我已经实现了Spring XwsSecurityInterceptor并在<wsse:UsernameToken/>标记(OASIS WS-Security)中收到了带有<wsse:Security/>的soap消息。它工作正常。
现在我正在尝试实现一个日志记录拦截器来记录DB中的请求/响应soap消息。
我可以在我的自定义日志记录拦截器(扩展getSource())的 org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor 方法中获取Security元素:
@Override
protected Source getSource(WebServiceMessage message) {
SaajSoapMessage soap = (SaajSoapMessage) message;
logger.info(Utils.getSoapEnvelopeAsString(soap));
// this envelop contains the <wsse:Security/> element as expected
// ...
// ...
}
但我的问题是,当我在端点方法中提取包络时,我不再在标题中获得 <wsse:Security/> 元素。< / p>
public JAXBElement<MyResponseType> getRecepientInfo(@RequestPayload JAXBElement<MyRequestType> request, MessageContext messageContext) {
SaajSoapMessage soapReq = (SaajSoapMessage) messageContext.getRequest();
logger.info(Utils.getSoapEnvelope(soapReq));
// this envelop doesn't contain the <wsse:Security/> element
}
以下是Utils.getSoapEnvelope(soap)的代码:
public static String getSoapEnvelope(SaajSoapMessage soapMessage) {
SoapEnvelope envelope = soapMessage.getEnvelope();
String envelopeMessge = "";
try {
envelopeMessge = Utils.getSourceAsString(envelope.getSource());
} catch (Exception e) {
// TODO handle Exception here.
}
return envelopeMessge;
}
public static String getSourceAsString(Source source) throws Exception{
TransformerFactory tfactory = TransformerFactory.newInstance();
Transformer xform = tfactory.newTransformer();
StringWriter writer = new StringWriter();
Result result = new StreamResult(writer);
xform.transform(source, result);
return writer.toString();
}
在身份验证完成后,spring是否会从标头中删除 <wsse:Security/> 元素?或者,我在这里做错了什么?
如何从标题内部端点方法中获取 <wsse:Security/> 元素?
答案 0 :(得分:3)
我知道这是一个迟到的答案,但对于他可能感兴趣的人,我发现了如何解决这个问题。
您需要修改 securityPolicy.xml 文件,以便保留安全标头。只需将属性retainSecurityHeader设置为true即可。以下是此类文件的示例:
<xwss:SecurityConfiguration retainSecurityHeader="true" dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:UsernameToken digestPassword="false" useNonce="false" id="someId"/>
</xwss:SecurityConfiguration>