当前位置: 文江博客话题详情

轴2 + Rampart:在策略标头中指定密码摘要

发布于 2024-12-10 18:24:31 字数 2703 浏览 0 评论 0原文

我正在尝试使用 axis2 和 Rampart 通过 Web 服务发送用户名和密码。我想以摘要的形式发送密码,但由于某种原因,密码仅以明文形式发送。根据多个消息来源,当我将其添加到 services.xml 和 axis2.xml 时应该会发生这种情况,但它似乎不起作用。我还尝试在子标题下添加摘要。 services.xml(服务器端)和axis2.xml(客户端)的相关部分如下所示。有人能看出有什么问题吗?

我的 axis2.xml

<wsp:Policy wsu:Id="UTOverTransport"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SignedSupportingTokens
                xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:UsernameToken
                        sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:HashPassword />
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SignedSupportingTokens>
            <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
                <ramp:user>test</ramp:user>
                <ramp:passwordCallbackClass>sec.PWCBHandler</ramp:passwordCallbackClass>
            </ramp:RampartConfig>
        </wsp:All>
    </wsp:ExactlyOne>

</wsp:Policy>

我的 services.xml

<wsp:Policy wsu:Id="UTOverTransport"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SignedSupportingTokens
                xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:UsernameToken
                        sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:HashPassword />
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SignedSupportingTokens>
            <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
                <ramp:passwordCallbackClass>sec.PWCBHandler</ramp:passwordCallbackClass>
            </ramp:RampartConfig>

        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>
原文

I am trying to send username and a password over web services using axis2 and rampart. I want to send the password as a digest, but for some reason the password is only sent in cleartext. According to several sources, it should happen when I add the to both services.xml and axis2.xml, but it doesnt seem to work. I have also tried to add Digest under the sub-header. Relevant sections of services.xml (server side) and axis2.xml (client side) is given below. Can anybody see anything wrong?

My axis2.xml

<wsp:Policy wsu:Id="UTOverTransport"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SignedSupportingTokens
                xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:UsernameToken
                        sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:HashPassword />
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SignedSupportingTokens>
            <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
                <ramp:user>test</ramp:user>
                <ramp:passwordCallbackClass>sec.PWCBHandler</ramp:passwordCallbackClass>
            </ramp:RampartConfig>
        </wsp:All>
    </wsp:ExactlyOne>

</wsp:Policy>

My services.xml

<wsp:Policy wsu:Id="UTOverTransport"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SignedSupportingTokens
                xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:UsernameToken
                        sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:HashPassword />
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SignedSupportingTokens>
            <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
                <ramp:passwordCallbackClass>sec.PWCBHandler</ramp:passwordCallbackClass>
            </ramp:RampartConfig>

        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

つ可否回来 2024-12-17 18:24:31

您的配置存在的问题是您使用的命名空间建议 Axis 将其解释为 WSS 1.1 配置。据我从 Axis 消息来源得知,它不支持从用户名令牌对密码进行哈希处理。可能这是 WSS 1.2 中提供的功能。

您需要使用 WSS 1.2 命名空间定义支持令牌:

  <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:Policy>
      <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
        <wsp:Policy>
             <sp:HashPassword />
        </wsp:Policy>
      </sp:UsernameToken>
    </wsp:Policy>
  </sp:SignedSupportingTokens>

这将使用随机数对密码进行哈希处理并默认创建。

The problem with you configuration is that namespaces that you use suggest Axis to interpret it as WSS 1.1 configuration. As far as I can tell from Axis sources, it does not support hashing passwords from username token. Probably it is a feature available from WSS 1.2.

You need to define supporting token using WSS 1.2 namespaces:

  <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:Policy>
      <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
        <wsp:Policy>
             <sp:HashPassword />
        </wsp:Policy>
      </sp:UsernameToken>
    </wsp:Policy>
  </sp:SignedSupportingTokens>

That will hash the password with nonce and created by default.

回复 原文
巴黎盛开的樱花 2024-12-17 18:24:31

我发现您可能需要添加如下内容:

<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
  "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
 <wsp:ExactlyOne>
  <wsp:All>
   <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
     <wsp:Policy>
      <sp:TransportToken>
        <wsp:Policy>
         <sp:HttpsToken RequireClientCertificate="false"/>
        </wsp:Policy>
      </sp:TransportToken>
     </wsp:Policy>
   </sp:TransportBinding>
   <sp:SupportingTokens
     xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:Policy>
     <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/
          ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
    </wsp:Policy>
   </sp:SupportingTokens>
  </wsp:All>
 </wsp:ExactlyOne>
</wsp:Policy>

Ref: http: //www.ibm.com/developerworks/java/library/j-jws4/index.html

I found you may need to add something like this:

<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
  "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
 <wsp:ExactlyOne>
  <wsp:All>
   <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
     <wsp:Policy>
      <sp:TransportToken>
        <wsp:Policy>
         <sp:HttpsToken RequireClientCertificate="false"/>
        </wsp:Policy>
      </sp:TransportToken>
     </wsp:Policy>
   </sp:TransportBinding>
   <sp:SupportingTokens
     xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:Policy>
     <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/
          ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
    </wsp:Policy>
   </sp:SupportingTokens>
  </wsp:All>
 </wsp:ExactlyOne>
</wsp:Policy>

Ref: http://www.ibm.com/developerworks/java/library/j-jws4/index.html

回复 原文
~没有更多了~

关于作者

画尸师

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文