使用Metro的Ws-Security标头 [英] Ws-Security headers using Metro
问题描述
我有一个实现WS-Security的Web服务,但没有在WSDL中定义策略。我能够使用Axis 2作为客户端成功使用此Web服务。
I have a web service which implements WS-Security but does not define a policy in the WSDL. I am able to consume this web service successfully using Axis 2 as client.
我正在尝试使用Metro 2使用相同的Web服务,但wsse:security标头不是去。仅当服务定义了不受我控制的安全策略时,它才有效。我通过创建示例Web服务对此进行了测试,除非我定义策略,否则我的metro客户端永远不会发送wsse:security标头。
I am trying to consume the same web service using Metro 2 but the wsse:security headers are not going. It works only if the service defines the security policy which is not under my control. I tested this by creating a sample web service and unless I define the policy my metro client never sends the wsse:security headers.
使用Metro有什么遗漏吗?
Is there anything I am missing using Metro?
编辑---------------------------------- -------------------------------------------------- ------
EDIT------------------------------------------------------------------------------------------
我创建了wsdl的本地副本,并在其中定义了策略。我使用这个wsdl创建了Web服务客户端,但仍然没有安全头。 wsit-client.xml文件看起来很好。我甚至将所有配置与Web服务的客户端进行了比较,该客户端定义了策略并且配置相同但仍然不起作用。截至目前我的结论是,metro客户端需要实际的Web服务定义策略。
I created a local copy of the wsdl and in that defined the policy. I created the web service client using this wsdl but still the security headers are not going. The wsit-client.xml file looks fine. I even compared all the configurations with the client of a webservice which defines policy and the configurations are same but still it doesn't work. As of now my conclusion is that the metro client needs the actual web service defines a policy.
编辑--------------- -------------------------------------------------- -----------------------
EDIT----------------------------------------------------------------------------------------
wsit-client.xml的内容
Content of wsit-client.xml
<?xml version="1.0" encoding="UTF-8"?>
<definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="mainclientconfig"
>
<import location="NewWebService.xml" namespace="http://test.com/"/>
NewWebService.xml位于以及wsit-client.xml并包含以下策略信息
The NewWebService.xml is located along with wsit-client.xml and contains following policy information
<wsp:Policy wsu:Id="NewWebServicePortBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sc:CallbackHandlerConfiguration wspp:visibility="private">
<sc:CallbackHandler default="dsfsd" name="usernameHandler"/>
<sc:CallbackHandler default="sdfsdfds" name="passwordHandler"/>
</sc:CallbackHandlerConfiguration>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
在这样的绑定中引用 -
which is referred in the binding like this -
<binding name="NewWebServicePortBinding" type="tns:NewWebService">
<wsp:PolicyReference URI="#NewWebServicePortBindingPolicy"/>
更改的wsdl包含此政策 -
The changed wsdl contains this policy -
<wsp:Policy xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="NewWebServicePortBindingPolicy">
<sp:SignedEncryptedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedEncryptedSupportingTokens>
<sp:TransportBinding>
<wsp:Policy>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:IncludeTimestamp />
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false" />
</wsp:Policy>
</sp:TransportToken>
</wsp:Policy>
</sp:TransportBinding>
<sp:Wss10 />
<wsam:Addressing wsp:Optional="true" />
</wsp:Policy>
推荐答案
试试看我在这里写的一个问题非常相似的情况 - 致电来自JAXWS-RI的.NET Web服务(WSE 3.0,WS-Security)。我仍然(!)试图通过它b / c我现在从服务器端收到错误,但我更新了问题,详细介绍了我试图让这个工作的过程。有一个链接到我在Metro java.net论坛上发布的帖子对我有帮助。不过,我能够为我生成wsse头文件。
Try taking a look my a question I wrote here on a very similar situation - Calling a .NET web service (WSE 3.0, WS-Security) from JAXWS-RI. I'm still(!) trying to work through it b/c I'm getting an error from the server side now, but I updated the question with some detail on the process I've gone through trying to get this working. There's a link there to a post I put on the Metro java.net forums that was helpful to me. I was able to get the wsse headers generating for me, though.
简而言之,我认为在本地WSDL副本中包含ws:Policy部分(和在创建服务时将WSDL作为参数发送。这是我创建客户端对象的代码片段 - 在这里必须简单化,因为我使用Spring工厂将客户端引用注入到另一个服务中,无论如何,这里是jist:
In short, I think that including the ws:Policy section in your local copy of the WSDL (and sending that WSDL as a param when you create the Service). Here's a code snippet where I create my client objects - had to be simplistic here, 'cause I"m using Spring factories to inject the client reference into another service, anyway, here's the jist:
String wsdlDocumentLocation = "localVersion.wsdl";
QName serviceName = new QName("mynamespace", "myServiceName");
Service service = Service.create(wsdlDocumentLocation, serviceName);
//send the port the fully qualified name of the Metro generated
//client interface
Object port = service.getPort("my.client.package.ClientServiceInterface");
这与你的wsit-client.xml一起工作。你在哪里把你的wsit-client.xml文件?如果它在类路径上(我的是在WEB-INF / classes中),你应该在控制台中看到一条日志语句,说明它正被读取。这是我在控制台中看到的消息:
That, along with your wsit-client.xml should work. Where are you putting your wsit-client.xml file? If it's on the classpath (mine is in WEB-INF/classes), you should see a log statement in the console that says that it's being read. Here's the message I see in my console:
[13:12:06.779] WSP5018:已加载的WSIT
configur来自文件:
file:/ C:/projects/target/my-webapp/WEB-INF/classes/wsit-client.xml。
[13:12:06.779] WSP5018: Loaded WSIT configuration from file: file:/C:/projects/target/my-webapp/WEB-INF/classes/wsit-client.xml.
这篇关于使用Metro的Ws-Security标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
