使用 Metro 的 Ws-Security 标头

发布于 2024-08-27 02:38:56 字数 3409 浏览 4 评论 0原文

我有一个实现 WS-Security 的 Web 服务，但没有在 WSDL 中定义策略。我能够使用 Axis 2 作为客户端成功使用此 Web 服务。

我正在尝试使用 Metro 2 使用相同的 Web 服务，但 wsse:security 标头不会出现。仅当服务定义了不受我控制的安全策略时，它才有效。我通过创建一个示例 Web 服务对此进行了测试，除非我定义策略，否则我的 Metro 客户端永远不会发送 wsse:security 标头。

使用 Metro 时我有什么遗漏吗？

编辑 - - - - - - - - - - - - - - - - - - - - - - - - - ------------------------------------------

我创建了 wsdl 的本地副本并其中定义了政策。我使用此 wsdl 创建了 Web 服务客户端，但安全标头仍然无法运行。 wsit-client.xml 文件看起来不错。我什至将所有配置与定义策略的 Web 服务客户端进行了比较，配置相同，但仍然不起作用。到目前为止，我的结论是 Metro 客户端需要实际的 Web 服务定义策略。

编辑 - - - - - - - - - - - - - - - - - - - - - - - - - ---------------------------------------

wsit-client.xml 的内容

<?xml version="1.0" encoding="UTF-8"?> 
<definitions 
xmlns="http://schemas.xmlsoap.org/wsdl/" 
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="mainclientconfig"
>
<import location="NewWebService.xml" namespace="http://test.com/"/>

NewWebService.xml与 wsit-client.xml 一起定位，并包含以下

<wsp:Policy wsu:Id="NewWebServicePortBindingPolicy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sc:CallbackHandlerConfiguration wspp:visibility="private">
                    <sc:CallbackHandler default="dsfsd" name="usernameHandler"/>
                    <sc:CallbackHandler default="sdfsdfds" name="passwordHandler"/>
                </sc:CallbackHandlerConfiguration>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>

在绑定中引用的策略信息，如下所示 -

<binding name="NewWebServicePortBinding" type="tns:NewWebService">
    <wsp:PolicyReference URI="#NewWebServicePortBindingPolicy"/>

更改后的 wsdl 包含此策略 -

<wsp:Policy xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="NewWebServicePortBindingPolicy"> 
    <sp:SignedEncryptedSupportingTokens> 
        <wsp:Policy> 
            <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> 
                <wsp:Policy> 
                    <sp:WssUsernameToken10 /> 
                </wsp:Policy> 
            </sp:UsernameToken> 
        </wsp:Policy> 
    </sp:SignedEncryptedSupportingTokens> 
    <sp:TransportBinding> 
        <wsp:Policy> 
            <sp:AlgorithmSuite> 
                <wsp:Policy> 
                    <sp:Basic128 /> 
                </wsp:Policy> 
            </sp:AlgorithmSuite> 
            <sp:IncludeTimestamp /> 
            <sp:Layout> 
                <wsp:Policy> 
                    <sp:Lax /> 
                </wsp:Policy> 
            </sp:Layout> 
            <sp:TransportToken> 
                <wsp:Policy> 
                    <sp:HttpsToken RequireClientCertificate="false" /> 
                </wsp:Policy> 
            </sp:TransportToken> 
        </wsp:Policy> 
    </sp:TransportBinding> 
    <sp:Wss10 /> 
    <wsam:Addressing wsp:Optional="true" /> 
</wsp:Policy>

原文

I have a web service which implements WS-Security but does not define a policy in the WSDL. I am able to consume this web service successfully using Axis 2 as client.

I am trying to consume the same web service using Metro 2 but the wsse:security headers are not going. It works only if the service defines the security policy which is not under my control. I tested this by creating a sample web service and unless I define the policy my metro client never sends the wsse:security headers.

Is there anything I am missing using Metro?

EDIT------------------------------------------------------------------------------------------

I created a local copy of the wsdl and in that defined the policy. I created the web service client using this wsdl but still the security headers are not going. The wsit-client.xml file looks fine. I even compared all the configurations with the client of a webservice which defines policy and the configurations are same but still it doesn't work. As of now my conclusion is that the metro client needs the actual web service defines a policy.

EDIT----------------------------------------------------------------------------------------

Content of wsit-client.xml

<?xml version="1.0" encoding="UTF-8"?> 
<definitions 
xmlns="http://schemas.xmlsoap.org/wsdl/" 
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="mainclientconfig"
>
<import location="NewWebService.xml" namespace="http://test.com/"/>

The NewWebService.xml is located along with wsit-client.xml and contains following policy information

<wsp:Policy wsu:Id="NewWebServicePortBindingPolicy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sc:CallbackHandlerConfiguration wspp:visibility="private">
                    <sc:CallbackHandler default="dsfsd" name="usernameHandler"/>
                    <sc:CallbackHandler default="sdfsdfds" name="passwordHandler"/>
                </sc:CallbackHandlerConfiguration>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>

which is referred in the binding like this -

<binding name="NewWebServicePortBinding" type="tns:NewWebService">
    <wsp:PolicyReference URI="#NewWebServicePortBindingPolicy"/>

The changed wsdl contains this policy -

<wsp:Policy xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="NewWebServicePortBindingPolicy"> 
    <sp:SignedEncryptedSupportingTokens> 
        <wsp:Policy> 
            <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> 
                <wsp:Policy> 
                    <sp:WssUsernameToken10 /> 
                </wsp:Policy> 
            </sp:UsernameToken> 
        </wsp:Policy> 
    </sp:SignedEncryptedSupportingTokens> 
    <sp:TransportBinding> 
        <wsp:Policy> 
            <sp:AlgorithmSuite> 
                <wsp:Policy> 
                    <sp:Basic128 /> 
                </wsp:Policy> 
            </sp:AlgorithmSuite> 
            <sp:IncludeTimestamp /> 
            <sp:Layout> 
                <wsp:Policy> 
                    <sp:Lax /> 
                </wsp:Policy> 
            </sp:Layout> 
            <sp:TransportToken> 
                <wsp:Policy> 
                    <sp:HttpsToken RequireClientCertificate="false" /> 
                </wsp:Policy> 
            </sp:TransportToken> 
        </wsp:Policy> 
    </sp:TransportBinding> 
    <sp:Wss10 /> 
    <wsam:Addressing wsp:Optional="true" /> 
</wsp:Policy>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

夏末的微笑 2024-09-03 02:38:56

您需要将 ws:Policy 添加到 WSDL 的本地副本和 wsit-client.xml 中。此帖子（以及这个答案特别是）可能会帮助您设置整个事情。

回复收藏 0 原文

天涯沦落人 2024-09-03 02:38:56

尝试看看我在这里写的关于非常类似情况的问题 - 从 JAXWS-RI 调用 .NET Web 服务（WSE 3.0、WS-Security）。我仍在（！）尝试解决它，因为我现在从服务器端收到错误，但我更新了问题，并提供了我尝试使其工作的过程的一些详细信息。这里有一个链接，指向我在 Metro java.net 论坛上发布的一篇帖子，该帖子对我很有帮助。不过，我能够获得为我生成的 wsse 标头。

简而言之，我认为将 ws:Policy 部分包含在 WSDL 的本地副本中（并在创建服务时将该 WSDL 作为参数发送）。这是我创建客户端对象的代码片段 - 这里必须简单化，因为我正在使用 Spring 工厂将客户端引用注入到另一个服务中，无论如何，这是要点：

String wsdlDocumentLocation = "localVersion.wsdl";
QName serviceName = new QName("mynamespace", "myServiceName");
Service service = Service.create(wsdlDocumentLocation, serviceName);
//send the port the fully qualified name of the Metro generated
//client interface
Object port = service.getPort("my.client.package.ClientServiceInterface");

那个，以及你的 wsit-client.xml您将 wsit-client.xml 文件放在哪里？如果它位于类路径中（我的位于 WEB-INF/classes 中），您应该在控制台中看到一条日志语句，表明它正在被读取。我在控制台中看到：

[13:12:06.779] WSP5018：已加载 WSIT
来自文件的配置：
文件：/C：/projects/target/my-webapp/WEB-INF/classes/wsit-client.xml。

Try taking a look my a question I wrote here on a very similar situation - Calling a .NET web service (WSE 3.0, WS-Security) from JAXWS-RI. I'm still(!) trying to work through it b/c I'm getting an error from the server side now, but I updated the question with some detail on the process I've gone through trying to get this working. There's a link there to a post I put on the Metro java.net forums that was helpful to me. I was able to get the wsse headers generating for me, though.

In short, I think that including the ws:Policy section in your local copy of the WSDL (and sending that WSDL as a param when you create the Service). Here's a code snippet where I create my client objects - had to be simplistic here, 'cause I"m using Spring factories to inject the client reference into another service, anyway, here's the jist:

String wsdlDocumentLocation = "localVersion.wsdl";
QName serviceName = new QName("mynamespace", "myServiceName");
Service service = Service.create(wsdlDocumentLocation, serviceName);
//send the port the fully qualified name of the Metro generated
//client interface
Object port = service.getPort("my.client.package.ClientServiceInterface");

That, along with your wsit-client.xml should work. Where are you putting your wsit-client.xml file? If it's on the classpath (mine is in WEB-INF/classes), you should see a log statement in the console that says that it's being read. Here's the message I see in my console: