使用 jaxws-maven-plugin 进行 WS-Security 加密的 Web 服务客户端
Webservice client with WS-Security encryption using jaxws-maven-plugin
我只使用 jaxws-maven-plugin(没有 Spring 或任何其他库)来生成我的网络服务 client 类 来自 WSDL,它工作正常,除了我需要使用 WS-Security 来 加密我请求的特定子元素 。
能否请您指点我任何文档或给我提示如何配置它?是否有一个配置文件,我在哪里设置以下内容?还是我需要使用其他库,例如 Apache CXF?
WS-A Version: 200508
Key Identifier Type: Binary Security Token
Symmetric Encoding Algorithm: AES256-CBC
Key Encryption Algorithm: RSA-OAEP-MGF1P
Algorithm Suite: Basic256Sha256
Encypted elements XPath: //xxx/yyy
谢谢!
我发现了什么:(注意我还是不明白发生了什么)
- Wildfly 以某种方式使用内置的 Apache CXF(Glassfish 实现和配置不同)
- 我不得不修改提供的 WSDL 以添加 WS-Policy(还没有找到一种方法如何将它添加到外部文件或某个地方而不修改 WSDL - 我不是它的作者) - 见下文
- 必须提供密钥库
并配置访问权限:
XxxService service = new XxxService();
BindingProvider bp = (BindingProvider) service.getXxxPort();
final Map<String, Object> rqc = bp.getRequestContext();
Properties p = new Properties();
p.setProperty("org.apache.ws.security.crypto.merlin.keystore.file", ...);
p.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", ...);
p.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", ...);
p.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", ...);
rqc.put("security.signature.properties", p);
rqc.put("security.encryption.properties", p);
WSDL 示例
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions ... >
...
<wsdl:binding name="..." type="...">
<wsaw:UsingAddressing wsdl:required="false" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" />
<wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
<!-- added to wsdl for encryption -->
<wsp:PolicyReference URI="#general_policy" />
<wsdl:operation name="xxx">
<wsdlsoap:operation soapAction="" />
<wsdl:input name="...">
<!-- added to wsdl for encryption -->
<wsp:PolicyReference URI="#xxx_policy" />
<wsdlsoap:body use="literal" />
</wsdl:input>
<wsdl:output ... >
</wsdl:operation>
</wsdl:binding>
<!-- added to wsdl for encryption -->
<wsp:Policy wsu:Id="general_policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<wsp:ExactlyOne>
<wsp:Policy>
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:AsymmetricBinding>
</wsp:All>
</wsp:Policy>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="xxx_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:ContentEncryptedElements
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/*[namespace-uri()='xxx' and local-name()='xxxRequest']/yyy</sp:XPath>
</sp:ContentEncryptedElements>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsdl:definitions>
我只使用 jaxws-maven-plugin(没有 Spring 或任何其他库)来生成我的网络服务 client 类 来自 WSDL,它工作正常,除了我需要使用 WS-Security 来 加密我请求的特定子元素 。
能否请您指点我任何文档或给我提示如何配置它?是否有一个配置文件,我在哪里设置以下内容?还是我需要使用其他库,例如 Apache CXF?
WS-A Version: 200508
Key Identifier Type: Binary Security Token
Symmetric Encoding Algorithm: AES256-CBC
Key Encryption Algorithm: RSA-OAEP-MGF1P
Algorithm Suite: Basic256Sha256
Encypted elements XPath: //xxx/yyy
谢谢!
我发现了什么:(注意我还是不明白发生了什么)
- Wildfly 以某种方式使用内置的 Apache CXF(Glassfish 实现和配置不同)
- 我不得不修改提供的 WSDL 以添加 WS-Policy(还没有找到一种方法如何将它添加到外部文件或某个地方而不修改 WSDL - 我不是它的作者) - 见下文
- 必须提供密钥库
并配置访问权限:
XxxService service = new XxxService(); BindingProvider bp = (BindingProvider) service.getXxxPort(); final Map<String, Object> rqc = bp.getRequestContext(); Properties p = new Properties(); p.setProperty("org.apache.ws.security.crypto.merlin.keystore.file", ...); p.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", ...); p.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", ...); p.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", ...); rqc.put("security.signature.properties", p); rqc.put("security.encryption.properties", p);
WSDL 示例
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions ... >
...
<wsdl:binding name="..." type="...">
<wsaw:UsingAddressing wsdl:required="false" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" />
<wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
<!-- added to wsdl for encryption -->
<wsp:PolicyReference URI="#general_policy" />
<wsdl:operation name="xxx">
<wsdlsoap:operation soapAction="" />
<wsdl:input name="...">
<!-- added to wsdl for encryption -->
<wsp:PolicyReference URI="#xxx_policy" />
<wsdlsoap:body use="literal" />
</wsdl:input>
<wsdl:output ... >
</wsdl:operation>
</wsdl:binding>
<!-- added to wsdl for encryption -->
<wsp:Policy wsu:Id="general_policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<wsp:ExactlyOne>
<wsp:Policy>
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:AsymmetricBinding>
</wsp:All>
</wsp:Policy>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="xxx_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:ContentEncryptedElements
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Body']/*[namespace-uri()='xxx' and local-name()='xxxRequest']/yyy</sp:XPath>
</sp:ContentEncryptedElements>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsdl:definitions>