WSIT、Maven 和 wsimport —— 它们可以一起工作吗?
我正在 Maven 中开发一个小型多模块项目。我们使用 Web 服务将 UI 与数据库层分离,并且借助 jaxws-maven-plugin,或多或少为我们处理了 WSDL 和 WS 客户端的创建。 (该插件本质上是 wsgen 和 wsimport 的包装器。)到目前为止一切顺利。
当我尝试将 WSIT 安全性纳入其中时,问题就出现了。 NetBeans 允许我轻松生成安全元数据,但 wsimport 似乎完全无法处理超出基本身份验证级别的安全性的任何内容。
这是我们当前在 Maven 构建期间调用 wsimport 的不安全方式:
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>jaxws-maven-plugin</artifactId>
<version>1.10</version>
<executions>
<execution>
<goals>
<goal>wsimport</goal>
</goals>
<configuration>
<wsdlUrls>
<wsdlUrl>${basedir}/../WebService/target/jaxws/wsgen/wsdl/WebService.wsdl</wsdlUrl>
</wsdlUrls>
<packageName>com.yourcompany.appname.ws.client</packageName>
<sourceDestDir>${basedir}/src/main/java</sourceDestDir>
<destDir>${basedir}/target/jaxws</destDir>
</configuration>
</execution>
</executions>
</plugin>
我尝试使用 xauthFile、xadditionalHeaders,通过 args 传递 javax.xml.ws.security.auth.username 和密码。我还尝试从命令行使用 wsimport 来指向 Tomcat 生成的 WSDL,其中包含附加安全信息。然而,似乎根本没有改变 wsimport 生成的文件的组成。
所以我想我的问题是,为了获得一个 WSIT 兼容的客户端,我是否必须完全放弃 Maven 和 jaxws 插件?有没有办法让 WSIT 客户端自动生成?或者我需要手动生成客户端吗?
除了我在这里写的内容之外,如果您需要任何其他信息,请告诉我。我正在部署到 Tomcat,尽管这似乎不是问题,因为 Maven 似乎很乐意将 Metro 拉入已部署的 WAR 文件中。
提前致谢!
编辑:经过大量使用 WSIT 后,以下是对我有用的方法。
对于初学者,使用 Netbeans 生成 WSIT 客户端。对其进行测试以确保其正常工作,然后将 WSIT 配置文件(wsit-client.xml 和 [您的 Web 服务名称].xml)移动到 WS 客户端项目的 META-INF 目录。
从安全的角度来看,项目的相关添加是 Web 服务 xml 中的标记:
<wsp:Policy wsu:Id="WebPortBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sc:CallbackHandlerConfiguration wspp:visibility="private">
<sc:CallbackHandler default="wsitUser" name="usernameHandler"/>
<sc:CallbackHandler default="changeit" name="passwordHandler"/>
</sc:CallbackHandlerConfiguration>
<sc:TrustStore wspp:visibility="private" location="C:\Apps\apache-tomcat-6.0.24\certs\client-truststore.jks" type="JKS" storepass="changeit" peeralias="xws-security-server"/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
显然,这里有一些硬编码的依赖项,我们需要在构建期间进行管理。用户、密码、信任库位置和对等别名都是开发默认值,并且会随着系统从开发阶段转向测试和生产阶段而发生变化。我们正在尝试一些不同的策略来管理这个问题,但我们最终可能会在 Hudson 中设置环境变量以构建每个环境。
稍微摆弄 Maven 的 jaxws 插件的配置。我们在构建过程中生成 WSDL,因此不需要在本地引用它。下面是我们 WS 客户端目标中 wsimport 命令的插件标签:
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>jaxws-maven-plugin</artifactId>
<version>1.12</version>
<executions>
<execution>
<goals>
<goal>wsimport</goal>
</goals>
<configuration>
<wsdlUrls>
<wsdlUrl>${basedir}/../WebService/target/jaxws/wsgen/wsdl/WebService.wsdl</wsdlUrl>
</wsdlUrls>
<staleFile>${project.build.directory}/jaxws/stale/WebService.stale</staleFile>
<packageName>com.yourcompany.appname.ws.client</packageName>
<sourceDestDir>${basedir}/src/main/java</sourceDestDir>
<destDir>${basedir}/target/jaxws</destDir>
</configuration>
<id>wsimport-generate-WebService</id>
<phase>generate-sources</phase>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>javax.xml</groupId>
<artifactId>webservices-api</artifactId>
<version>2.0-b30</version>
</dependency>
</dependencies>
<configuration>
<sourceDestDir>${project.build.directory}/generated-sources/jaxws-wsimport</sourceDestDir>
<xnocompile>true</xnocompile>
<verbose>true</verbose>
<extension>true</extension>
</configuration>
</plugin>
最后,当然,请确保所有需要调用 Web 服务的项目都正确设置了 Metro 依赖项。
I'm working on a small-ish multi-module project in Maven. We've separated the UI from the database layer using Web Services, and thanks to the jaxws-maven-plugin, the creation of the WSDL and WS client are more or less handled for us. (The plugin is essentially a wrapper around wsgen and wsimport.) So far so good.
The problem comes when I try to layer WSIT security into the picture. NetBeans allows me to generate the security metadata easily, but wsimport seems completely incapable of dealing with anything beyond a Basic-auth level of security.
Here's our current, insecure way of calling wsimport during a Maven build:
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>jaxws-maven-plugin</artifactId>
<version>1.10</version>
<executions>
<execution>
<goals>
<goal>wsimport</goal>
</goals>
<configuration>
<wsdlUrls>
<wsdlUrl>${basedir}/../WebService/target/jaxws/wsgen/wsdl/WebService.wsdl</wsdlUrl>
</wsdlUrls>
<packageName>com.yourcompany.appname.ws.client</packageName>
<sourceDestDir>${basedir}/src/main/java</sourceDestDir>
<destDir>${basedir}/target/jaxws</destDir>
</configuration>
</execution>
</executions>
</plugin>
I have tried playing around with xauthFile, xadditionalHeaders, passing javax.xml.ws.security.auth.username and password through args. I have also tried using wsimport from the command line to point to the Tomcat-generated WSDL, which has the additional security info. Nothing, however, seems to change the composition of the wsimport-generated files at all.
So I guess my question here is, to get a WSIT-compliant client, am I stuck abandoning Maven and the jaxws plugin altogether? Is there a way to get a WSIT client to auto-generate? Or will I need to generate the client by hand?
Let me know if you need any additional info beyond what I've written here. I'm deploying to Tomcat, although that doesn't seem to be an issue, as Maven seems happy to pull Metro into the deployed WAR file.
Thanks in advance!
EDIT: After a lot of playing around with WSIT, here's what worked for me.
For starters, use Netbeans to generate a WSIT client. Test it to make sure it works, and then move the WSIT configuration files (wsit-client.xml and [your web service name].xml) to the META-INF directory of the WS client project.
The relevant addition to your project, from a security standpoint, is the tag in the web service xml:
<wsp:Policy wsu:Id="WebPortBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sc:CallbackHandlerConfiguration wspp:visibility="private">
<sc:CallbackHandler default="wsitUser" name="usernameHandler"/>
<sc:CallbackHandler default="changeit" name="passwordHandler"/>
</sc:CallbackHandlerConfiguration>
<sc:TrustStore wspp:visibility="private" location="C:\Apps\apache-tomcat-6.0.24\certs\client-truststore.jks" type="JKS" storepass="changeit" peeralias="xws-security-server"/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Obviously, there are some hard-coded dependencies in here that we'll need to manage during our build. The user, password, location of the truststore, and the peeralias are all development defaults, and will change as the system moves from dev into testing and production. We're playing around with a few different strategies for managing this, but we'll probably end up setting environment variables in Hudson for build-out to each environment.
Fiddle with the configuration of Maven's jaxws plugin a little. We generate the WSDL as part of the build, so we don't need to reference it locally. Here is the plugin tag for the wsimport command in our WS client target:
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>jaxws-maven-plugin</artifactId>
<version>1.12</version>
<executions>
<execution>
<goals>
<goal>wsimport</goal>
</goals>
<configuration>
<wsdlUrls>
<wsdlUrl>${basedir}/../WebService/target/jaxws/wsgen/wsdl/WebService.wsdl</wsdlUrl>
</wsdlUrls>
<staleFile>${project.build.directory}/jaxws/stale/WebService.stale</staleFile>
<packageName>com.yourcompany.appname.ws.client</packageName>
<sourceDestDir>${basedir}/src/main/java</sourceDestDir>
<destDir>${basedir}/target/jaxws</destDir>
</configuration>
<id>wsimport-generate-WebService</id>
<phase>generate-sources</phase>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>javax.xml</groupId>
<artifactId>webservices-api</artifactId>
<version>2.0-b30</version>
</dependency>
</dependencies>
<configuration>
<sourceDestDir>${project.build.directory}/generated-sources/jaxws-wsimport</sourceDestDir>
<xnocompile>true</xnocompile>
<verbose>true</verbose>
<extension>true</extension>
</configuration>
</plugin>
And finally, of course, make sure that all your projects that will need to call web services have the Metro dependency properly set up.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您不是应该为客户端提供客户端 WSIT 配置文件吗?您对
wsimport到底有何期望?编辑: 正如所暗示的,WSIT 文档 描述了 两个客户端配置文件:
wsit-client.xml和{wsdl 文件名}.xml以及:转换到 Maven 项目时,这些文件的自然位置将是 src/main/resources 或 src/main/resources/META-INF 文件夹。就我个人而言,我更喜欢将它们放在 META-INF 中。
Aren't you just supposed to provide the Client-Side WSIT Configuration Files for the client? What do you expect from
wsimportexactly?Edit: As implied, the WSIT document describes two client-side configuration files:
wsit-client.xmland{wsdl file name}.xmland:Transposed to a Maven project, the natural location for these files would be
src/main/resourcesorsrc/main/resources/META-INFfolder. Personally, I tend to prefer putting them in META-INF.