使用 jaxws-maven-plugin 进行 WS-Security 加密的 Web 服务客户端

Webservice client with WS-Security encryption using jaxws-maven-plugin

我只使用 jaxws-maven-plugin(没有 Spring 或任何其他库)来生成我的网络服务 client 类 来自 WSDL,它工作正常,除了我需要使用 WS-Security 来 加密我请求的特定子元素

能否请您指点我任何文档或给我提示如何配置它?是否有一个配置文件,我在哪里设置以下内容?还是我需要使用其他库,例如 Apache CXF?

WS-A Version: 200508

Key Identifier Type: Binary Security Token

Symmetric Encoding Algorithm: AES256-CBC

Key Encryption Algorithm: RSA-OAEP-MGF1P

Algorithm Suite: Basic256Sha256

Encypted elements XPath: //xxx/yyy

谢谢!

我发现了什么:(注意我还是不明白发生了什么)

  • Wildfly 以某种方式使用内置的 Apache CXF(Glassfish 实现和配置不同)
  • 我不得不修改提供的 WSDL 以添加 WS-Policy(还没有找到一种方法如何将它添加到外部文件或某个地方而不修改 WSDL - 我不是它的作者) - 见下文
  • 必须提供密钥库
  • 并配置访问权限:

    XxxService service = new XxxService();
    BindingProvider bp = (BindingProvider) service.getXxxPort();
    final Map<String, Object> rqc = bp.getRequestContext();
    
    Properties p = new Properties();
    p.setProperty("org.apache.ws.security.crypto.merlin.keystore.file", ...);
    p.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", ...);
    p.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", ...);
    p.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", ...);
    
    rqc.put("security.signature.properties", p);
    rqc.put("security.encryption.properties", p);
    

WSDL 示例

 <?xml version="1.0" encoding="UTF-8"?>
 <wsdl:definitions ... >

...

<wsdl:binding name="..." type="...">
    <wsaw:UsingAddressing wsdl:required="false" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" />
    <wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />

            <!-- added to wsdl for encryption -->
            <wsp:PolicyReference URI="#general_policy" />

    <wsdl:operation name="xxx">
        <wsdlsoap:operation soapAction="" />
        <wsdl:input name="...">
                            <!-- added to wsdl for encryption -->
                            <wsp:PolicyReference URI="#xxx_policy" />
            <wsdlsoap:body use="literal" />
        </wsdl:input>
        <wsdl:output ... >
    </wsdl:operation>

</wsdl:binding>



    <!-- added to wsdl for encryption -->

    <wsp:Policy wsu:Id="general_policy"
                xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
                xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
                xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
        <wsp:ExactlyOne>
            <wsp:Policy>
                <wsp:All>
                    <sp:AsymmetricBinding>
                        <wsp:Policy>
                            <sp:InitiatorToken>
                                <wsp:Policy>
                                    <sp:X509Token
                                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
                                        <wsp:Policy>
                                            <sp:WssX509V3Token10/>
                                        </wsp:Policy>
                                    </sp:X509Token>
                                </wsp:Policy>
                            </sp:InitiatorToken>
                            <sp:RecipientToken>
                                <wsp:Policy>
                                    <sp:X509Token
                                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
                                        <wsp:Policy>
                                            <sp:WssX509V3Token10/>
                                        </wsp:Policy>
                                    </sp:X509Token>
                                </wsp:Policy>                               
                            </sp:RecipientToken>
                            <sp:Layout>
                                <wsp:Policy>
                                    <sp:Strict />
                                </wsp:Policy>
                            </sp:Layout>
                            <sp:AlgorithmSuite>
                                <wsp:Policy>
                                    <sp:Basic256/>
                                </wsp:Policy>
                            </sp:AlgorithmSuite>
                        </wsp:Policy>
                    </sp:AsymmetricBinding>
                </wsp:All>
            </wsp:Policy>
        </wsp:ExactlyOne>
    </wsp:Policy>


    <wsp:Policy wsu:Id="xxx_policy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:ContentEncryptedElements
                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                    <sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/*[namespace-uri()='xxx' and local-name()='xxxRequest']/yyy</sp:XPath>
                </sp:ContentEncryptedElements>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
</wsdl:definitions>