Axis2的+壁垒:指定密码消化策略标题 [英] Axis2 + Rampart: Specifying password digest in policy header
问题描述
我要发送的用户名,并且使用Axis2和壁垒Web服务的密码。我想作为发送密码的摘要,但出于某种原因,该密码仅在明文形式发送。据一些消息来源,当我添加了这两个的services.xml和axis2.xml应该发生,但它似乎没有工作。我也尝试添加摘要子标题下。 services.xml中(服务器端)和axis2.xml(客户端)的相关部分在下面给出。任何人都可以看到什么了?
我的axis2.xml
< WSP:政策WSU:ID =UTOverTransport
的xmlns:WSU =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
的xmlns:WSP =http://schemas.xmlsoap.org/ws/2004/09/policy>
< WSP:ExactlyOne上>
< WSP:所有与GT;
< SP:SignedSupportingTokens
的xmlns:SP =http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>
< WSP:政策>
< SP:用户名令牌
sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">
< WSP:政策>
< SP:HashPassword />
< / WSP:政策>
< / SP:用户名令牌>
< / WSP:政策>
< / SP:SignedSupportingTokens>
<匝道:RampartConfig的xmlns:斜坡=http://ws.apache.org/rampart/policy>
<匝道:使用者名称>&测试LT; /斜坡:使用者名称>
<匝道:passwordCallbackClass> sec.PWCBHandler< /斜坡:passwordCallbackClass>
< /斜坡:RampartConfig>
< / WSP:所有与GT;
< / WSP:ExactlyOne上>< / WSP:政策>
我的services.xml
< WSP:政策WSU:ID =UTOverTransport
的xmlns:WSU =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
的xmlns:WSP =http://schemas.xmlsoap.org/ws/2004/09/policy>
< WSP:ExactlyOne上>
< WSP:所有与GT;
< SP:SignedSupportingTokens
的xmlns:SP =http://schemas.xmlsoap.org/ws/2005/07/securitypolicy>
< WSP:政策>
< SP:用户名令牌
sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">
< WSP:政策>
< SP:HashPassword />
< / WSP:政策>
< / SP:用户名令牌>
< / WSP:政策>
< / SP:SignedSupportingTokens>
<匝道:RampartConfig的xmlns:斜坡=http://ws.apache.org/rampart/policy>
<匝道:passwordCallbackClass> sec.PWCBHandler< /斜坡:passwordCallbackClass>
< /斜坡:RampartConfig> < / WSP:所有与GT;
< / WSP:ExactlyOne上>
< / WSP:政策>
与您配置的问题是,你使用的命名空间建议轴国米preT它作为WSS 1.1的配置。至于我可以从轴的消息来源告诉,它不支持从用户名令牌散列密码。也许这可以从WSS 1.2的功能。
您需要定义使用WSS 1.2的命名空间支持令牌:
< SP:SignedSupportingTokens的xmlns:SP =http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702>
< WSP:政策>
< SP:用户名令牌sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">
< WSP:政策>
< SP:HashPassword />
< / WSP:政策>
< / SP:用户名令牌>
< / WSP:政策>
< / SP:SignedSupportingTokens>
这将哈希与随机数的密码,默认创建的。
I am trying to send username and a password over web services using axis2 and rampart. I want to send the password as a digest, but for some reason the password is only sent in cleartext. According to several sources, it should happen when I add the to both services.xml and axis2.xml, but it doesnt seem to work. I have also tried to add Digest under the sub-header. Relevant sections of services.xml (server side) and axis2.xml (client side) is given below. Can anybody see anything wrong?
My axis2.xml
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>test</ramp:user>
<ramp:passwordCallbackClass>sec.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
My services.xml
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:passwordCallbackClass>sec.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
The problem with you configuration is that namespaces that you use suggest Axis to interpret it as WSS 1.1 configuration. As far as I can tell from Axis sources, it does not support hashing passwords from username token. Probably it is a feature available from WSS 1.2.
You need to define supporting token using WSS 1.2 namespaces:
<sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
That will hash the password with nonce and created by default.
这篇关于Axis2的+壁垒:指定密码消化策略标题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!