WS安全性 - 用戶名令牌檔案

Question

我有一個WSDL文件，我寫的是在客戶端爲8.0

我一直在ApplicationResources.properties SOAP請求所需的用戶名/密碼。

我使用 'WSS-用戶名令牌型材式1.0'，

我無法找到如何實現這一點。

我需要知道，如何編寫policy.xml以及如何在Webservice客戶端中使用。

Answer 1

Soap請求必須包含用於用戶名令牌wss配置文件的相應標題元素。如果您使用Java，則可以使用Soap處理程序或SAAJ手動創建元素。在Websphere中，您可以使用稱爲「策略集」的功能通過配置各種策略集和綁定來對此支持進行元編程。

這裏是描述使用配置方法如何做到這一點的好文章： http://www.ibm.com/developerworks/websphere/library/techarticles/1103_balakrishnan/1103_balakrishnan.html

這裏是加入這個頭一個例子編程方式使用SAAJ：

public class WssHandler implements SOAPHandler<SOAPMessageContext> { 

    private static final Logger cTRACE = Logger.getLogger(WssHandler.class.getName()); 

    // SOAP 
    private static final String cWSSE = "wsse"; 
    private static final String cURL = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; 
    private static final String cNODE_SECURITY = "Security"; 
    private static final String cNODE_USRTOKEN = "UsernameToken"; 
    private static final String cNODE_USERNAME = "Username"; 
    private static final String cNODE_PASSWORD = "Password"; 

    private String iUsername; 
    private String iPassword; 

    /** 
    * Constructor for SOAP handler with specific wss credentials. 
    * @param aUsername wss username 
    * @param aPassword wss password 
    */ 
    public WssHandler(String username, String passwd) { 
     super(); 
     iUsername = username; 
     iPassword = passwd; 
    } 

    @Override 
    public boolean handleMessage(SOAPMessageContext context) { 
     if (cTRACE.isLoggable(Level.FINEST)) { 
      cTRACE.logp(Level.FINEST, 
        WssHandler.class.getName(), 
        "handleMessage", "add WSS credentials for user "+iUsername); 
     } 

     try { 
      SOAPMessage tMessage = context.getMessage(); 
      SOAPEnvelope tSoapEnvelope = tMessage.getSOAPPart().getEnvelope(); 

      // header 
      SOAPHeader tHeader = tSoapEnvelope.getHeader(); 
      if (tHeader==null) { 
       // no header yet, create one 
       tHeader = tSoapEnvelope.addHeader(); 
      } 

      // security node 
      Name tWsseHeaderName = tSoapEnvelope.createName(cNODE_SECURITY, cWSSE, cURL); 
      SOAPHeaderElement tSecurityElement = tHeader.addHeaderElement(tWsseHeaderName); 
      tSecurityElement.setMustUnderstand(true); 

      Name tUserTokenElementName = tSoapEnvelope.createName(cNODE_USRTOKEN, cWSSE, cURL); 
      SOAPElement tUserTokenElement = tSecurityElement.addChildElement(tUserTokenElementName); 
      tUserTokenElement.removeNamespaceDeclaration(cWSSE); 
      tUserTokenElement.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); 

      // user name child 
      Name tUsernameElementName = tSoapEnvelope.createName(cNODE_USERNAME, cWSSE, cURL); 
      SOAPElement tUsernameElement = tUserTokenElement.addChildElement(tUsernameElementName); 
      tUsernameElement.removeNamespaceDeclaration(cWSSE); 
      tUsernameElement.addTextNode(iUsername); 

      // password child 
      Name tPasswordElementName = tSoapEnvelope.createName(cNODE_PASSWORD, cWSSE, cURL); 
      SOAPElement tPasswordElement = tUserTokenElement.addChildElement(tPasswordElementName); 
      tPasswordElement.removeNamespaceDeclaration(cWSSE); 
      tPasswordElement.addTextNode(iPassword); 
      tPasswordElement.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"); 
     } catch (SOAPException e) { 
      if (cTRACE.isLoggable(Level.SEVERE)) { 
       cTRACE.logp(Level.SEVERE, 
         WssHandler.class.getName(), 
         "handleMessage", "Unable to add WSS credentials", e); 
      } 
      // stop processing 
      return false; 
     } 

     // continue processing 
     return true; 
    } 

    @Override 
    public boolean handleFault(SOAPMessageContext context) { 
     return true; 
    } 

    @Override 
    public void close(MessageContext context) { 
     // nothing to do 
    } 

    @Override 
    public Set<QName> getHeaders() { 
     return null; 
    } 

}