Question

我正在尝试在WSO2 Application Server 5.3.0中保护axis2 Web服务，但Unsecured/Secured链接已禁用。

在5.0.0版本中，我可以点击服务列表中的Unsecured链接或Security中的Service Dashboard > Quality of Service Configuration链接。

我是否需要安装一些功能/模块才能使安全性在5.3.0中发挥作用？（Quality of Service Configuration也没有出现在5.3.0中。

Answer 1

goncalvez。这个配置适用于我，使用WSO2 AS 5.3.0。

你需要进入echo.aar / META-INF / service.xml并放入这个xml：

<service name="echo" serviceDocumentation="echo" exposedAllTransports="false" serviceDeployedTime="1386978405019" successfullyAdded="true" serviceActive="true" utEnabled="true">
    <operation name="echoStringArrays">
        <module name="addressing" version="4.4.1" type="engagedModules"/>
        <module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
    </operation>
    <operation name="echoOMElement">
                    <module name="addressing" version="4.4.1" type="engagedModules"/>
        <module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
    </operation>
    <operation name="echoInt">
        <module name="addressing" version="4.4.1" type="engagedModules"/>
        <module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
    </operation>
    <operation name="throwAxisFault">
        <module name="addressing" version="4.4.1" type="engagedModules"/>
        <module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
    </operation>
    <operation name="echoString">
        <module name="addressing" version="4.4.1" type="engagedModules"/>
        <module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
    </operation>
    <bindings>
        <binding name="echoHttpBinding">
            <operation name="echoStringArrays"/>
            <operation name="echoOMElement"/>
            <operation name="echoInt"/>
            <operation name="throwAxisFault"/>
            <operation name="echoString"/>
            <policyUUID>UTOverTransport</policyUUID>
        </binding>
        <binding name="echoSoap11Binding">
            <operation name="echoStringArrays"/>
            <operation name="echoOMElement"/>
            <operation name="echoInt"/>
            <operation name="throwAxisFault"/>
            <operation name="echoString"/>
            <policyUUID>UTOverTransport</policyUUID>
        </binding>
        <binding name="echoSoap12Binding">
            <operation name="echoStringArrays"/>
            <operation name="echoOMElement"/>
            <operation name="echoInt"/>
            <operation name="throwAxisFault"/>
            <operation name="echoString"/>
            <policyUUID>UTOverTransport</policyUUID>
        </binding>
    </bindings>
 <wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">  
   <wsp:AppliesTo>  
     <policy-subject identifier="binding:soap11"/>  
     <policy-subject identifier="binding:soap12"/>  
   </wsp:AppliesTo>                 
            <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
                <wsp:ExactlyOne>
                    <wsp:All>
                        <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                            <wsp:Policy>
                                <sp:TransportToken>
                                    <wsp:Policy>
                                        <sp:HttpsToken RequireClientCertificate="false"/>
                                    </wsp:Policy>
                                </sp:TransportToken>
                                <sp:AlgorithmSuite>
                                    <wsp:Policy>
                                        <sp:Basic256/>
                                    </wsp:Policy>
                                </sp:AlgorithmSuite>
                                <sp:Layout>
                                    <wsp:Policy>
                                        <sp:Lax/>
                                    </wsp:Policy>
                                </sp:Layout>
                                <sp:IncludeTimestamp/>
                            </wsp:Policy>
                        </sp:TransportBinding>
                        <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                            <wsp:Policy>
                                <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
                            </wsp:Policy>
                        </sp:SignedSupportingTokens>
                    </wsp:All>
                </wsp:ExactlyOne>
                <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
                    <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
                    <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
                    <rampart:timestampTTL>300</rampart:timestampTTL>
                    <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
                    <rampart:timestampStrict>false</rampart:timestampStrict>
                    <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
                    <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
                </rampart:RampartConfig>
  <sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
     <sec:Authorization>
        <sec:property name="org.wso2.carbon.security.allowedroles">admin,sys-admin
        </sec:property>
     </sec:Authorization>
  </sec:CarbonSecConfig>                    
            </wsp:Policy>
         </wsp:PolicyAttachment>  
<transports> 
    <transport>https</transport> 
</transports>
<parameter name="ServiceClass" locked="true">org.wso2.carbon.core.services.echo.Echo</parameter>
 <module ref="rampart"/>
</service>

Answer 2

从所有基于碳核4.4.x的产品中删除了QoS功能。因此，您必须使用wso2 Developer studio或手动编辑services.xml文件，如@Jorge所述，以便为您的axis2服务应用安全性。

带有用户名策略的示例service.xml如下所示

<service name="echo">
    <schema elementFormDefaultQualified="false"/>
    <description>
        This service echos the input provided to it.
    </description>
    <transports> 
        <transport>https</transport> 
        <transport>http</transport> 
    </transports>
    <parameter name="ServiceClass" locked="true">org.wso2.carbon.core.services.echo.Echo</parameter>
                <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
                    <wsp:ExactlyOne>
                        <wsp:All>
                            <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                                <wsp:Policy>
                                    <sp:TransportToken>
                                        <wsp:Policy>
                                            <sp:HttpsToken RequireClientCertificate="false"/>
                                        </wsp:Policy>
                                    </sp:TransportToken>
                                    <sp:AlgorithmSuite>
                                        <wsp:Policy>
                                            <sp:Basic256/>
                                        </wsp:Policy>
                                    </sp:AlgorithmSuite>
                                    <sp:Layout>
                                        <wsp:Policy>
                                            <sp:Lax/>
                                        </wsp:Policy>
                                    </sp:Layout>
                                    <sp:IncludeTimestamp/>
                                </wsp:Policy>
                            </sp:TransportBinding>
                            <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                                <wsp:Policy>
                                    <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
                                </wsp:Policy>
                            </sp:SignedSupportingTokens>
                        </wsp:All>
                    </wsp:ExactlyOne>
                    <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
                        <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
                        <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
                        <rampart:timestampTTL>300</rampart:timestampTTL>
                        <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
                        <rampart:timestampStrict>false</rampart:timestampStrict>
                        <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
                        <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
                    </rampart:RampartConfig>
 <sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
        <sec:Authorization>
            <sec:property name="org.wso2.carbon.security.allowedroles">admin</sec:property>
        </sec:Authorization>
    </sec:CarbonSecConfig>
                </wsp:Policy>
        <module ref="rampart"/>
</service>

WSO2 Application Server 5.3.0中的安全Web服务

2 个答案: