肥皂請求與彈簧的自定義soapHeader

Question

我正在使用包含請求的安全部分的自定義標頭進行SOAP請求。 但是，請求現在包含兩個標題，並且它拋出以下錯誤： [請求處理失敗;嵌套異常是org.springframework.ws.soap.client.SoapFaultClientException：沒有WS-Security的標頭中找到]與根源

所形成的標頭是：

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header><soapenv:Envelope xmlns:ser="dasdasdasd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><wsse:Security xmlns:wsse="asdasdasdas" soapenv:mustUnderstand="1"> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2"><wsse:Username>test</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">adasdasdasdasd</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">!@#!@#@#$@!#!@@%*(&*&^%#$@#</wsse:Nonce><wsu:Created>2014-09-04 T1015.41.649Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header></soapenv:Envelope></SOAP-ENV:Header><SOAP-ENV:Body><ns2:CreateSaleOrderRequest xmlns:ns2="http://uniware.unicommerce.com/services/"><ns2:SaleOrder><ns2:DisplayOrderCode>200</ns2:DisplayOrderCode></ns2:SaleOrder></ns2:CreateSaleOrderRequest></SOAP-ENV:Body></SOAP-ENV:Envelope> 

我對上述請求的代碼是如下：

private static final String uri = "http://requestb.in/1eh2un81"; 

public String createSaleOrder(Suborder suborder) 
{ 
    SaleOrder saleorder = new SaleOrder(); 
    saleorder = setSaleOrderObject(suborder); 
    CreateSaleOrderRequest request = new CreateSaleOrderRequest(); 
    request.setSaleOrder(saleorder); 
    String response = this.getWebServiceTemplate().marshalSendAndReceive(uri, request, 
      new WebServiceMessageCallback() { 
       public void doWithMessage(WebServiceMessage message) throws IOException, TransformerException 
     { 
        SoapMessage soapmessage = (SoapMessage)message;     
        SoapHeader header = soapmessage.getSoapHeader(); 
        //soapmessage.getEnvelope().addAttribute(, "soapenv"); 

        StringBuilder soapheader = new StringBuilder(); 
        soapheader.append("<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ser=\"zsdasdasdasd">"); 
        soapheader.append("<soapenv:Header>"); 
        soapheader.append("<wsse:Security soapenv:mustUnderstand=\"1\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"> "); 
        soapheader.append("<wsse:UsernameToken wsu:Id=\"UsernameToken-2\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">"); 
        soapheader.append("<wsse:Username>test</wsse:Username>"); 
        soapheader.append("<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">adasdasdasdasd</wsse:Password>"); 
        soapheader.append("<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">!2312312!@#!@#!#$@#%R</wsse:Nonce>"); 
        soapheader.append("<wsu:Created>2014-09-04 T1015.41.649Z</wsu:Created>"); 
        soapheader.append("</wsse:UsernameToken>"); 
        soapheader.append("</wsse:Security>"); 
        soapheader.append("</soapenv:Header>"); 
        soapheader.append("</soapenv:Envelope>"); 


        StringSource HeaderSource = new StringSource(soapheader.toString()); 
        Transformer transformer = TransformerFactory.newInstance().newTransformer(); 
        transformer.transform(HeaderSource,header.getResult()); 

        } 
    }).toString(); 
    System.out.println(response); 

請建議我該如何解決此錯誤.TIA！

Answer 1

嚴正提供你使用Spring，你將不得不去這樣的事情..您的XML中的WS你應該有：

<bean id="YourWsClientBean" class="eu.europa.acer.aris.dciws.client.DciWsClient"> 
     <constructor-arg ref="webServiceTemplate"></constructor-arg> 
    </bean> 


    <bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate"> 
     <constructor-arg ref="messageFactory"/> 
     <property name="marshaller" ref="marshaller"></property> 
     <property name="unmarshaller" ref="unMarshaller"></property> 

     <property name="messageSender"> 
      <bean 
       class="org.springframework.ws.transport.http.CommonsHttpMessageSender"> 
      </bean> 
     </property> 
     <!-- NON PROXY 
     <property name="messageSender" ref = "httpSender"></property> -->  
     <property name="defaultUri" value="https://testframework.test-acer-remit.eu/dci-ws/" /> 
     <property name="interceptors"> 
      <list> 
       <ref bean="securityConfInterceptor" /> 

      </list> 
     </property> 
    </bean> 

    <bean id="securityConfInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor"> 
      <property name="policyConfiguration" value="classpath:securityPolicy.xml" /> 
      <property name="callbackHandlers"> 
       <!-- <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler"> 
        <property name="keyStore" ref="keyStore" /> <property name="privateKeyPassword" 
        value="changeit" /> <property name="trustStore" ref="trustStore" /> </bean> --> 
       <list> 
        <ref bean="keyStoreHandler"/> 
       </list> 
      </property> 
    </bean> 

編組和解組應該清楚你我想。 你的情況，最重要的部分是

的securityPolicy.xml內，你將能夠定義你desirede政策傳出//收到的消息，無論是簽名userNameAndPassWord，則在等。

以下例如文件是用特定的證書對請求進行簽名。

<?xml version="1.0" encoding="UTF-8"?> 
    <!-- <xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"> 
     <xwss:Sign includeTimestamp="false"> <xwss:X509Token certificateAlias="ceremp 
     staging ca"/> </xwss:Sign> </xwss:SecurityConfiguration> --> 
    <xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"> 
     <!-- <xwss:RequireTimestamp maxClockSkew="60" timestampFreshnessLimit="300"/> 
      <xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="false"/> 
      <xwss:Timestamp /> <xwss:UsernameToken name="mojo" password="mojopass" digestPassword="true" 
      useNonce="true"/> --> 
     <xwss:Sign> 
      <xwss:X509Token certificateAlias="acerprivate" /> 
      <!-- <xwss:X509Token certificateAlias="acer staging cert" /> --> 
      <xwss:CanonicalizationMethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
      <xwss:SignatureMethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
      <xwss:SignatureTarget type="xpath" 
       value="./SOAP-ENV:Envelope/SOAP-ENV:Body"> 
       <xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
       <xwss:Transform algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> 
        <xwss:AlgorithmParameter name="XPATH" 
         value="./SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature[1]/ds:KeyInfo/wsse:SecurityTokenReference" /> 
       </xwss:Transform> 
       <xwss:Transform 
        algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"> 
        <xwss:AlgorithmParameter name="CanonicalizationMethod" 
         value="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
       </xwss:Transform> 
      </xwss:SignatureTarget> 
     </xwss:Sign> 
    </xwss:SecurityConfiguration> 

希望這給你一隻手作爲一般概念。

有時，我建議一些新的同事採取骯髒的替代方案，如果他們想保持變化儘可能簡單。 例如這是從春天論壇 - >

 public void sendAndReceiveXMLPayload(String xmlFileNamePath) throws IOException { 

     ClassPathResource 
      classPathResource = 
       new ClassPathResource(xmlFileNamePath); 

     Source 
      requestSource = 
       new ResourceSource(classPathResource); 

     StringResult 
      result = 
       new StringResult(); 

     getWebServiceTemplate(). 
      sendSourceAndReceiveToResult(
       requestSource, 
       new WSSESecurityHeaderRequestWebServiceMessageCallback(), 
       result 
      ); 
    } 

通知WSSESecurityHeaderRequestWebServiceMessageCallback

在這個類中定義

public class WSSESecurityHeaderRequestWebServiceMessageCallback implements WebServiceMessageCallback { 

    public void doWithMessage(WebServiceMessage message) throws IOException, TransformerException { 

     try { 

      // Assumption: We are using the default SAAJWebMessageFactory 

      SaajSoapMessage 
       saajSoapMessage = 
        (SaajSoapMessage)message; 

      SOAPMessage 
       soapMessage = 
        saajSoapMessage.getSaajMessage(); 

      SOAPPart 
       soapPart = 
        soapMessage.getSOAPPart(); 

      SOAPEnvelope 
       soapEnvelope = 
        soapPart.getEnvelope(); 

      SOAPHeader 
       soapHeader = 
        soapEnvelope.getHeader(); 

      Name 
       headerElementName = 
        soapEnvelope.createName(
         "Security", 
         "wsse", 
         "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
        ); 

      // Add "Security" soapHeaderElement to soapHeader 
      SOAPHeaderElement 
       soapHeaderElement = 
        soapHeader.addHeaderElement(headerElementName); 

      // This may be important for some portals! 
      soapHeaderElement.setActor(null); 

      // Add usernameToken to "Security" soapHeaderElement 
      SOAPElement 
       usernameTokenSOAPElement = 
        soapHeaderElement.addChildElement("UsernameToken"); 

      // Add username to usernameToken 
      SOAPElement 
       userNameSOAPElement = 
        usernameTokenSOAPElement.addChildElement("Username"); 

      userNameSOAPElement.addTextNode("myUserName"); 

      // Add password to usernameToken 
      SOAPElement 
       passwordSOAPElement = 
        usernameTokenSOAPElement.addChildElement("Password"); 

      passwordSOAPElement.addTextNode("myPassword"); 

     } catch (SOAPException soapException) { 
      throw new RuntimeException("WSSESecurityHeaderRequestWebServiceMessageCallback", soapException); 
     } 
    } 
} 

隨意改變你與你的頭做什麼，你認爲合適和你完成了...