有了WSO2 ESB 4.8.1,我们尝试将传出消息签名到后端系统。签名本身运行良好,除非请求中存在自定义SOAP标头(后端系统所需的自定义标头)
示例:
客户请求示例:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:head="http://fsb.belgium.be/header" xmlns:ser="http://cjcs-cg.just.fgov.be/service-v1.0">
<soapenv:Header>
<head:myHeader xmlns:head="http://mytest.headers/header">
<head:messageId>594fcbc4-d3d4-11e5-ab30-625662870762</head:messageId>
</head:myHeader>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-37">
<wsu:Created>2016-05-20T14:30:54.827Z</wsu:Created>
<wsu:Expires>2016-05-20T14:35:54.827Z</wsu:Expires>
</wsu:Timestamp>
<head:messageId xmlns:head="http://mytest.headers/header">594fcbc4-d3d4-11e5-ab30-625662870762</head:messageId>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-2541F55E8971D834D1146375465482873">MIIH..long certificate here... ==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-38">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-1094174436">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>P571zv6yej1+7gAVD6gSum61Vz0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-37">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>+APmWSyt57oePoeY1KdKjaCNI6E=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
DDZ6PefoInpfaaL7Ge/SCt02KJRP9xGA2Jd8YJXuzfMF+hIQybEm14JcjLB0YsQVbpVbonO8D
DDZ6 deleted =
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-2541F55E8971D834D1146375465482974">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-2541F55E8971D834D1146375465482975">
<wsse:Reference URI="#CertId-2541F55E8971D834D1146375465482873" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1094174436">
<ser:listTypesRequest>
</ser:listTypesRequest>
</soapenv:Body>
</soapenv:Envelope>
在后端收到以下消息后,注意安全标头中的head:messageId元素,这会导致安全标头无效(至少后端系统声称它无法处理head:messageId元素来自安全令牌)。如果我拦截并切断Security头中的head:messageId元素,后端会认为该消息有效。
Caused by: java.lang.ClassCastException: org.apache.axiom.om.impl.llom.OMElementImpl cannot be cast to org.apache.axiom.soap.SOAPHeaderBlock
at org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:99)
我已经尝试在代理流中清理和定义自定义SOAP Header,但是然后Rampart抛出了一个异常,它无法将OMElement转换为SOAP Header:
{{1}}
所以 - 问题:
提前感谢您提供任何帮助/提示。