Java SOAP标头标记和命名空间仅出现在响应中

时间:2016-11-17 16:30:32

标签: java xml web-services soap xml-signature

我将一个WebService部署到服务器中,一个客户端正在执行请求。我有建立SSL连接的客户端和服务器证书,并在服务器端构建签名,然后客户端尝试验证它。 问题是当服务器签署SOAP消息时,它看起来像这样:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope">
<S:Body>
<ns2:ResponseMessage xmlns="urn:iec62325.504:messages:1:0" xmlns:ns2="http://iec.ch/TC57/2011/schema/message">
<ns2:Header>
<ns2:Verb>reply</ns2:Verb>
<ns2:Noun>QueryData</ns2:Noun>
<ns2:Timestamp>2016-11-17T15:44:51Z</ns2:Timestamp>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>yLDpd7Nck0LUBDjoKHM/uh/iCad2v5GhFR+7GTWBNh0=</DigestValue>
</Reference>
</SignedInfo>
    <SignatureValue>iovrYXAs+UttPJmu+5kZvnQ6P7XqhfrFd6nEgtArCRT/BwsIZlo6QYH5nCK/M67jCVTHcRso0KDa
o/1YUeZLi6btLu0I9rNKrlXEp7x08ZRrG0sCqaGV//8AK4jnQDJ7TR4At0lfJg/JMniNAxmTCb3M
Py6iP5t4LVlvRPVEb1G44uCzMTjtcseTEPJ+/k+CIsOqQ5zA4Srk05bMdkkse62bGqMPMoqBpU0K
5r29Wl0ZXre/tIt5LJ/7el27MtaIqpo+9CgroFJZUIu6p8Em5p5/s4c5VknWCK2VZVGe7vhjHuiN
vUlbVWV0DiXHC92jQ2Ty4BTMGABALY40h2V7Bg==</SignatureValue>
<KeyInfo>
<X509Data>
...

当客户端的句柄捕获到该消息时,它看起来像这样:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<env:Header/>
<S:Body>
<ns2:ResponseMessage xmlns="urn:iec62325.504:messages:1:0" xmlns:ns2="http://iec.ch/TC57/2011/schema/message">
<ns2:Header>
<ns2:Verb>reply</ns2:Verb>
<ns2:Noun>QueryData</ns2:Noun>
<ns2:Timestamp>2016-11-17T15:44:51Z</ns2:Timestamp>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
...

发送和接收之间的东西是插入此命名空间:

  

的xmlns:ENV =&#34; HTTP://www.w3.org/2003/05/soap-envelope"

和这个空标记:

  

&LT; ENV:页眉/&GT;

为此,客户端无法验证签名

WebService由Netbeans向导通过此wsdl与JAX-WS生成:

<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
    xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
    xmlns:cmsg="urn:iec62325.504:messages:1:0" xmlns:wss="urn:iec62325.504:wss:1:0"
    xmlns:msg="http://iec.ch/TC57/2011/schema/message" targetNamespace="urn:iec62325.504:wss:1:0">
    <types>
        <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
            <xs:import namespace="urn:iec62325.504:messages:1:0"
                schemaLocation="../xsd/urn-iec62325-504-messages-1-0.xsd"/>
            <xs:import namespace="http://iec.ch/TC57/2011/schema/message"
                schemaLocation="../xsd/http-iec-ch-TC57-2011-schema-message.xsd"/>
        </xs:schema>
    </types>
    <message name="msgRequestMessage">
        <part name="parameter" element="msg:RequestMessage"/>
    </message>
    <message name="msgResponseMessage">
        <part name="parameter" element="msg:ResponseMessage"/>
    </message>
    <message name="msgFaultMsg">
        <part name="msgFaultMessage" element="msg:FaultMessage"/>
    </message>
    <portType name="port_TFEDI_type">
        <operation name="request">
            <input message="wss:msgRequestMessage"/>
            <output message="wss:msgResponseMessage"/>
            <fault name="msgFaultMessage" message="wss:msgFaultMsg"/>
        </operation>
    </portType>
    <binding name="binding_TFEDI" type="wss:port_TFEDI_type">
        <soap12:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
        <operation name="request">
            <soap12:operation soapActionRequired="false" style="document"/>
            <input>
                <soap12:body use="literal"/>
            </input>
            <output>
                <soap12:body use="literal"/>
            </output>
            <fault name="msgFaultMessage">
                <soap12:fault name="msgFaultMessage" use="literal"/>
            </fault>
        </operation>
    </binding>
    <service name="ServiceEME">
        <port name="Service_EME_Port" binding="wss:binding_TFEDI">
            <soap12:address location="http://example.com/WebService_EME/Service_EME"/>
        </port>
    </service>
</definitions>

该服务运作正常,但我不知道如何避免此标记。

谢谢

1 个答案:

答案 0 :(得分:-1)

标头是SOAP消息中的必填字段,必须是Envelope下的第一个元素。它也必须是合格的。客户端需要处理此问题,因为它是SOAP standard

相关问题
最新问题