPart().getEnvelope();
    
                // header
                SOAPHeader tHeader = tSoapEnvelope.getHeader();
                if (tHeader==null) {
                    // no header yet, create one
                    tHeader = tSoapEnvelope.addHeader();
                }
    
                // security node
                Name tWsseHeaderName = tSoapEnvelope.createName(cNODE_SECURITY, cWSSE, cURL);
                SOAPHeaderElement tSecurityElement = tHeader.addHeaderElement(tWsseHeaderName);
                tSecurityElement.setMustUnderstand(true);
    
                Name tUserTokenElementName = tSoapEnvelope.createName(cNODE_USRTOKEN, cWSSE, cURL);
                SOAPElement tUserTokenElement = tSecurityElement.addChildElement(tUserTokenElementName);
                tUserTokenElement.removeNamespaceDeclaration(cWSSE);
                tUserTokenElement.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
    
                // user name child
                Name tUsernameElementName = tSoapEnvelope.createName(cNODE_USERNAME, cWSSE, cURL);
                SOAPElement tUsernameElement = tUserTokenElement.addChildElement(tUsernameElementName);
                tUsernameElement.removeNamespaceDeclaration(cWSSE);
                tUsernameElement.addTextNode(iUsername);
    
                // password child
                Name tPasswordElementName = tSoapEnvelope.createName(cNODE_PASSWORD, cWSSE, cURL);
                SOAPElement tPasswordElement = tUserTokenElement.addChildElement(tPasswordElementName);
                tPasswordElement.removeNamespaceDeclaration(cWSSE);
                tPasswordElement.addTextNode(iPassword);
                tPasswordElement.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
            } catch (SOAPException e) {
                if (cTRACE.isLoggable(Level.SEVERE)) {
                    cTRACE.logp(Level.SEVERE,
                            WssHandler.class.getName(),
                            "handleMessage", "Unable to add WSS credentials", e);
                }
                // stop processing
                return false;
            }
    
            // continue processing
            return true;
        }
    
        @Override
        public boolean handleFault(SOAPMessageContext context) {
            return true;
        }
    
        @Override
        public void close(MessageContext context) {
            // nothing to do
        }
    
        @Override
        public Set<QName> getHeaders() {
            return null;
        }
    
    }
    

    【讨论】:

    • 我在 xml 中有用户名令牌,我想以编程方式传递这个令牌。调用 web 服务时如何传递此令牌? (我正在使用 MyEclipse Blue 和 WAS8.0)
    • 这值得更多的投票,应该被接受为答案。
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2017-01-30
    • 1970-01-01
    • 2020-12-20
    • 2020-06-01
    • 1970-01-01
    相关资源
    最近更新 更多