1. 首頁
  2. 問答
  3. 駱駝cxf pax-web處理WS-Security用戶名令牌

駱駝cxf pax-web處理WS-Security用戶名令牌

2015-12-02 67 views
0

我正在實現一個使用駱駝cxf的web服務來部署在Karaf中。 我正在使用karaf附帶的pax web。我在pom中使用cxf codegen插件來執行java的wsdl。駱駝cxf pax-web處理WS-Security用戶名令牌

我在RouteBuilder Java DSL中定義了cxf uri和路由。 blueprint.xml只包含一些bean並引用RouteBuilder。

final String cxfUri = 
      String.format("cxf:%s?serviceClass=%s&wsdlURL=wsdl/Event.wsdl", 
        "/Event.jws", com.example.EventPortType.class.getCanonicalName());

我用pax-web(jetty.xml)設置了ssl。如果我發送帶有用戶名和密碼的WSSE安全標頭,它會生成一個MustUnderstand soap故障。

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1"> 
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-LdZa8aaGdy7mWQWXLp_zpbfg"> 
    <wsse:Username>xxx</wsse:Username> 
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxx</wsse:Password> 
    </wsse:UsernameToken> 
</wsse:Security>

輸入請求無法更改。 我得到這個例外。

<soap:Fault> 
    <faultcode>soap:MustUnderstand</faultcode> 
    <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.</faultstring> 
    </soap:Fault>

如何保護cxf端點以驗證請求?

謝謝。

來源

2015-12-02 user127091

+0

遵循駱駝分配2.15.1 - camel-example-reportincident-wssecurity的例子,它的工作原理。它使用WSSJInterceptor和CallbackHandler。 – user127091

回答

2

您需要爲暴露的CXF服務添加WSS4J攔截器。您可以爲用戶驗證提供自己的PasswordCallback,但我更願意使用本機JAAS。這是一個藍圖示例,要求任何Karaf用戶使用UsernameToken(這是爲了暴露camel-cxf路由,但同樣的原則適用於純粹的CXF實現)。如果您更喜歡基於Java的Camel路由構建器,則可以將攔截器Bean添加到上下文註冊表以使用它們。但是 - 藍圖(或彈簧配置)允許您比簡單的端點參數更精細的控制。

<?xml version="1.0" encoding="UTF-8"?> 
    <blueprint 
     xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns:cxf="http://cxf.apache.org/blueprint/core" 
     xmlns:camelcxf="http://camel.apache.org/schema/blueprint/cxf" 
     xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0" 
     xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws" 
     xsi:schemaLocation=" 
      http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd 
      http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd http://camel.apache.org/schema/blueprint 
      http://camel.apache.org/schema/blueprint/camel-blueprint.xsd http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0 
      http://svn.apache.org/repos/asf/aries/trunk/blueprint/blueprint-cm/src/main/resources/org/apache/aries/blueprint/compendium/cm/blueprint-cm-1.1.0.xsd 
      http://cxf.apache.org/blueprint/core http://cxf.apache.org/schemas/blueprint/core.xsd 
      http://cxf.apache.org/blueprint/jaxws  http://cxf.apache.org/schemas/blueprint/jaxws.xsd 
      http://camel.apache.org/schema/blueprint/cxf http://camel.apache.org/schema/cxf/camel-cxf-2.7.5.xsd"> 

    <bean id="authenticationInterceptor" class="org.apache.cxf.interceptor.security.JAASLoginInterceptor"> 
      <property name="contextName" value="karaf"/> 
      <property name="roleClassifier" value="RolePrincipal"/> 
      <property name="roleClassifierType" value="classname"/>   
     </bean> 

     <bean id="wsSecInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> 
      <argument> 
       <map> 
        <entry key="action" value="UsernameToken"/> 
        <entry key="passwordType" value="PasswordText"/> 
       </map> 
      </argument> 
     </bean>  

     <!-- ================ Apache Camel impl ======================= --> 
     <camelcxf:cxfEndpoint id="testService2" 
          address="/api/2.0/external/TestService" 
          xmlns:apogado="http://test.ws.apogado.com/v1_0/ws" 
          endpointName="apogado:AddressServicePort" 
          serviceName="apogado:AddressService"  
          wsdlURL="classpath:/xsd/ws/TestService.wsdl" 
    > 

     <camelcxf:properties> 
      <entry key="dataFormat" value="PAYLOAD" /> 
      <entry key="ws-security.ut.no-callbacks" value="true"/> 
      <entry key="ws-security.validate.token" value="false"/> 
     </camelcxf:properties> 
     <camelcxf:inInterceptors> 
      <ref component-id="wsSecInterceptor" /> 
      <ref component-id="authenticationInterceptor"/> 
     </camelcxf:inInterceptors> 
     <camelcxf:features> 
     </camelcxf:features> 
    </camelcxf:cxfEndpoint> 

<camelContext xmlns="http://camel.apache.org/schema/blueprint" id="testWsCtx" trace="true"> 
    <!-- your service implementation --> 
    <route> 
     <from uri="testService2" /> 
     <to uri="..." /> 
    <route> 
</camelContext> 
</blueprint>

來源

2015-12-06 13:24:23 gusto2

相關問題

 相關問題