ColdFusion cfinvoke(消息安全 - ClientCredentials =用户名)

时间:2017-06-15 17:20:08

标签: wcf coldfusion coldfusion-2016

我有一个WCF服务端点。该服务配置为WCF服务,安全模式= TransportWithMessageCredential,消息安全性clientCredentialType设置为Username,使用CustomValidator进行用户名/密码验证。

我在c#控制台应用程序中有这个代码(可以工作):

   ServiceClient client = new ServiceClient();
    client.ClientCredentials.UserName.UserName = "myusername";
    client.ClientCredentials.UserName.Password = "mypassword";
    Console.WriteLine(client.GetVersion());

上面的代码有效 - 使用cfinvoke的ColdFusion等价物是什么? 我目前有以下(在用户名/密码介绍之前工作正常)

<cfinvoke  
webservice="#wsurl#"
method="getVersion" 
returnvariable="gcversion"
refreshwsdl="true">  
</cfinvoke>

包含“客户端凭据”的适当位置在哪里?

编辑:服务似乎正在使用&#39; WS-Security&#39;。我正在努力寻找有关CF2016对WS-Security的支持的信息。这似乎是一个标准,所以我不确定为什么找到信息很困难。

如果有人能提供任何资源,我将非常感激。

EDIT2 : 我想这样做: ```     ws = CreateObject(&#34; webservice&#34;,wsurl,{refreshwsdl = true}); 

objSoapHeader = XmlParse("<wsse:Security mustUnderstand=""false"" xmlns:wsse=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd""><wsse:UsernameToken><wsse:Username>myun</wsse:Username><wsse:Password>mypass</wsse:Password></wsse:UsernameToken></wsse:Security>");

addSOAPRequestHeader(ws, "ignoredNameSpace", "ignoredName", objSoapHeader,false);

version =ws.getVersion();
writeOutput(version);

但收到以下错误:

Cannot perform web service invocation getVersion.
The fault returned when invoking the web service operation is:

org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security

    at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:105)

    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:171)

    at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)

    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)

    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)

    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

    at cwtgift.CWTGiftServiceStub.getVersion(CWTGiftServiceStub.java:1954)

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

     The error occurred in C:/ColdFusion2016/cfusion/wwwroot/test/getVersion.cfm: line 19

    17 :     addSOAPRequestHeader(ws, "ignoredNameSpace", "ignoredName", objSoapHeader,false);
    18 : 
    19 :     version =ws.getVersion();
    20 :     writeOutput(version);
    21 : </cfscript>

1 个答案:

答案 0 :(得分:2)

在不知道ServiceClient()的具体情况的情况下,我怀疑使用cfinvokeargument可能是传递用户名/密码的最快方式:

<cfinvoke webservice="#wsurl#"
    method="getVersion" 
    returnvariable="gcversion"
    refreshwsdl="true">

    <cfinvokeargument name="UserName" value="myusername" />
    <cfinvokeargument name="Password" value="mypassword" />

</cfinvoke>

如果您需要点击未配置为Web服务的端点,您也可以以类似的方式使用CFHTTP(我还没有详细说明所有参数或值,您需要有关所有细节,请参阅https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-g-h/cfhttp.html

<cfhttp url="" method="" throwOnError="" multipart="" path="" file="" name=""  result="">

    <cfhttpparam type="" name="UserName" value="myusername" />
    <cfhttpparam type="" name="Password" value="mypassword" />

</cfhttp>
相关问题
最新问题