我必须整合两个系统:
整个沟通必须遵守ws-policy asserions:
<wsp:Policy wsu:Id="WSHttpBinding_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11>
<wsp:Policy/>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
我的任务是在java中实现WSP(最好是在Apache CXF中)。分析ws-policy:
似乎我需要使用WS-TRUST规范,除了真正的WSP之外我还需要创建STS。
在DELPHI应用程序中,我只能为webservice指定一个URL。如何实现这样的webservice:
答案 0 :(得分:0)
我使用spring,CXF和jetty服务器创建了WSP项目:
<cxf:bus>
<cxf:features>
<cxf:logging/>
<policy:policies />
</cxf:features>
</cxf:bus>
<httpj:engine-factory id="tls-settings" bus="cxf">
<httpj:engine port="8282">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="s3cret">
<sec:keyStore resource="keystore.jks" password="test" type="JKS"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore resource="keystore.jks" password="test" type="JKS"/>
</sec:trustManagers>
<sec:clientAuthentication want="false" required="false"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
<bean id="serverCallbackHandler" class="pl.ws.ServerCallbackHandler"/>
<jaxws:endpoint id="serviceEndpoint"
address="https://localhost:8282/ws/Service"
implementor="pl.ws.IServiceImpl"
wsdlLocation="WEB-INF/Service.wsdl"
endpointName="s:WSHttpBinding_IService"
serviceName="s:Service"
xmlns:s="https://ws.pl/"
depends-on="tls-settings">
<jaxws:properties>
<entry key="ws-security.signature.properties.sct" value="keystore.properties"/>
<entry key="ws-security.signature.username.sct" value="test"/>
<entry key="ws-security.encryption.username.sct" value="test"/>
<entry key="ws-security.callback-handler.sct" value-ref="serverCallbackHandler"/>
</jaxws:properties>
<jaxws:binding>
<soap:soapBinding version="1.2" mtomEnabled="true" />
</jaxws:binding>
<jaxws:features>
<wsa:addressing />
</jaxws:features>
</jaxws:endpoint>
当我从用DELPHI编写的客户端应用程序调用WSP时,它发送以下请求:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc"
xmlns:d="http://www.w3.org/2000/09/xmldsig#"
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<SOAP-ENV:Header>
<a:MessageID>urn:uuid:413cf8e3-22eb-4ffe-aeff-1425cf08a597</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To SOAP-ENV:mustUnderstand="1">https://localhost:8282/ws/Service?wsdl</a:To>
<a:Action SOAP-ENV:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
<o:Security SOAP-ENV:mustUnderstand="1">
<u:Timestamp u:Id="_0">
<u:Created>2016-02-10T14:11:00.090Z</u:Created>
<u:Expires>2016-02-11T14:11:00.090Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-739d91bf-7f86-40f1-a581-8a67a8dcfcda-1">
<o:Username>test</o:Username>
<o:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
s3cret
</o:Password>
</o:UsernameToken>
</o:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<t:RequestSecurityToken>
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:Entropy>
<t:BinarySecret u:Id="uuid-4c1bb6cc-a1bb-456c-8c8e-bfe3cc185c44-1"
Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">
rkUVjF6Wz2P9K15+KVGIo+kI8CACD9/bNAhcBH5Dm4F=
</t:BinarySecret>
</t:Entropy>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityToken>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
我的WSP应用程序回复:
09:25:07.399 [qtp748720198-33] ERROR o.a.c.w.p.PolicyVerificationInInterceptor - Inbound policy verification failed: These policy alternatives can not be satisfied:
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}HttpsToken
你能帮我理解它的错误吗?
答案 1 :(得分:0)
您实际上并不需要此Web服务的STS - WSDL中没有IssuedToken策略。只是安全对话引导程序的UsernameToken。该错误类似于通过普通http而不是https接收消息的错误。尝试将日志转到DEBUG / FINE并在那里查找错误消息。