cxf 设置 Nonce 并在 SOAP wsse 标头中创建 [英] cxf setting Nonce and created in SOAP wsse header

问题描述

我想使用 CXF 在 WSSE 安全标头中注入 Nonce 和 Created 元素.

I wanted to inject Nonce and Created element in WSSE security header using CXF.

<soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:UsernameToken wsu:Id="UsernameToken-6">
            <wsse:Username>==Username==</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">==Password==</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">===EncodeString===</wsse:Nonce>
            <wsu:Created>2016-05-20T10:51:24.795Z</wsu:Created>
        </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>

我正在使用 org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor 类来填充 CXF 标头.但这只会填充 wsse:Username 和 wsse:Password.我希望在我的标题中也有 wsse:Nonce 和 wsse:Created.我应该采用哪种方法来填充安全标头中的上述元素?

I'm using org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor class to populate the CXF headers. But this populates only wsse:Username and wsse:Password. I wanted wsse:Nonce and wsse:Created as well in my header. Which Approach I should take to populate above elements in my security header?

下面是我用来填充它的代码，

Below is the code which I'm using to populate this,

Map<String, Object> properties = new HashMap<String, Object>();
properties.put(WSHandlerConstants.ACTION, "UsernameToken");
properties.put(WSHandlerConstants.USER, "userName-Text");
properties.put(WSHandlerConstants.PASSWORD_TYPE, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
properties.put(WSHandlerConstants.MUST_UNDERSTAND, "true");
properties.put(WSHandlerConstants.PW_CALLBACK_REF, new CustomWSPasswordCallback(passwordText));

WSS4JOutInterceptor wss4jOutInterceptor = new WSS4JOutInterceptor();
wss4jOutInterceptor.setProperties(properties);

感谢您的帮助.

谢谢，阿什米什拉

推荐答案

如果您使用 WSS4J，请将其添加到您的属性中2.0:

Add this to your properties if you are using WSS4J < 2.0:

properties.put(WSHandlerConstants.ADD_UT_ELEMENTS, WSConstants.NONCE_LN + " " + WSConstants.CREATED_LN);

如果使用 WSS4J >= 2.0 那么它应该是:

if using WSS4J >= 2.0 then it should be:

properties.put(WSHandlerConstants.ADD_USERNAMETOKEN_NONCE, "true");
properties.put(WSHandlerConstants.ADD_USERNAMETOKEN_CREATED, "true");

这篇关于cxf 设置 Nonce 并在 SOAP wsse 标头中创建的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！