我正在尝试使用受WS-Security保护的Web服务,但我遇到了一些问题。这是一个CMDBuild网络服务。我已经阅读了CMDBuild Webservices Manual,但我还没有成功使用它。
我使用两种方法尝试使用Web服务: SoapUI 和使用Apache CXF的。我将描述我尝试使用这两种方法使用web服务所做的工作。
首先,我成功安装了CMDB应用程序,我可以正常访问WSDL。如果您需要查看 WSDL ,you can see it here。我知道我必须发送用户名令牌,但我不知道的是我必须放置用户名令牌以及我是如何做的。
Web服务中提供的所有方法都可以在身份验证时使用 在CMDBuild系统中。身份验证在WSS上执行 用户名令牌配置文件1.0规范,带摘要密码。
其他问题是如何获取此用户名令牌和摘要密码。我所拥有的是用于访问应用程序GUI的应用程序用户名和密码。
当我尝试使用SoapUI使用任何web服务方法时,响应始终是相同的:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Body>
<soap:Fault>
<soap:Code>
<soap:Value>soap:Sender</soap:Value>
<soap:Subcode>
<soap:Value xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</soap:Value>
</soap:Subcode>
</soap:Code>
<soap:Reason>
<soap:Text xml:lang="en">An error was discovered processing the <wsse:Security> header</soap:Text>
</soap:Reason>
</soap:Fault>
</soap:Body>
</soap:Envelope>
这里,XML请求(由SoapUI生成):
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:soap1="http://soap.services.cmdbuild.org">
<soap:Header/>
<soap:Body>
<soap1:getCardList>
<!--Optional:-->
<soap1:className></soap1:className>
<!--Zero or more repetitions:-->
<soap1:attributeList>
<!--Optional:-->
<soap1:code></soap1:code>
<!--Optional:-->
<soap1:name></soap1:name>
<!--Optional:-->
<soap1:value></soap1:value>
</soap1:attributeList>
<!--Optional:-->
<soap1:queryType>
<!--Optional:-->
<soap1:filter>
<!--Optional:-->
<soap1:name></soap1:name>
<!--Optional:-->
<soap1:operator>?</soap1:operator>
<!--Zero or more repetitions:-->
<soap1:value></soap1:value>
</soap1:filter>
<!--Optional:-->
<soap1:filterOperator>
<!--Optional:-->
<soap1:operator></soap1:operator>
<!--Zero or more repetitions:-->
<soap1:subquery/>
</soap1:filterOperator>
</soap1:queryType>
<!--Zero or more repetitions:-->
<soap1:orderType>
<!--Optional:-->
<soap1:columnName></soap1:columnName>
<!--Optional:-->
<soap1:type></soap1:type>
</soap1:orderType>
<!--Optional:-->
<soap1:limit></soap1:limit>
<!--Optional:-->
<soap1:offset></soap1:offset>
<!--Optional:-->
<soap1:fullTextQuery></soap1:fullTextQuery>
</soap1:getCardList>
</soap:Body>
</soap:Envelope>
使用Java,我尝试使用Apache CXF并自动生成类(wsdl2java)。之后,我编写了一些代码:
public class Main {
public static void main(String[] args) throws MalformedURLException {
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
Proxy315Service srv = new Proxy315Service(new URL("http://example.com.br:8080/cmdbuild/services/soap/Webservices?wsdl"));
Webservices services = srv.getProxy315Port();
EndpointImpl jaxWsEndpoint = (EndpointImpl) EndpointImpl.publish("http://example.com.br:8080/cmdbuild/services/soap/Webservices", services);
Endpoint cxfEndpoint = jaxWsEndpoint.getServer().getEndpoint();
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, "gchaves");
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
MenuSchema menu = services.getMenuSchema();
System.out.println(menu.getDescription());
}
}
输出:
Exception in thread "main" javax.xml.ws.WebServiceException: Could not find service named {http://proxy.sun.com/}Proxy315Service in wsdl http://example.com.br:8080/cmdbuild/services/soap/Webservices?wsdl
at org.apache.cxf.jaxws.ServiceImpl.initializePorts(ServiceImpl.java:161)
at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:149)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:101)
at javax.xml.ws.Service.<init>(Unknown Source)
at com.sun.proxy.Proxy315Service.<init>(Proxy315Service.java:40)
at com.example.main.Main.main(Main.java:26)
答案 0 :(得分:0)
以下是适用于我的示例:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:soap1="http://soap.services.cmdbuild.org">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<soap1:getCardList>
<!--Optional:-->
<soap1:className>Monitor</soap1:className>
<!--Zero or more repetitions:-->
<soap1:attributeList>
<!--Optional:-->
<!--Optional:-->
</soap1:attributeList>
<!--Optional:-->
<soap1:queryType>
<!--Optional:-->
<soap1:filter>
<!--Optional:-->
<soap1:name>Brand</soap1:name>
<!--Optional:-->
<soap1:operator>EQUALS</soap1:operator>
<!--Zero or more repetitions:-->
<soap1:value>HP</soap1:value>
</soap1:filter>
<!--Optional:-->
</soap1:queryType>
<!--Zero or more repetitions:-->
<soap1:orderType>
<!--Optional:-->
<soap1:columnName>Code</soap1:columnName>
<!--Optional:-->
<soap1:type>ASC</soap1:type>
</soap1:orderType>
<!--Optional:-->
<soap1:limit>0</soap1:limit>
<!--Optional:-->
<soap1:offset>0</soap1:offset>
<!--Optional:-->
<soap1:fullTextQuery>*</soap1:fullTextQuery>
</soap1:getCardList>
</soap:Body>
</soap:Envelope>
答案 1 :(得分:0)
虽然为时已晚,但这个答案可能对其他人有所帮助。 请参阅this link,其中说明了如何使用soapUI来使用支持ws-security的Web服务。您应该双击项目(在soapUI中)并配置传出wss。在soap message(xml部分)中,您应该添加wss标头,如上面链接中所述。