1. 首頁
  2. 問答
  3. 使用Axis2和Rampart的UsernameToken配置文件1.0保護Web服務的安全

使用Axis2和Rampart的UsernameToken配置文件1.0保護Web服務的安全

2015-09-30 58 views
1

這是我在堆棧溢出中的第一個問題。使用Axis2和Rampart的UsernameToken配置文件1.0保護Web服務的安全

我不是專家的java程序員,但我有以前的語言和不同IDE的經驗。

我有一種情況,客戶需要從給定的WSDL我創建必須使用的UsernameToken Profile 1.0的OASIS標準200401.這將在生產服務器上的SSL保護進行身份驗證的服務。

我一直在做一些研究,並試圖實現不同的情況下,我到了一個沒有任何工作適合我的地步。

我使用:

  • Eclipse作爲基本IDE
  • Axis2的V1.6.3
  • 壁壘V1.6.2
  • Rahas V1.6.2

要ilustrate的目前的情況,在這裏我向你展示了當從wsdl eclipse作爲基礎IDE生成java bean服務結構時,eclipse爲我創建的結構。施加

https://dl.dropboxusercontent.com/u/71031985/schema.png


配置:

中的WebContent/WEB-INF/CONF/axis2.xml

我使壘模塊和passwordCallbackClass到能夠處理的用戶名和密碼在肥皂標題中提供。

<module ref="rampart" /> 

<parameter name="InflowSecurity"> 
    <action> 
     <items>UsernameToken</items> 
     <passwordCallbackClass> 
      serviceManager.ServiceAuthUserNameToken 
     </passwordCallbackClass> 
     <passwordType>PasswordText</passwordType> 
    </action> 
</parameter> 

...

在位於/WebContent/WEB-INF/services/ProveedorCentroTFWS/META-INF/services.xml我放置壁壘政策,以便能夠完成的UsernameToken要求的文件:

<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> 
<wsp:ExactlyOne> 
    <wsp:All> 
    <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
     <wsp:Policy> 
     <sp:TransportToken> 
      <wsp:Policy> 
      <sp:HttpsToken RequireClientCertificate="false"/> 
      </wsp:Policy> 
     </sp:TransportToken> 
     <sp:AlgorithmSuite> 
      <wsp:Policy> 
      <sp:Basic128/> 
      </wsp:Policy> 
     </sp:AlgorithmSuite> 
     <sp:Layout> 
      <wsp:Policy> 
      <sp:Lax/> 
      </wsp:Policy> 
     </sp:Layout> 
     <sp:IncludeTimestamp/> 
     </wsp:Policy> 
    </sp:TransportBinding> 
    <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
     <wsp:Policy> 
      <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" /> 
     </wsp:Policy> 
    </sp:SignedSupportingTokens> 

    <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
     <ramp:passwordCallbackClass>serviceManager.ServiceAuthUserNameToken</ramp:passwordCallbackClass> 
    </ramp:RampartConfig> 

    </wsp:All> 
</wsp:ExactlyOne>

當執行從由客戶提供(和它不能被修改)測試客戶端呼叫它發送下面的SOAP消息:

<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> 
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> 
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1"> 
     <wsse:UsernameToken wsu:Id="UsernameToken-3"> 
      <wsse:Username>username</wsse:Username> 
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">definedpwd</wsse:Password> 
     </wsse:UsernameToken> 
    </wsse:Security> 
    <wsa:To>http://localhost:8080/ProveedorCentroTFWS</wsa:To> 
    <wsa:MessageID>urn:uuid:f2fb54d9-8957-49a2-88a7-de6d209e6d35</wsa:MessageID> 
    <wsa:Action>getActionList</wsa:Action> 
</soapenv:Header> 
<soapenv:Body> 
    <ns3:getActionListxmlns:ns3="http://impl.ws.application.proveedorcentro.meyss.spee.es" /> 
</soapenv:Body>

錯誤返回是以下一個曾經SOAP消息發送:

java.lang.RuntimeException: Malformed uri: UsernameTokenPolicy

而且它走的是堆棧跟蹤:

org.apache.neethi.PolicyReference.getRemoteReferencedPolicy(PolicyReference.java:155) 
org.apache.neethi.PolicyReference.normalize(PolicyReference.java:110) 
org.apache.axis2.util.PolicyUtil.getMergedPolicy(PolicyUtil.java:267) 
org.apache.axis2.description.AxisBindingMessage.calculateEffectivePolicy(AxisBindingMessage.java:294) 
org.apache.axis2.description.AxisBindingMessage.getEffectivePolicy(AxisBindingMessage.java:225) 
org.apache.axis2.context.MessageContext.getEffectivePolicy(MessageContext.java:1617) 
org.apache.rampart.RampartMessageData.&lt;init&gt;(RampartMessageData.java:233) 
org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61) 
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) 
org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) 
org.apache.axis2.engine.Phase.invoke(Phase.java:313) 
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) 
org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:516) 
org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433) 
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:216) 
javax.servlet.http.HttpServlet.service(HttpServlet.java:648) 
javax.servlet.http.HttpServlet.service(HttpServlet.java:729) 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

我檢查盡一切辦法讓它接受肥皂信息,但我無法讓它工作。

感謝您的支持和關注

來源

2015-09-30 A.Badia

+0

好了,最後找到解決問題的辦法。 原始WSDL的格式不正確,錯過了項目的一些重要部分能夠正常工作。 –

回答

0

這個問題的解決方案是提供WSDL錯過某些部分能夠在用戶名令牌下autenticate Profile 1.0的OASIS標準200401.

找到了解決這個在關於具有Metro的WS-Security的IBM page下。

在WSDL文檔,綁定標籤下的策略參考:

<wsp:PolicyReference URI="#UsernameTokenPolicy" wsdl:required="true"/>

閱讀在線文檔,我看到它指向哪兒冒出來,有必要在諸如同一WSLD文件中添加策略項有我們想要應用標識符名稱(#UsernameTokenPolicy)或策略所需的名稱下一個:

<wsp:Policy wsu:Id="UsernameTokenPolicy" xmlns:wsp="http://www.w3.org/ns/ws-policy" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
<sp:SupportingTokens 
    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> 
    <wsp:Policy> 
     <sp:UsernameToken 
      sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> 
      <wsp:Policy> 
       <sp:WssUsernameToken11 /> 
      </wsp:Policy> 
     </sp:UsernameToken> 
    </wsp:Policy> 
</sp:SupportingTokens> 
<wsss:ValidatorConfiguration wspp:visibility="private" 
     xmlns:wsss="http://schemas.sun.com/2006/03/wss/server" 
     xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"> 
    <wsss:Validator name="usernameValidator" classname="[packageName].[callBackValidatorName]"/> 
    </wsss:ValidatorConfiguration> 
</wsp:Policy>

一旦做到這一點,你需要創建一個回調驗證與responibility處理頭憑證的SOAP請求像提供下面的例子:

package [packageName]; 


import com.sun.xml.wss.impl.callback.PasswordValidationCallback; 
import java.io.IOException; 
import javax.security.auth.callback.Callback; 
import javax.security.auth.callback.UnsupportedCallbackException; 

public class [callBackValidatorName] implements PasswordValidationCallback.PasswordValidator{ 

@Override 
public boolean validate(PasswordValidationCallback.Request request) throws PasswordValidationCallback.PasswordValidationException { 

    PasswordValidationCallback.PlainTextPasswordRequest ptreq; 

    ptreq = (PasswordValidationCallback.PlainTextPasswordRequest) request; 

    return "[HARCODED_USERNAME]".equals(ptreq.getUsername()) && 
     "[HARCODED_PWD]".equals(ptreq.getPassword()); 
} 
}

一旦完成所有這些,你必須能夠autenticate相匹配的的UsernameToken Profile 1.0的OASIS標準200401下一個Java Web服務在服務器端的SOAP消息。

來源

2016-01-07 09:48:46

相關問題

 相關問題