WS安全性-用户名令牌配置文件 [英] WS Security - Username token Profile

问题描述

我有一个wsdl文件，我正在WAS 8.0中为此编写一个客户端

I have a wsdl file and i am writing a client for that in WAS 8.0

我在ApplicationResources.properties中保留了肥皂请求所需的用户名/密码.

I kept username/password required for the soap request in ApplicationResources.properties.

我正在使用"wss-username-token-profile-1.0"，

I am using 'wss-username-token-profile-1.0',

我找不到实现该方法的方法.

I am unable to find how to implement this.

我需要知道如何编写policy.xml以及如何在Webservice客户中使用它.

I need know, how to write the policy.xml and how to use in the Webservice clienr.

推荐答案

Soap请求必须包含用于用户名令牌wss配置文件的适当的标头元素.您可以使用Soap处理程序或SAAJ(如果您使用Java)手动创建元素.在Websphere中，您可以使用称为策略集"的功能通过配置各种策略集和绑定对这种支持进行元编程.

The Soap request must contain the appropriate header elements for username token wss profile. Either you can manually create the elements using a Soap handler or SAAJ if youre using Java. In Websphere you can use the feature called "policy sets" to meta program this support with configuration of various policy sets and bindings.

这是一篇很好的文章，描述了如何使用配置方法来完成此操作: http://www.ibm.com/developerworks/websphere/library/techarticles/1103_balakrishnan/1103_balakrishnan.html

Here is a good article describing how this is done using the configuration approach: http://www.ibm.com/developerworks/websphere/library/techarticles/1103_balakrishnan/1103_balakrishnan.html

以下是使用SAAJ以编程方式添加此标头的示例:

Here is a example adding this headers programatically using SAAJ:

public class WssHandler implements SOAPHandler<SOAPMessageContext> {

    private static final Logger cTRACE = Logger.getLogger(WssHandler.class.getName());

    // SOAP
    private static final String cWSSE = "wsse";
    private static final String cURL = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    private static final String cNODE_SECURITY = "Security";
    private static final String cNODE_USRTOKEN = "UsernameToken";
    private static final String cNODE_USERNAME = "Username";
    private static final String cNODE_PASSWORD = "Password";

    private String iUsername;
    private String iPassword;

    /**
     * Constructor for SOAP handler with specific wss credentials.
     * @param aUsername wss username
     * @param aPassword wss password
     */
    public WssHandler(String username, String passwd) {
        super();
        iUsername = username;
        iPassword = passwd;
    }

    @Override
    public boolean handleMessage(SOAPMessageContext context) {
        if (cTRACE.isLoggable(Level.FINEST)) {
            cTRACE.logp(Level.FINEST,
                    WssHandler.class.getName(),
                    "handleMessage", "add WSS credentials for user "+iUsername);
        }

        try {
            SOAPMessage tMessage = context.getMessage();
            SOAPEnvelope tSoapEnvelope = tMessage.getSOAPPart().getEnvelope();

            // header
            SOAPHeader tHeader = tSoapEnvelope.getHeader();
            if (tHeader==null) {
                // no header yet, create one
                tHeader = tSoapEnvelope.addHeader();
            }

            // security node
            Name tWsseHeaderName = tSoapEnvelope.createName(cNODE_SECURITY, cWSSE, cURL);
            SOAPHeaderElement tSecurityElement = tHeader.addHeaderElement(tWsseHeaderName);
            tSecurityElement.setMustUnderstand(true);

            Name tUserTokenElementName = tSoapEnvelope.createName(cNODE_USRTOKEN, cWSSE, cURL);
            SOAPElement tUserTokenElement = tSecurityElement.addChildElement(tUserTokenElementName);
            tUserTokenElement.removeNamespaceDeclaration(cWSSE);
            tUserTokenElement.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

            // user name child
            Name tUsernameElementName = tSoapEnvelope.createName(cNODE_USERNAME, cWSSE, cURL);
            SOAPElement tUsernameElement = tUserTokenElement.addChildElement(tUsernameElementName);
            tUsernameElement.removeNamespaceDeclaration(cWSSE);
            tUsernameElement.addTextNode(iUsername);

            // password child
            Name tPasswordElementName = tSoapEnvelope.createName(cNODE_PASSWORD, cWSSE, cURL);
            SOAPElement tPasswordElement = tUserTokenElement.addChildElement(tPasswordElementName);
            tPasswordElement.removeNamespaceDeclaration(cWSSE);
            tPasswordElement.addTextNode(iPassword);
            tPasswordElement.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        } catch (SOAPException e) {
            if (cTRACE.isLoggable(Level.SEVERE)) {
                cTRACE.logp(Level.SEVERE,
                        WssHandler.class.getName(),
                        "handleMessage", "Unable to add WSS credentials", e);
            }
            // stop processing
            return false;
        }

        // continue processing
        return true;
    }

    @Override
    public boolean handleFault(SOAPMessageContext context) {
        return true;
    }

    @Override
    public void close(MessageContext context) {
        // nothing to do
    }

    @Override
    public Set<QName> getHeaders() {
        return null;
    }

}

这篇关于WS安全性-用户名令牌配置文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！