Spring-WS SOAP header 前缀问题
Spring-WS SOAP header prefix issues
我正在处理一个 Spring-WS 项目,我正在尝试使用某个 SOAP 服务,但我遇到了请求的 Header 标记的一些问题。
PS:我 运行 在 SOAP UI 上提出了相同的请求,它运行良好。
这是我的代码运行:
JAXBElement<ChangeOtherIDsRequestType> request = createRequestBody();
WebServiceTemplate template = new WebServiceTemplate(marshaller);
template.setDefaultUri(URI);
@SuppressWarnings({ "unchecked" })
JAXBElement<ChangeOtherIDsResponseType> response = (JAXBElement<ChangeOtherIDsResponseType>) template
.marshalSendAndReceive(request, new WebServiceMessageCallback() {
@Override
public void doWithMessage(WebServiceMessage message) {
Instant instant = Instant.now();
SaajSoapMessage saajSoapMessage = (SaajSoapMessage) message;
SOAPMessage soapMessage = saajSoapMessage.getSaajMessage();
SOAPPart soapPart = soapMessage.getSOAPPart();
try {
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
SOAPHeader soapHeader = soapEnvelope.getHeader();
Name headerElementName = soapEnvelope.createName("Security", "wsse",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
// Add "Security" soapHeaderElement to soapHeader
SOAPHeaderElement soapHeaderElement = soapHeader.addHeaderElement(headerElementName);
soapHeaderElement.setMustUnderstand(true);
soapHeaderElement.addNamespaceDeclaration("wsu",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
// Add usernameToken to "Security" soapHeaderElement
SOAPElement usernameTokenSOAPElement = soapHeaderElement.addChildElement("UsernameToken",
"wsse");
// Add username to usernameToken
QName userQname = soapHeaderElement.createQName("Username", "wsse");
SOAPElement userNameSOAPElement = usernameTokenSOAPElement.addChildElement(userQname);
userNameSOAPElement.addTextNode("username");
// Add password to usernameToken
QName passwordQname = usernameTokenSOAPElement.createQName("Password", "wsse");
SOAPElement passwordSOAPElement = usernameTokenSOAPElement.addChildElement("Password");
passwordSOAPElement.setAttribute("Type",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
passwordSOAPElement.addTextNode("password");
// Add Nonce to usernameToken.
QName nonceQname = soapHeaderElement.createQName("Nonce", "wsse");
SOAPElement nonceSOAPElement = usernameTokenSOAPElement.addChildElement("Nonce");
nonceSOAPElement.setAttribute("EncodingType",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
// Add Created to usernameToken.
QName createdQname = soapHeaderElement.createQName("Created", "wsu");
SOAPElement createdElement = usernameTokenSOAPElement.addChildElement(createdQname);
createdElement.addTextNode(instant.toString());
} catch (SOAPException | UnsupportedEncodingException e) {
e.printStackTrace();
}
}
});
template.marshalSendAndReceive(URI, request);
此代码应该在请求中添加 Header 标记,它用于通过 "username" 和 "password".
对用户进行身份验证
我期望的结果与 SOAP UI 为同一请求生成的结果相同。结果是这样的:
<SOAP-ENV:Header>
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-C17C5A667A3F11A8DA153735499778322">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Tl6jznnHitsSE9F16FWTsw==</wsse:Nonce>
<wsu:Created>2018-09-19T11:03:17.783Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
但我得到的结果是这样的:
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</Password>
<Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"> </Nonce>
<wsu:Created>2018-09-19T11:02:21.918Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
让我们看看我的结果中缺少一些东西,例如:
- "wsse" 标签上的前缀 "Password" 和 "Nonce"。
"Username" 标签上的 - "UsernameToken" 属性。
- "Nonce" 标签的值。
我在尝试解决这些问题时遇到了一些问题,但我仍然遇到一些问题:
- 当我尝试将 "wsse" 前缀添加到 "Username" 和 "Nonce" 标签时:整个 "Header" 标签消失了。 (我使用了与 "Username" 标签相同的技术)
- SOAP UI 如何生成 "Nonce" 值?
- SOAP UI 如何生成 "UsernameToken" 值?
不得已,还有其他方法可以模拟 SOAP UI 请求吗?
提前致谢。
您正试图将安全性强加到您的请求中,而有一个拦截器和默认方式可以做到这一点。为您的 WebServiceTemplate 配置 Wss4jSecurityInterceptor。
像下面这样的东西应该可以解决问题。
@Bean
public Wss4jSecurityInterceptor securityInterceptor() {
Wss4jSecurityInterceptor interceptor = new Wss4jSecurityInterceptor();
interceptor.setSecurementUsername("username");
interceptor.setSecurementPassword("password");
interceptor.setSecurementUsernameTokenNonce(true);
interceptor.setSecurementActions("UsernameToken Timestamp");
return interceptor;
}
然后将其注入您的 WebServiceTemplate。那应该添加所需的 headers 而无需执行任何其他操作。理想情况下,您可以配置 WebServiceTemplate 一次并重新使用它。
@Bean
public WebServiceTemplate webServiceTemplate(Marshaller marshaller) {
WebServiceTemplate wsTemplate = new WebServiceTemplate(marshaller);
wsTemplate.setInterceptors(new ClientInterceptor[]{ securityInterceptor() });
return wsTemplate;
}
然后在您的代码中使用预先配置的WebServiceTemplate。
我正在处理一个 Spring-WS 项目,我正在尝试使用某个 SOAP 服务,但我遇到了请求的 Header 标记的一些问题。
PS:我 运行 在 SOAP UI 上提出了相同的请求,它运行良好。
这是我的代码运行:
JAXBElement<ChangeOtherIDsRequestType> request = createRequestBody();
WebServiceTemplate template = new WebServiceTemplate(marshaller);
template.setDefaultUri(URI);
@SuppressWarnings({ "unchecked" })
JAXBElement<ChangeOtherIDsResponseType> response = (JAXBElement<ChangeOtherIDsResponseType>) template
.marshalSendAndReceive(request, new WebServiceMessageCallback() {
@Override
public void doWithMessage(WebServiceMessage message) {
Instant instant = Instant.now();
SaajSoapMessage saajSoapMessage = (SaajSoapMessage) message;
SOAPMessage soapMessage = saajSoapMessage.getSaajMessage();
SOAPPart soapPart = soapMessage.getSOAPPart();
try {
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
SOAPHeader soapHeader = soapEnvelope.getHeader();
Name headerElementName = soapEnvelope.createName("Security", "wsse",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
// Add "Security" soapHeaderElement to soapHeader
SOAPHeaderElement soapHeaderElement = soapHeader.addHeaderElement(headerElementName);
soapHeaderElement.setMustUnderstand(true);
soapHeaderElement.addNamespaceDeclaration("wsu",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
// Add usernameToken to "Security" soapHeaderElement
SOAPElement usernameTokenSOAPElement = soapHeaderElement.addChildElement("UsernameToken",
"wsse");
// Add username to usernameToken
QName userQname = soapHeaderElement.createQName("Username", "wsse");
SOAPElement userNameSOAPElement = usernameTokenSOAPElement.addChildElement(userQname);
userNameSOAPElement.addTextNode("username");
// Add password to usernameToken
QName passwordQname = usernameTokenSOAPElement.createQName("Password", "wsse");
SOAPElement passwordSOAPElement = usernameTokenSOAPElement.addChildElement("Password");
passwordSOAPElement.setAttribute("Type",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
passwordSOAPElement.addTextNode("password");
// Add Nonce to usernameToken.
QName nonceQname = soapHeaderElement.createQName("Nonce", "wsse");
SOAPElement nonceSOAPElement = usernameTokenSOAPElement.addChildElement("Nonce");
nonceSOAPElement.setAttribute("EncodingType",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
// Add Created to usernameToken.
QName createdQname = soapHeaderElement.createQName("Created", "wsu");
SOAPElement createdElement = usernameTokenSOAPElement.addChildElement(createdQname);
createdElement.addTextNode(instant.toString());
} catch (SOAPException | UnsupportedEncodingException e) {
e.printStackTrace();
}
}
});
template.marshalSendAndReceive(URI, request);
此代码应该在请求中添加 Header 标记,它用于通过 "username" 和 "password".
对用户进行身份验证
我期望的结果与 SOAP UI 为同一请求生成的结果相同。结果是这样的:
<SOAP-ENV:Header>
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-C17C5A667A3F11A8DA153735499778322">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Tl6jznnHitsSE9F16FWTsw==</wsse:Nonce>
<wsu:Created>2018-09-19T11:03:17.783Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
但我得到的结果是这样的:
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</Password>
<Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"> </Nonce>
<wsu:Created>2018-09-19T11:02:21.918Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
让我们看看我的结果中缺少一些东西,例如:
- "wsse" 标签上的前缀 "Password" 和 "Nonce"。 "Username" 标签上的
- "UsernameToken" 属性。
- "Nonce" 标签的值。
我在尝试解决这些问题时遇到了一些问题,但我仍然遇到一些问题:
- 当我尝试将 "wsse" 前缀添加到 "Username" 和 "Nonce" 标签时:整个 "Header" 标签消失了。 (我使用了与 "Username" 标签相同的技术)
- SOAP UI 如何生成 "Nonce" 值?
- SOAP UI 如何生成 "UsernameToken" 值?
不得已,还有其他方法可以模拟 SOAP UI 请求吗?
提前致谢。
您正试图将安全性强加到您的请求中,而有一个拦截器和默认方式可以做到这一点。为您的 WebServiceTemplate 配置 Wss4jSecurityInterceptor。
像下面这样的东西应该可以解决问题。
@Bean
public Wss4jSecurityInterceptor securityInterceptor() {
Wss4jSecurityInterceptor interceptor = new Wss4jSecurityInterceptor();
interceptor.setSecurementUsername("username");
interceptor.setSecurementPassword("password");
interceptor.setSecurementUsernameTokenNonce(true);
interceptor.setSecurementActions("UsernameToken Timestamp");
return interceptor;
}
然后将其注入您的 WebServiceTemplate。那应该添加所需的 headers 而无需执行任何其他操作。理想情况下,您可以配置 WebServiceTemplate 一次并重新使用它。
@Bean
public WebServiceTemplate webServiceTemplate(Marshaller marshaller) {
WebServiceTemplate wsTemplate = new WebServiceTemplate(marshaller);
wsTemplate.setInterceptors(new ClientInterceptor[]{ securityInterceptor() });
return wsTemplate;
}
然后在您的代码中使用预先配置的WebServiceTemplate。