带有Apache CXF的WS-Security UsernameToken [英] WS-Security UsernameToken with Apache CXF
问题描述
我有一个与SOAP服务交互的Java应用程序。我使用WSDL通过CXF生成Java客户端,但是我需要使用ws-security验证我的调用。我正在寻找一种仅使用代码的方式来执行此操作,并且我没有任何xml配置。这是我尝试过的:
I have a java application that interacts with a SOAP service. I used the WSDL to generate a java client via CXF, but I need to authenticate my calls using ws-security. I am looking for a code-only way to do this, and I don't have any xml configurations. This is what I have tried:
Map ctx = ((BindingProvider)port).getRequestContext();
ctx.put("ws-security.username", "joe");
ctx.put("ws-security.password", "joespassword");
port.makeSoapCall();
但是我收到无效WS-Security标头的解析错误。正确的方法是什么?
But I get a parse error for invalid WS-Security header. What is the right way to do this?
在SOAP UI中,通过右键单击soap标头,单击添加WSS UsernameToken,然后选择密码文本
In SOAP UI, I can do this easily by right-clicking the soap header, clicking "Add WSS UsernameToken", and selecting "Password Text"
推荐答案
您正在根据共享的代码使用WS-SecurityPolicy。如何只使用WS-Security并使用WSS4JOutInterceptor在用户名令牌之间发送?
You are using WS-SecurityPolicy as per the code you shared. How about using WS-Security only and sending across the usernametoken using WSS4JOutInterceptor?
在apache中检查 通过API添加拦截器部分cfx ws-security指南: http://cxf.apache.org/docs/ws- security.html
Check the section "Adding the interceptors via the API" in apache cfx ws-security guide here : http://cxf.apache.org/docs/ws-security.html
这是根据上面的apache cxf文档所做的。您可能只需要out拦截器路径。
This is what needs to be done as per the above apache cxf documenation above. You might only need the out interceptor path.
在客户端,您可以使用ClientProxy帮助程序获取对CXF端点的引用:
import org.apache.cxf.frontend.ClientProxy;
...
GreeterService gs = new GreeterService();
Greeter greeter = gs.getGreeterPort();
...
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(greeter);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
现在您可以添加拦截器了:
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
...
Map<String,Object> inProps = new HashMap<String,Object>();
... // how to configure the properties is outlined below;
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
Map<String,Object> outProps = new HashMap<String,Object>();
outProps.put("action", "UsernameToken Timestamp");
outProps.put("passwordType", "PasswordDigest"); //remove this line if want to use plain text password
outProps.put("user", "abcd");
outProps.put("passwordCallbackClass", "demo.wssec.client.UTPasswordCallback");
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
您将需要在上面的示例中编写密码回调类(UTPasswordCallback)。
You will need to write password callback class (UTPasswordCallback) in the example above.
Apache cxf在此处具有UserName令牌的完整示例: http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/ws_security/ ut /
Apache cxf has a complete sample for UserName token here: http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/ws_security/ut/
从上面的链接浏览到客户端文件夹(src / main / java / demo / wssec / client),获取用户名令牌和UTPasswordCallback代码。
From the above link browse to client folder (src/main/java/demo/wssec/client) for user name token and UTPasswordCallback code.
编辑:如果您的wsdl希望密码为纯文本格式,则只需从代码中删除以下行:
outProps.put( passwordType, PasswordDigest) ;
If your wsdl expects password as plain text then just remove this line from the code: outProps.put("passwordType", "PasswordDigest");
这篇关于带有Apache CXF的WS-Security UsernameToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!