我们有一个使用SOAP安全标头的web服务,如下所示。
我单独发布标题部分,我希望使用spring inteceptors获取/捕获/转储整个soap标题信息。
SqlInjections想要捕捉
之间的所有元素<soapenv:Envelope xmlns:per="http://com/myinfo/webservices/personservice" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-C65BABCE48EB203BE51445418168726378">MIIDQzCCAiugAwIBAgIEazX3vTANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJTRzELMAkGA1UECBMCU0cxCzAJBgNVBAcTAlNHMQwwCgYDVQQKEwNBQ04xDDAKBgNVBAsTA0FDTjENMAsGA1UEAxMEbWl3czAeFw0xNTEwMTQwMzAxMTNaFw0xNjAxMTIwMzAxMTNaMFIxCzAJBgNVBAYTAlNHMQswCQYDVQQIEwJTRzELMAkGA1UEBxMCU0cxDDAKBgNVBAoTA0FDTjEMMAoGA1UECxMDQUNOMQ0wCwYDVQQDEwRtaXdzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYtbz0BhRpHmhBWZO2I7tSY2Od5uvM0qRoJqyjr/I9fl6XOwXINIa+tBoVGeojJ18tZ7hRe24uPR45cQPBsOG73ClWPkhMV9jhcXkStvtBTnVYsJ7uUgciD5o64RQHEKQQ4imClBiV0n/3zCj3/BTv+LGhTdisMEbMZfoNk45nw5Kpv98yt/u9PtC/OclsOaeDM0rhWcVRQRnbAKcOwUcNK/MSsl+Cs2SFr6LQPByXAkPTZvOQMLO8cCWST8jt+wGOFVP3ZtU+PA2jNEkskQuWk03Ee74wVL0sHTwhDuuyWwUZTUR//fZRBSIgHGWIpEISkCg5u4VarPP/D34UOu4wIDAQABoyEwHzAdBgNVHQ4EFgQUc4EjVIcn7U5lDKSO6a4a9YptdF4wDQYJKoZIhvcNAQELBQADggEBACxSa36jLxaE5wC62trVAM1JId2pEUCjhPErgsFZpVA40q5lzo5rhr3wSIq2W7MYE2U7PvuAexsUatpBIHLnCZ4MzgA+drlYtVM2ghYmU8Qq8bv1uBAVZTDb2ni3T3mytjelAE4tbU2xhz9RZ2fSBkuzPguqX4GyuJfhtCmC1A25Xszek8JIzfzTP+dZvqfFvipv2IUE3yqYsbVEynZcaLVLNPvqTwrhUn4JQ7CcuDPGzjzCfMckM2aeobqo7WaA5KcHo8SMCwCmnLqjKBBzIx3c5H7U0TOTLXklwxizi580+T8VVzwELr6TWD6B0zICyhyw+cHDQKKg0Rswb1ygshU=</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-C65BABCE48EB203BE51445418168727381" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="aud per soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-C65BABCE48EB203BE514452344634628">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="aud per" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>EdM5VqPByiliQndKko9KuNv1B2I=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>b1JskNxbAat6oc4UfPOoNYEcVcYe2a7PKfPn/Ttn+unzzmywn/gwlqJwo38Rq4iWUdAPtUqeXEnp/F6U39V/tqg3OYUx6/FRT1yrqpyuLfuJGW9MW6laFZ2UCfJvFEe4QEUU4OdjXrTVmGy9PqFPCd8QBCmpbQfCyvr0nvuvFO0G5Rd0NAP45Bb276ieow7lGXMXIYkRmX956pmMdzrtzw9kneIcCaSqLZ9xBGExMuLErs0s6MAlCkYu3m84h4J7UlTpHtz2+LUZM0eOnPqU63xYVblnxwDs//nN8Tn4hC6gz1oGr4SC5wU8GjZjYBpTqy7nBfx7qMBQjjHDEX2D2A==</ds:SignatureValue>
<ds:KeyInfo Id="KI-C65BABCE48EB203BE51445418168726379">
<wsse:SecurityTokenReference wsu:Id="STR-C65BABCE48EB203BE51445418168726380">
<wsse:Reference URI="#X509-C65BABCE48EB203BE51445418168726378" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
</soapenv:Envelope>
如何实现使用spring端点接收器
非常感谢任何帮助。
由于
答案 0 :(得分:0)
在拦截器中,您可以使用以下表达式来获取整个<soapenv:Header>元素:
((SoapMessage)messageContext.getRequest()).getSoapHeader().getSource()
通常,您会将Source对象传递给Transformer,以将其转换为所需的格式,例如序列化它并将其写入日志文件。