如何使用 Wss4jSecurityInterceptor 将 SAML 断言添加到 Spring 中的 SOAP 安全标头
我需要将 SAML 断言作为 SOAP 安全标头内的令牌传递。我使用 Spring-WS 作为框架。
我想要创建的 XML 如下所示:
我需要将 SAML 断言作为 SOAP 安全标头内的令牌传递。
我想要创建的 XML 如下所示。可以看出,XML 包含带有 wsse:Security 块的断言。
有没有办法使用 Wss4jSecurityInterceptor 类来做到这一点?
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<Assertion MinorVersion="1" MajorVersion="1" Issuer="http://www.bea.com/saml"
IssueInstant="2005-11-10T11:27:36.233Z" AssertionID="HRMC-SM172.26.5.143.1106860829320"
xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
<Conditions NotOnOrAfter="2005-11-10T15:27:36.233Z" NotBefore="2005-11-10T11:22:36.233Z"/>
<AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"
AuthenticationInstant="2005-11-10T11:27:36.233Z">
<Subject>
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">ANYAGENT
</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
</Assertion>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<m:DPSretrieve xmlns:m="https://tpvs.hmrc.gov.uk/dps">
<m:version>1</m:version>
<m:vendorID>your 4 digit vendorID</m:vendorID>
<m:service>PAYE</m:service>
<m:entityType>EmpRef</m:entityType>
<m:entity>as advised by SDS Team</m:entity>
<m:dataType>P6</m:dataType>
<m:got>0</m:got>
<m:nItems>0</m:nItems>
</m:DPSretrieve>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I have a requirement to pass a SAML assertion as a token inside a SOAP security header. I am using Spring-WS as the framework.
The XML that I want to create looks like this:
I have a requirement to pass a SAML assertion as a token inside a SOAP security header.
The XML that I want to create looks as below. As can be seen, the XML contains the assertion with the wsse:Security block.
Is there a way to do this with the Wss4jSecurityInterceptor class ?
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<Assertion MinorVersion="1" MajorVersion="1" Issuer="http://www.bea.com/saml"
IssueInstant="2005-11-10T11:27:36.233Z" AssertionID="HRMC-SM172.26.5.143.1106860829320"
xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
<Conditions NotOnOrAfter="2005-11-10T15:27:36.233Z" NotBefore="2005-11-10T11:22:36.233Z"/>
<AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"
AuthenticationInstant="2005-11-10T11:27:36.233Z">
<Subject>
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">ANYAGENT
</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
</Assertion>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<m:DPSretrieve xmlns:m="https://tpvs.hmrc.gov.uk/dps">
<m:version>1</m:version>
<m:vendorID>your 4 digit vendorID</m:vendorID>
<m:service>PAYE</m:service>
<m:entityType>EmpRef</m:entityType>
<m:entity>as advised by SDS Team</m:entity>
<m:dataType>P6</m:dataType>
<m:got>0</m:got>
<m:nItems>0</m:nItems>
</m:DPSretrieve>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我最终通过这个答案修复了它,效果非常好:
https://stackoverflow.com/a/59666667/3094805
I ended up fixing it via this answer, which worked perfectly:
https://stackoverflow.com/a/59666667/3094805