有没有办法让wss4j不在SOAP标头中添加ws-security的Timestamp元素?
我现在拥有的是:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header>
<ns3:Security xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="http://www.rsa.com/names/2009/12/std-ext/WS-Trust1.4/advice" xmlns:ns6="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns7="http://www.w3.org/2000/09/xmldsig#" xmlns:ns8="http://www.rsa.com/names/2009/12/std-ext/SAML2.0" xmlns:ns9="urn:oasis:names:tc:SAML:2.0:conditions:delegation" soap:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"><wsu:Created>2015-11-18T16:32:21.705Z</wsu:Created><wsu:Expires>2015-11-18T16:37:21.705Z</wsu:Expires></wsu:Timestamp>
<ns2:Timestamp xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns3="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns4="http://www.w3.org/2005/08/addressing" xmlns:ns5="http://www.rsa.com/names/2009/12/std-ext/WS-Trust1.4/advice" xmlns:ns6="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns7="http://www.w3.org/2000/09/xmldsig#" xmlns:ns8="http://www.rsa.com/names/2009/12/std-ext/SAML2.0" xmlns:ns9="urn:oasis:names:tc:SAML:2.0:conditions:delegation" ns2:Id="_32c97089-04ac-49b0-8758-3d176d110ec7"><ns2:Created>2015-11-18T16:32:19.373Z</ns2:Created><ns2:Expires>2015-11-18T16:42:19.373Z</ns2:Expires></ns2:Timestamp>
..........Truncated
&lt; wsu:时间戳&gt;元素由wss4j添加。 &lt; ns2:时间戳&gt; element由自定义时间戳处理程序添加。
如何阻止wss4j添加timestamp元素,以便SOAP标头中只有1个时间戳(自定义时间戳处理程序添加的时间戳)?
任何帮助将不胜感激!
答案 0 :(得分:0)
我对CXF并不熟悉,但我在Spring上使用了WSS4J,我猜它非常相似。
可以在http://cxf.apache.org/docs/ws-security.html上找到以下代码段:
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.TIMESTAMP + " " +
WSHandlerConstants.SIGNATURE + " " +
WSHandlerConstants.ENCRYPT);
这定义了您希望WSS4J执行的三个“安全”操作,由空白字符分隔。你的配置中可能有类似的东西;如果你想摆脱WSS4J生成的Timestamp头,只需删除WSHandlerConstants.TIMESTAMP
。