将SOAP隐式标头添加到WSDL [英] Adding SOAP implicit headers to WSDL

问题描述

我的问题与此类似. 如何在WSDL未定义时传递肥皂标头?但有所不同.

My question is similar to this. How To Pass Soap Header When WSDL Doesn't Define It? But is different.

对于我使用的Web服务，所有方法都需要身份验证，该身份验证以SOAP标头内的明文形式发送.但是，我的WSDL不包含任何soap标头信息.我有一个自定义平台工具，必须使用它来从WSDL生成代码.由于标题信息不可用，因此无法直接使用生成的类-我不想手动修改代码以容纳标题.

For a web service I use, all methods need authentication which is sent in cleartext inside a SOAP header. However, my WSDL doesn't include any soap header information. I have a custom platform tool which I must use to generate code from the WSDL. Since the header info is not available, am unable to use the generated class directly - I do not want to manually modify the code to accommodate the header.

我尝试在WSDL中指定SOAP头，但是我没有获得正确的名称空间. WSDL在 https://stage.totalcheck.sensis.com.au/service/webservice?wsdl 和SOAP标头如下:

I tried specifying the SOAP header in the WSDL but I failed to get the correct namespaces. The WSDL is here https://stage.totalcheck.sensis.com.au/service/webservice?wsdl and the SOAP header is as follows:

    <soapenv:Header>
        <wsse:Security>
            <wsse:UsernameToken>
                <wsse:Username>username</wsse:Username>
                <wsse:Password>password</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
   </soapenv:Header>

有人可以帮助我吗?谢谢！

Can someone help me? Thanks!

推荐答案

从概念上讲，WSDL不应定义标头. WSDL仅用于定义服务的功能方面，例如操作，消息，绑定和端点.消息和绑定定义了消息的有效负载应如何编码和格式化.

From a conceptual point of view, WSDL is not supposed to define headers. WSDL is only for defining the functional aspects of a service, like operations, messages, binding and endpoints. Messages and bindings define how the payload of messages should be encoded and formatted.

但是SOAP消息的标头不属于有效负载.它们通常用于配置SOAP处理器的非功能属性.安全性是一种非功能性的属性.有效负载的功能方面不受影响.只能保证通信是安全的，并且WS工具栈(而不是服务实现)应该注意这一点.

The headers of SOAP messages however do not belong to the payload. They are typically used for configuring non-functional properties of a SOAP processor. Security is such a non-functional property. The functional aspect of the payload is not affected. It is only assured that the communication is secured and the WS tool stack, not the service implementation, should take care of that.

因此，缺少的部分现在是允许将一些非功能性需求附加到WSDL服务的标准，以便代码生成器可以自动派生需要发送和/或理解的标头，以实现非功能性属性根据需要-无需手动处理标头字段.该标准已存在，称为 WS-Policy .策略通常包含一组替代方案，这些替代方案暴露了提供者和使用者都应能够满足的一组要求.当假定两个服务相互交互时，将同时采用两个策略，并计算一个所谓的有效策略".它定义了常见的非功能性要求.使用此信息，提供者和使用者可以配置自己以添加所需的标头，例如WS-Security标头. WS-SecurityPolicy 还定义了一组可以使用的策略. WS-PolicyAttachment 定义了如何将此类策略附加到WSDL.

So the missing piece is now a standard that allows for attaching some non-functional requirements to WSDL services, so that code generators can automatically derive which headers need to be sent and/or understand in order to fulfill the non-functional property as desired -- without having to manually deal with header fields. This standard exists and is called WS-Policy. A policy contains typically a set of alternatives that expose a set of requirements that both, provider and consumer should be able to fulfill. When two services are supposed to interact with each other, both policies are taken and a so called "effective policy" is calculated. It defines the common non-functional requirements. Using this information, provider and consumer can configure themselves to add required headers, like the WS-Security headers. WS-SecurityPolicy also defines a set of policies that can be used. WS-PolicyAttachment defines how such policies can be attached to a WSDL.

有些代码生成器可以处理WS-Policies，例如Metro或Axis2

There are code generators that can deal with WS-Policies, e.g. Metro or Axis2

这篇关于将SOAP隐式标头添加到WSDL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！