如何将SOAP安全标题（UsernameToken）信息添加到代码优先的Webservice生成的WSDL中 [英] How to add SOAP Security Header (UsernameToken) information to code-first Webservice Generated WSDL

问题描述

我正在使用Apache CXF + Spring开发代码优先的Web服务。我的Web服务期望UsernameToken出现在SOAP请求标头中，以便对调用客户端进行身份验证。
我的问题是，是否可以在Java代码或配置文件中的某处添加SOAP安全标头（UsernameToken）定义，因此生成的WSDL将包含安全性（UsernameToken）？

I'm developing a code-first WebService with Apache CXF + Spring. My web service expects the UsernameToken to be present in SOAP request header in order to authenticate the calling client. My question is, is there any way to add SOAP security header (UsernameToken) definition somewhere in the Java code or configuration file, so the generated WSDL will have the security (UsernameToken) included? Please advice.

非常感谢：）

推荐答案

有关必填信息可以使用WS-Policies在WSDL中发布令牌。对于用户名令牌，我使用以下策略：

Information about required tokens can be published in WSDL using WS-Policies. For username token I use the following policy:

<wsp:Policy wsu:Id="UP_policy" xmlns:wsp="http://www.w3.org/ns/ws-policy"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <sp:SupportingTokens
        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:Policy>
            <sp:UsernameToken
                sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                <wsp:Policy>
                    <sp:WssUsernameToken11 />
                </wsp:Policy>
            </sp:UsernameToken>
        </wsp:Policy>
    </sp:SupportingTokens>
</wsp:Policy>

仅要求UT发送请求消息（ AlwaysToRecipient ）。要将这样的策略包括在您生成的WSDL中：

It requires UT only for request message (AlwaysToRecipient). To include such policy in your generated WSDL:

• 将其保存到类路径中可用的文件中，例如 ut.policy.xml


• 添加 @Policies（{@Policy（uri = ut.policy。 xml）}）服务类或接口的注释

• save it to file available in classpath, e.g. ut.policy.xml
• add @Policies({ @Policy(uri = "ut.policy.xml") }) annotations to your service class or interface

我修改了示例CXF项目。它显示了如何做到这一点。您可以此处。

I modified example CXF project. It shows how to do that. You can find it here.

因此，您的WSDL将具有附加的WS-SecurityPolicy实例，告诉客户端用户名令牌预计：

As a result your WSDL will have appropriate instance of WS-SecurityPolicy attached, telling clients that Username token is expected:

<wsdl:definitions ...>
    ...
    <wsdl:service name="GreeterService">
        <wsdl:port binding="tns:GreeterServiceSoapBinding" name="GreeterPort">
            <soap:address location="http://localhost:9000/SoapContext/GreeterPort"/>
        </wsdl:port>
        <wsp:PolicyReference URI="#UP_policy"/>
    </wsdl:service>
    <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" wsu:Id="UP_policy">
        <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
            <wsp:Policy>
                <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                    <wsp:Policy>
                        <sp:WssUsernameToken11/>
                    </wsp:Policy>
                </sp:UsernameToken>
            </wsp:Policy>
        </sp:SupportingTokens>
    </wsp:Policy>
</wsdl:definitions>

有关使用CXF配置WS-SecurityPolicy的更多信息，请参见此处，以及如何处理任何WS-Policy 此处。

More about configuring WS-SecurityPolicy with CXF can be found here and how to handle any WS-Policy here.

这篇关于如何将SOAP安全标题（UsernameToken）信息添加到代码优先的Webservice生成的WSDL中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！