当前位置: 文江博客话题详情

CXF 生成的 WSDL 不包含 WS-SecurityPolicy 定义

发布于 2024-11-26 19:18:21 字数 2182 浏览 2 评论 0原文

我想使用 WS-Security 来保护我的 Web 服务。我使用 CXF 公开我的端点,并使用 Java 代码生成 WSDL(又名 CXF 代码优先服务)。

本教程解释了在手动管理 WSDL 时如何将 WS-Security 与 CXF 结合使用: http://www.ibm.com/developerworks/java/library/j-jws13/index.html

但是,我使用 CXF 自动生成WSDL。 生成的 WSDL 并不表明客户端应该使用 WS-Security。我希望 WSDL 中出现类似的情况:

<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
  <wsp:All>
    <sp:TransportBinding/>
    <sp:SupportingTokens>
      <wsp:Policy>
        <sp:UsernameToken sp:IncludeToken=".../IncludeToken/AlwaysToRecipient"/>
      </wsp:Policy>
    </sp:SupportingTokens>
  </wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

我没有使用 Spring,但我使用嵌入式 Jetty。这是我连接一切的方式:

CXFNonSpringServlet cxfServlet = new CXFNonSpringServlet() {
  private static final long serialVersionUID = 1L;

  @Override
  protected void loadBus(ServletConfig sc) {
    super.loadBus(sc);

    Map<String, Object> inProps = new HashMap<String, Object>();
    inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    inProps.put(WSHandlerConstants.PW_CALLBACK_REF, new TestCallback());

    JaxWsServerFactoryBean factory = new JaxWsServerFactoryBean();
    factory.setBus(bus);
    factory.setServiceBean(new MyServiceEndpointImpl());
    factory.setAddress("/myservice");
    factory.getInInterceptors().add(new WSS4JInInterceptor(inProps));
    factory.create();
  }
};

Server server = new Server(8080);
ContextHandlerCollection contexts = new ContextHandlerCollection();
server.setHandler(contexts);
ServletContextHandler rootContext = new ServletContextHandler(contexts, "/");
rootContext.addServlet(new ServletHolder(cxfServlet), "/soap/*");
server.start();
原文

I would like to use WS-Security to protect my web service. I'm using CXF to expose my endpoint, and use WSDL generation from Java code (aka CXF code first service).

This tutorial explain how to use WS-Security with CXF when the WSDL is manually managed: http://www.ibm.com/developerworks/java/library/j-jws13/index.html

However, I'm using CXF to automatically generate the WSDL. The generated WSDL doesn't indicate that the client should use WS-Security. I would expect something similar to this in the WSDL:

<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
  <wsp:All>
    <sp:TransportBinding/>
    <sp:SupportingTokens>
      <wsp:Policy>
        <sp:UsernameToken sp:IncludeToken=".../IncludeToken/AlwaysToRecipient"/>
      </wsp:Policy>
    </sp:SupportingTokens>
  </wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

I'm not using Spring, but I use an embedded Jetty. Here is how I wire everything:

CXFNonSpringServlet cxfServlet = new CXFNonSpringServlet() {
  private static final long serialVersionUID = 1L;

  @Override
  protected void loadBus(ServletConfig sc) {
    super.loadBus(sc);

    Map<String, Object> inProps = new HashMap<String, Object>();
    inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    inProps.put(WSHandlerConstants.PW_CALLBACK_REF, new TestCallback());

    JaxWsServerFactoryBean factory = new JaxWsServerFactoryBean();
    factory.setBus(bus);
    factory.setServiceBean(new MyServiceEndpointImpl());
    factory.setAddress("/myservice");
    factory.getInInterceptors().add(new WSS4JInInterceptor(inProps));
    factory.create();
  }
};

Server server = new Server(8080);
ContextHandlerCollection contexts = new ContextHandlerCollection();
server.setHandler(contexts);
ServletContextHandler rootContext = new ServletContextHandler(contexts, "/");
rootContext.addServlet(new ServletHolder(cxfServlet), "/soap/*");
server.start();

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

櫻之舞 2024-12-03 19:18:21

目前不支持。

注意:目前,WS-SecurityPolicy 支持仅适用于“WSDL 优先”场景。 WS-SecurityPolicy 片段只能从 WSDL 中提取。将来,我们还计划启用各种 Code First 场景,但目前仅 WSDL First 可用。

http://cxf.apache.org/docs/ws-securitypolicy.html

有人在这里解释了同样的问题,并用@Policy公开了一个解决方案。然而,该解决方案因 CXF <=2.4.1 而陷入困境(该策略在 WSDL 中添加了两次)。

http://cxf.547215.n5.nabble.com/WS-Security-policy-in-wsdl-for-java-first-approach-td569052.html

现在重复问题已修复并将在 2.4.2 中发布(请参阅 https://issues.apache.org/jira/browse/CXF-3668)

It's not supported right now.

Note: at this point, WS-SecurityPolicy support is ONLY available for "WSDL first" scenarios. The WS-SecurityPolicy fragments can only be pulled from WSDL. In the future, we plan to enable various code first scenarios as well, but at this time, only WSDL first is available.

http://cxf.apache.org/docs/ws-securitypolicy.html

Someone explains the same problem here, and expose a solution with @Policy. However, the solution is boggy with CXF <=2.4.1 (the policy is added twice in the WSDL).

http://cxf.547215.n5.nabble.com/WS-Security-policy-in-wsdl-for-java-first-approach-td569052.html

The duplication problem is now fixed and will be release in 2.4.2 (see https://issues.apache.org/jira/browse/CXF-3668)

回复 原文
~没有更多了~

关于作者

撩心不撩汉

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文