我是新來的安全標題,我需要你的幫助。我可以通過身份驗證進行web服務調用,這很容易,但卻與安全性有關。 我有以下的安全頭,這是失敗的真實性,我知道這是因爲用戶名令牌因爲我得到異常:org.apache.ws.security.WSSecurityException:提供了一個無效的安全令牌(處理用戶名令牌)。Axis Webservice標題安全密碼文本
這是soapUI的工作要求:
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-1"> <wsse:Username>tibco-admin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">secret</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">d6zrRrsSdfulAUmTq6VFtQ==</wsse:Nonce> <wsu:Created>2014-01-07T15:55:58.816Z</wsu:Created> </wsse:UsernameToken> </wsse:Security>
這是從Java失敗的請求:
<wsse:Security xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:UsernameToken wsu:Id="UsernameToken-2">
<wsse:Username xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">tibco-admin</wsse:Username>
<wsse:Password EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">secret</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">XY7Kb6UcEhloWOlmcbDlGg==</wsse:Nonce>
<wsse:Created xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">2014-01-07T17:48:39Z</wsse:Created>
</wsse:UsernameToken>
我的Java代碼是:
//set header
SOAPHeaderElement wsseSecurity = new SOAPHeaderElement(new PrefixedQName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security", "wsse"));
wsseSecurity.setMustUnderstand(true);
wsseSecurity.setAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
wsseSecurity.setActor(null);
//set userNameToken
SOAPElement userNameToken = wsseSecurity.addChildElement("UsernameToken", "wsse");
userNameToken.setAttribute("wsu:Id", "UsernameToken-1");
//set username
SOAPElement userName = userNameToken.addChildElement("Username", "wsse");
userName.setValue("tibco-admin");
//set password
SOAPElement password = userNameToken.addChildElement("Password", "wsse");
password.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
password.setValue("secret");
//set nonce
SOAPElement nonce = userNameToken.addChildElement("Nonce", "wsse");
nonce.setValue("XY7Kb6UcEhloWOlmcbDlGg==");
nonce.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
//set created
Calendar c = Calendar.getInstance();
c.setTime(new Date());
String timestamp = DatatypeConverter.printDateTime(c);
timestamp = timestamp.substring(0, 19);
timestamp = timestamp+"Z";
SOAPElement created = userNameToken.addChildElement("Created", "wsse");
created.setValue(timestamp);
stub.setHeader(wsseSecurity);
System.out.println(wsseSecurity);
stub.setUsername("tibco-admin");
stub.setPassword("secret");
我硬編碼了nonce用於測試的值。
任何幫助或指針將不勝感激。
歡迎來到StackOverflow :-)請提供一些解釋爲什麼你的建議有助於回答問題。這將爲您的貢獻提供價值。如果您有任何疑問,請參閱StackOverflow幫助中心的指導原則。 –