Axis2 在请求 header 中生成 wsu:Id="SecurityToken-..."
Axis2 generating wsu:Id="SecurityToken-..." in request header
我们将 axis2 与 WS 策略一起使用,如下所示:
context.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(PLAIN_TEXT_POLICY_FILE));
使用 loadpPolicy 代码:
InputStream file = this.getClass().getResourceAsStream(fileName);
StAXOMBuilder builder = new StAXOMBuilder(file);
Policy result = PolicyEngine.getPolicy(builder.getDocumentElement());
当我们执行调用时,我们看到:
wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1"
我们希望看到的不是 wsu:Id="UsernameToken-1":wsu:Id="SecurityToken-d61ff167-34c7-430b-b3ad-50c8882ed5t9"
如何实现?我们需要更新政策吗?
header 是在未使用策略的情况下从 Java 代码手动形成的:
stub._getServiceClient().addHeader(createRequestHeader());
createRequestHeader 的代码如下:
// Defines some namespace and URL constants
String WS_SEC_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
String WS_SOAP_URL = "http://schemas.xmlsoap.org/soap/envelope/";
SOAPFactory soapFact = OMAbstractFactory.getSOAP12Factory();
// namespace objects creation
OMNamespace ns = soapFact.createOMNamespace(WS_SEC_NS, "wsse");
OMNamespace nsu = soapFact.createOMNamespace(WS_SEC_NS, "wsu");
OMNamespace nsoap = soapFact.createOMNamespace(WS_SOAP_URL, "soap");
// Header definition and sub elements
SOAPHeaderBlock wssHeader = soapFact.createSOAPHeaderBlock("Security", ns);
wssHeader.addAttribute("mustUnderstand", "1", nsoap);
OMElement timeStampElement = soapFact.createOMElement("Timestamp", nsu);
// add random UUID as security ID
timeStampElement.addAttribute("Id", "Timestamp-" + UUID.randomUUID(), nsu);
// sub elements of timestamp
OMElement expires = soapFact.createOMElement("Expires", nsu);
Calendar cal = Calendar.getInstance();
// expiry period is now + 5 minutes
cal.add(Calendar.MINUTE, 5);
expires.setText(String.valueOf(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(cal.getTime())));
OMElement created = soapFact.createOMElement("Created", nsu);
created.setText(String.valueOf(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date())));
OMElement usernameToken = soapFact.createOMElement("UsernameToken", ns);
// add random UUID as security token ID
usernameToken.addAttribute("Id", "SecurityToken-" + UUID.randomUUID(), nsu);
// sub elements of username token
OMElement username = soapFact.createOMElement("Username", ns);
username.setText(user);
OMElement password = soapFact.createOMElement("Password", ns);
password.setText(this.password);
password.addAttribute(WSConstants.PASSWORD_TYPE_ATTR, WSConstants.PASSWORD_TEXT, null);
OMElement nonce = soapFact.createOMElement("Nonce", ns);
// fill the nonce as a random encoded UUID
nonce.setText(HashUtils.createEncodedUUID());
OMElement createdUser = soapFact.createOMElement("Created", nsu);
createdUser.setText(String.valueOf(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date())));
// adding sub elements
usernameToken.addChild(username);
usernameToken.addChild(password);
usernameToken.addChild(nonce);
usernameToken.addChild(createdUser);
timeStampElement.addChild(created);
timeStampElement.addChild(expires);
wssHeader.addChild(timeStampElement);
wssHeader.addChild(usernameToken);
哈希使用以下方法:
public static String createEncodedUUID()
{
log.trace("Enter Method createEncodedUUID");
String randomId = String.valueOf(UUID.randomUUID());
MessageDigest md = null;
String result = "";
try
{
md = MessageDigest.getInstance("SHA1");
md.update(randomId.getBytes());
byte[] byteNonce = md.digest();
result = String.valueOf(Base64.encodeBase64(byteNonce));
}
catch(NoSuchAlgorithmException e)
{
log.error("NoSuchAlgorithmException. Error calling createEncodedUUID.", e);
}
log.trace("Return Method createEncodedUUID. Result: {}", result);
return result;
}
我们将 axis2 与 WS 策略一起使用,如下所示:
context.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(PLAIN_TEXT_POLICY_FILE));
使用 loadpPolicy 代码:
InputStream file = this.getClass().getResourceAsStream(fileName);
StAXOMBuilder builder = new StAXOMBuilder(file);
Policy result = PolicyEngine.getPolicy(builder.getDocumentElement());
当我们执行调用时,我们看到:
wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1"
我们希望看到的不是 wsu:Id="UsernameToken-1":wsu:Id="SecurityToken-d61ff167-34c7-430b-b3ad-50c8882ed5t9"
如何实现?我们需要更新政策吗?
header 是在未使用策略的情况下从 Java 代码手动形成的:
stub._getServiceClient().addHeader(createRequestHeader());
createRequestHeader 的代码如下:
// Defines some namespace and URL constants
String WS_SEC_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
String WS_SOAP_URL = "http://schemas.xmlsoap.org/soap/envelope/";
SOAPFactory soapFact = OMAbstractFactory.getSOAP12Factory();
// namespace objects creation
OMNamespace ns = soapFact.createOMNamespace(WS_SEC_NS, "wsse");
OMNamespace nsu = soapFact.createOMNamespace(WS_SEC_NS, "wsu");
OMNamespace nsoap = soapFact.createOMNamespace(WS_SOAP_URL, "soap");
// Header definition and sub elements
SOAPHeaderBlock wssHeader = soapFact.createSOAPHeaderBlock("Security", ns);
wssHeader.addAttribute("mustUnderstand", "1", nsoap);
OMElement timeStampElement = soapFact.createOMElement("Timestamp", nsu);
// add random UUID as security ID
timeStampElement.addAttribute("Id", "Timestamp-" + UUID.randomUUID(), nsu);
// sub elements of timestamp
OMElement expires = soapFact.createOMElement("Expires", nsu);
Calendar cal = Calendar.getInstance();
// expiry period is now + 5 minutes
cal.add(Calendar.MINUTE, 5);
expires.setText(String.valueOf(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(cal.getTime())));
OMElement created = soapFact.createOMElement("Created", nsu);
created.setText(String.valueOf(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date())));
OMElement usernameToken = soapFact.createOMElement("UsernameToken", ns);
// add random UUID as security token ID
usernameToken.addAttribute("Id", "SecurityToken-" + UUID.randomUUID(), nsu);
// sub elements of username token
OMElement username = soapFact.createOMElement("Username", ns);
username.setText(user);
OMElement password = soapFact.createOMElement("Password", ns);
password.setText(this.password);
password.addAttribute(WSConstants.PASSWORD_TYPE_ATTR, WSConstants.PASSWORD_TEXT, null);
OMElement nonce = soapFact.createOMElement("Nonce", ns);
// fill the nonce as a random encoded UUID
nonce.setText(HashUtils.createEncodedUUID());
OMElement createdUser = soapFact.createOMElement("Created", nsu);
createdUser.setText(String.valueOf(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date())));
// adding sub elements
usernameToken.addChild(username);
usernameToken.addChild(password);
usernameToken.addChild(nonce);
usernameToken.addChild(createdUser);
timeStampElement.addChild(created);
timeStampElement.addChild(expires);
wssHeader.addChild(timeStampElement);
wssHeader.addChild(usernameToken);
哈希使用以下方法:
public static String createEncodedUUID()
{
log.trace("Enter Method createEncodedUUID");
String randomId = String.valueOf(UUID.randomUUID());
MessageDigest md = null;
String result = "";
try
{
md = MessageDigest.getInstance("SHA1");
md.update(randomId.getBytes());
byte[] byteNonce = md.digest();
result = String.valueOf(Base64.encodeBase64(byteNonce));
}
catch(NoSuchAlgorithmException e)
{
log.error("NoSuchAlgorithmException. Error calling createEncodedUUID.", e);
}
log.trace("Return Method createEncodedUUID. Result: {}", result);
return result;
}