来自Firefox扩展的SSLHttpRequest over SSL

时间:2010-01-25 16:01:00

标签: javascript firefox ssl xmlhttprequest

我将开发一个firefox扩展,它将XMLHttpRequest发送到this WebService。

我可以使用以下代码(来自overlay.js)正确查询服务:

var req = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:dat=\"http://webservice.whereisnow.com/datatypes\"><soapenv:Header/><soapenv:Body><dat:CurrentDocument><dat:applicationId>1</dat:applicationId><dat:publisherId>84</dat:publisherId><dat:documentId>8</dat:documentId><dat:versionId>1</dat:versionId></dat:CurrentDocument></soapenv:Body></soapenv:Envelope>";
var xmlhttpreq =  Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"].createInstance(Components.interfaces.nsIXMLHttpRequest);

xmlhttpreq.open("POST","https://www.whereisnow.com/webservice",false); // false = async
xmlhttpreq.channel.loadFlags |= Components.interfaces.nsIRequest.LOAD_BYPASS_CACHE;      
xmlhttpreq.send(req);
if (xmlhttpreq.readyState == 4){ 
   if(xmlhttpreq.status == 200)
      alert(xmlhttpreq.responseText);
   else
      alert("Error: xmlhttpreq.status = " + xmlhttpreq.status)
   }
else
   alert("Not ready: xmlHttpreq.readyState = " + xmlHttpreq.readyState);

responseText将是一个我可以操作的有效xml,但WebService可以通过http和https(SSL)访问,我必须通过https进行访问,因为需要进行身份验证才能执行某些操作。

为了通过https访问,我必须使用https://而不是http://来修改端点,并以这种方式修改请求xml:

var req = "<soapenv:Envelope xmlns:dat=\"http://webservice.whereisnow.com/datatypes\" xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"><soapenv:Header><wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:UsernameToken wsu:Id=\"UsernameToken-1\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"><wsse:Username>MY_USERNAME</wsse:Username><wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">SHA1_OF_MY_PASSWORD</wsse:Password></wsse:UsernameToken></wsse:Security></soapenv:Header><soapenv:Body><dat:CurrentDocument><dat:applicationId>1</dat:applicationId><dat:publisherId>84</dat:publisherId><dat:documentId>10</dat:documentId><dat:versionId>1</dat:versionId></dat:CurrentDocument></soapenv:Body></soapenv:Envelope>";

问题是服务器状态始终为500,而responseText始终为:

<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>InvalidSecurity</faultstring><detail></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>

任何帮助?


修改

使用this url处的代码,我发现该服务的SSL证书正常工作。所以我认为问题不在于https ...

1 个答案:

答案 0 :(得分:0)

解决了在打开(...)之后添加以下行:

xmlhttpreq.setRequestHeader("Content-Type", "text/xml; charset=utf-8");
xmlhttpreq.setRequestHeader("SOAPAction", "whereIsNow");