带有Apache CXF的WS-Security UsernameToken [英] WS-Security UsernameToken with Apache CXF

问题描述

我有一个与SOAP服务交互的Java应用程序。我使用WSDL通过CXF生成Java客户端，但是我需要使用ws-security验证我的调用。我正在寻找一种仅使用代码的方式来执行此操作，并且我没有任何xml配置。这是我尝试过的：

I have a java application that interacts with a SOAP service. I used the WSDL to generate a java client via CXF, but I need to authenticate my calls using ws-security. I am looking for a code-only way to do this, and I don't have any xml configurations. This is what I have tried:

Map ctx = ((BindingProvider)port).getRequestContext();
ctx.put("ws-security.username", "joe");
ctx.put("ws-security.password", "joespassword");
port.makeSoapCall();

但是我收到无效WS-Security标头的解析错误。正确的方法是什么？

But I get a parse error for invalid WS-Security header. What is the right way to do this?

在SOAP UI中，通过右键单击soap标头，单击添加WSS UsernameToken，然后选择密码文本

In SOAP UI, I can do this easily by right-clicking the soap header, clicking "Add WSS UsernameToken", and selecting "Password Text"

推荐答案

您正在根据共享的代码使用WS-SecurityPolicy。如何只使用WS-Security并使用WSS4JOutInterceptor在用户名令牌之间发送？

You are using WS-SecurityPolicy as per the code you shared. How about using WS-Security only and sending across the usernametoken using WSS4JOutInterceptor?

在apache中检查 通过API添加拦截器部分cfx ws-security指南： http://cxf.apache.org/docs/ws- security.html

Check the section "Adding the interceptors via the API" in apache cfx ws-security guide here : http://cxf.apache.org/docs/ws-security.html

这是根据上面的apache cxf文档所做的。您可能只需要out拦截器路径。

This is what needs to be done as per the above apache cxf documenation above. You might only need the out interceptor path.

在客户端，您可以使用ClientProxy帮助程序获取对CXF端点的引用：

import org.apache.cxf.frontend.ClientProxy;
...

GreeterService gs = new GreeterService();
Greeter greeter = gs.getGreeterPort();
...
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(greeter);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();

现在您可以添加拦截器了：

import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
...

Map<String,Object> inProps = new HashMap<String,Object>();
... // how to configure the properties is outlined below;

WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);

Map<String,Object> outProps = new HashMap<String,Object>();
outProps.put("action", "UsernameToken Timestamp");
outProps.put("passwordType", "PasswordDigest"); //remove this line if want to use plain text password
outProps.put("user", "abcd");
outProps.put("passwordCallbackClass", "demo.wssec.client.UTPasswordCallback");

WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);

您将需要在上面的示例中编写密码回调类（UTPasswordCallback）。

You will need to write password callback class (UTPasswordCallback) in the example above.

Apache cxf在此处具有UserName令牌的完整示例： http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/ws_security/ ut /

Apache cxf has a complete sample for UserName token here: http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/ws_security/ut/

从上面的链接浏览到客户端文件夹（src / main / java / demo / wssec / client），获取用户名令牌和UTPasswordCallback代码。

From the above link browse to client folder (src/main/java/demo/wssec/client) for user name token and UTPasswordCallback code.

编辑：如果您的wsdl希望密码为纯文本格式，则只需从代码中删除以下行：
outProps.put（ passwordType， PasswordDigest） ;

If your wsdl expects password as plain text then just remove this line from the code: outProps.put("passwordType", "PasswordDigest");

这篇关于带有Apache CXF的WS-Security UsernameToken的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！