在wso2esb中调用受保护的Web服务 [英] Invoke Secured web service in wso2esb

问题描述

我已经在WSO2 ESB中创建了一个Web服务.该安全措施实施后，只有特定的用户角色才能访问它.

I have created a web service in WSO2 ESB. The security implements that only a particular user-role can access it.

现在，当我使用SOAP-UI访问该服务时，通过提供用户名，密码和密码类型，我就可以访问该服务.

Now, when I hit this service useing SOAP-UI, by providing username, password, password type, I m able to hit the service.

现在，我想创建一个可以访问此安全Web服务的StandAlone Java项目.

Now, I want to create a StandAlone Java Project that can access this SECURED WEB SERVICE.

我正试图为此目的实现apache-rampart，但是我所拥有的信息却很分散.

I m trying to implement apache-rampart for this purpose, but the information I have is scattered.

任何人都可以帮助我如何访问此安全服务.

Can anyone please help me on how to access this secured service.

感谢和问候.

推荐答案

以这种方式访问​​安全的Web服务，我想您使用的是UT场景:

Access to a secure web service in this way, I presume you use UT scenario:

String trustStore = null;  
ConfigurationContext ctx = null;
String policyFilePath = "[file_system_path]/secure_sample_policy.xml";

trustStore = "[file_system_path]/wso2carbon.jks";  
System.setProperty("javax.net.ssl.trustStore",trustStore);  
System.setProperty("javax.net.ssl.trustStorePassword","pass_store");  

ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null,
        null);
this.stub = new ProxyStub(ctx);
stub._getServiceClient().engageModule("rampart");
stub._getServiceClient().engageModule("addressing");

Options options = this.stub._getServiceClient().getOptions();
options.setUserName("user");
        options.setPassword("pass");

options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(policyFilePath));
this.stub._getServiceClient().setOptions(options);

方法loadPolicy:

the method loadPolicy:

private static Policy loadPolicy(String xmlPath) throws Exception {
    StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
    return PolicyEngine.getPolicy(builder.getDocumentElement());
}

以及示例策略文件:

<?xml version="1.0" encoding="UTF-8"?>

<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
      <wsp:All>
        <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
          <wsp:Policy>
            <sp:TransportToken>
              <wsp:Policy>
                <sp:HttpsToken RequireClientCertificate="false"/>
              </wsp:Policy>
            </sp:TransportToken>
            <sp:AlgorithmSuite>
              <wsp:Policy>
                <sp:Basic256/>
              </wsp:Policy>
            </sp:AlgorithmSuite>
            <sp:Layout>
              <wsp:Policy>
                <sp:Lax/>
              </wsp:Policy>
            </sp:Layout>
            <sp:IncludeTimestamp/>
          </wsp:Policy>
        </sp:TransportBinding>
        <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
                <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
          </wsp:Policy>
        </sp:SignedSupportingTokens>

      </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

这篇关于在wso2esb中调用受保护的Web服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！