带有 WCF 客户端的 Java JAX-WS 服务
是否可以使用 JAX-WS 创建 Web 服务,然后使用此类绑定由 WCF 客户端使用?
<bindings>
<basicHttpBinding>
<binding name="CaseObjectServicePortBinding" >
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
我现在创建了这样一个没有 WSIT 的服务,只是一个普通的服务,并且想忽略传入 SOAP 消息中的“Security”标头。但它失败并显示:
“无法使用权限‘xxxxxxxxxx’建立 SSL/TLS 的安全通道。”
如果我将: 更改
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate" />
</security>
为:
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate" />
</security>
一切都会完美无缺。有什么想法我做错了什么吗?
Is it possible to create a WebService using JAX-WS, that whould then be consumed by a WCF client using such a binding?
<bindings>
<basicHttpBinding>
<binding name="CaseObjectServicePortBinding" >
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
I created such a service without WSIT for now, just a plain service and wanted to just ignore the "Security" header in incoming SOAP message. But it fails with:
"Could not establish secure channel for SSL/TLS with authority 'xxxxxxxxxx'."
If I change:
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate" />
</security>
to:
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate" />
</security>
everything works flawlessly. Any ideas what am I doing wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
答案是肯定的。您可以使用 BasicHttpBinding 或 WsHttpBinding
发生错误,因为当您使用 TransportWithMessageCredential 时,WCF 客户端将对通过线路发送的消息施加额外的安全性,该消息只能互操作WCF 服务。
一旦将其更改为传输,则仅应用传输安全性(使用证书的SSL),因此客户端和服务都可以理解如何相互通信。
干杯。
The answer is yes. You can use BasicHttpBinding or WsHttpBinding
The error was occurred because when you use TransportWithMessageCredential, the WCF client will impose additional security to your message sent through the wire, which is interoperable only to WCF service.
Once you changed it to Transport, only transport security( SSL using certificate) is applied , so that why both client and service can understand how to communicate with each other.
Cheers.
将安全性定义为
TransportWithMessageCredential时,您会说:我想要一个通过安全传输通道 (HTTPS) 进行通信的服务,并且我希望在 SOAP 标头中传递客户端凭据。如果您定义您所说的消息元素中的证书凭据类型:SOAP 标头将以 x.509 证书令牌配置文件的形式传输客户端凭据。它是可互操作的格式,需要服务上的 WS-Security。
如果您在传输元素中定义证书凭证类型,您会说:我想要相互 SSL 身份验证。如果您定义
TransportWithMessageCredential,我实际上不确定是否使用此类型When defining security as
TransportWithMessageCredentialyou say: I want a service which will communicate over secured transport channel (HTTPS) and I want to pass client credentials in SOAP header.If you define Certificate credential type in message element you say: The SOAP header will transport client credentials as x.509 Certificate token profile. It is interoperable format which requires WS-Security on the service.
If you define Certifiate credential type in transport element you say: I want mutual SSL authentication. I'm actually not sure if this is used if you define
TransportWithMessageCredential这发生在发起请求的步骤上;由于客户端上设置的证书不受信任,因此会向您弹出 TLS 异常。使用具有通用目标名称的证书,如果您在公共场合使用该服务,请使用域名,否则使用目标 IP 地址作为通用名称,这样就可以正常工作。
PS:如果您想继续使用 https 内容类型“text/xml”soap 11(jaxws 的默认值),请使用“basichttps”绑定
This happened on the step of initiating the request; the TLS exception pops out to you because the certificate set on the client is not trusted. Use a certificate with the common destination name, if you are using the service on public use the domain name else use the destination IP address as a common name and it will work just fine .
PS: Use the 'basichttps' binding in case you want to proceed with the https content type 'text/xml' soap 11 the the default from jaxws