我一直把头发拉过这一头而且我无法让它发挥作用。我有一个我调用的web服务生成一个安全令牌,然后需要将其传递给SOAP头内的后续服务调用。我得到了那个部分工作得很好,但标题部分让我绊倒(我使用cxf wsdl2java生成了客户端)。这是应该添加的部分:
<wsse:BinarySecurityToken ValueType="XXXX" EncodingType="wsse:Base64Binary" wsu:Id="SecurityToken">
My token
</wsse:BinarySecurityToken>
我尝试使用像这样的WSS4JOutInterceptor:
Endpoint endpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put("SecurityToken", MY-TOKEN);
endpoint.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
但这不起作用。我尝试将其直接添加到标题中(如this question所示):
List<Header> headers = new ArrayList<Header>();
SOAPFactory sf = SOAPFactory.newInstance();
SOAPElement authElement = sf.createElement(new QName(null, "wsse:BinarySecurityToken"));
authElement.setAttribute("ValueType", "XXXX");
authElement.setAttribute("EncodingType", "wsse:Base64Binary");
authElement.setAttribute("wsu:Id", "SecurityToken");
authElement.addTextNode(MY-TOKEN);
SoapHeader tokenHeader = new SoapHeader(
new QName(null, "wsse:BinarySecurityToken"), authElement);
headers.add(tokenHeader);
((BindingProvider) service).getRequestContext().put(Header.HEADER_LIST, headers);
它看起来几乎没问题
<soap:Header><BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="XXXX" wsu:Id="SecurityToken">MY-TOKEN</BinarySecurityToken></soap:Header>
BinarySecurityToken部分缺少wsse:前缀,但调用失败。
有没有人得到类似的工作 - 或者我完全错了?
答案 0 :(得分:6)
@zengr是的,我终于明白了,它错过了命名空间,所以我做的是:
private static final String XMLNS_WSU = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
private static final String XSD_WSSE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
final List<Header> headers = new ArrayList<Header>();
final SOAPFactory sf = SOAPFactory.newInstance();
final SOAPElement securityElement = sf.createElement("Security", "wsse", XSD_WSSE);
final SOAPElement authElement = sf.createElement("BinarySecurityToken", "wsse", XSD_WSSE);
authElement.setAttribute("ValueType", "WASP");
authElement.setAttribute("EncodingType", "wsse:Base64Binary");
authElement.setAttribute("wsu:Id", "SecurityToken");
authElement.addAttribute(new QName("xmlns:wsu"), XMLNS_WSU);
authElement.addTextNode(StringUtils.replace(SessionToken.getEncodedSessionToken(), "\n", ""));
securityElement.addChildElement(authElement);
final SoapHeader securityHeader = new SoapHeader(
new QName(null, "Security"), securityElement);
headers.add(securityHeader);
((BindingProvider) interactiveService).getRequestContext().put(Header.HEADER_LIST, headers);
这就是诀窍
答案 1 :(得分:2)
谢谢。我有类似的情况,除了我必须在标题下的元素元素中添加标记。这很简单,但我在这里粘贴解决方案以获得更完整的文档。
String token = "authentication token given from service";
SOAPFactory sf = SOAPFactory.newInstance();
SOAPElement authElement = sf.createElement(new QName("urn:example.com", "Authentication"));
SOAPElement tokenElement = sf.createElement(new QName(null, "AuthenticationToken"));
tokenElement.addTextNode(token);
authElement.addChildElement(tokenElement);
List<Header> headers = new ArrayList<Header>();
Header dummyHeader = new Header(new QName("urn:example.com"), authElement);
headers.add(dummyHeader);
导致
<S:Header><Authentication xmlns="urn:example.com"><AuthenticationToken>authentication token given from service</AuthenticationToken></Authentication></S:Header>