JAX-WS在令牌签名中添加名称空间 [英] JAX-WS adds namespace in Signature of token
问题描述
我正在使用JAX-WS生成的客户端(Java)代码访问第三方Web服务. 发起客户会话的服务调用将在响应中返回一个令牌,该令牌也包含一个签名.在随后的对其他服务的调用中,出于身份验证的目的,令牌是必需的.
I am accessing a third party web service using JAX-WS generated client (Java) code. A call to a service that initiates a client session returns a Token in the response which, a.o., contains a Signature. The Token is required in subsequent calls to other services for authentication purposes.
我从使用SoapUI中学到了WS/Endpoint要求按原样使用Token……这意味着当我从初始响应中将Token(这是一大行)从字面上复制到我的任何请求时,一切都正常喜欢下一个.
I learned from using SoapUI that the WS/Endpoint requires the Token to be used as-is... meaning everything works fine when I literally copy the Token (which is one big line) from the initial response to whatever request I like to make next.
现在,我正在JAX-WS客户端中执行相同的操作.我检索了一个令牌(从我用Fiddler捕获的响应中复制了它),并在随后的使用SoapUI的调用中成功对其进行了测试.
Now I am doing the same in my JAX-WS client. I retrieved a Token (I copied it from the response which I captured with Fiddler) and I tested it succesfully in a subsequent call using SoapUI.
但是,当使用JAX-WS客户端执行对服务的后续调用时,令牌中的Signature部分会更改.看起来应该像这样:
However, when performing a subsequent call to a service using the JAX-WS client, the Signature part in the Token is changed. It should look like:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">...</Signature>
但是(当使用Fiddler捕获请求时)现在看起来像:
But (when capturing the request with Fiddler) it now looks like:
<Signature:Signature xmlns:Signature="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2000/09/xmldsig#">...</Signature:Signature>
根据WS/Endpoint显然这是不可接受的,所以现在我想知道:
Apparently this is not acceptable according to the WS/Endpoint so now I'd like to know:
- 为什么令牌会以这种方式编组回去?
- 更重要的是,如何防止我的客户这样做?
提前谢谢!
推荐答案
您已经测试过了吗?尽管如此,它应该仍然有效.原始签名使用defautl命名空间(... xmldigsig),而JAXB版本使用相同的命名空间,但明确指出Signature元素属于该名称空间(Signature:Signature).效果是相同的,两个xml都表示Signature位于 http://www.w3中. org/2000/09/xmldsig#名称空间
Have you tested it? It should work nevertheless. The original signature used the defautl namespace (...xmldigsig) the JAXB version uses the same namespace but explicit says that the Signature element belongs to that namespae (Signature:Signature). The effect is the same, both xml express that Signature is in the http://www.w3.org/2000/09/xmldsig# namespace
您可以使用包信息上的@XMLSchema,类或元素内的@XMLType来定制jaxby输出. http://blog.bdoughan.com/2010/08/jaxb-namespaces.html
You can customize the jaxby output with @XMLSchema on the package info, @XMLType on the class or inside the element. http://blog.bdoughan.com/2010/08/jaxb-namespaces.html
这篇关于JAX-WS在令牌签名中添加名称空间的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
