请求中的WS-Security标头不匹配

时间:2019-07-15 07:27:42

标签: wso2esb ws-security rampart

我们在哪里定义将哪个安全头放置在何处。我有一个需要使用ws-security的Web服务,需要使用它(为此我正在使用wso2 ESB 4.9.0)我可以看到的是,当尝试通过ESB调用客户端时,报头不匹配,我出现错误。下面给出了预期的请求消息和ESB生成的请求消息。如果有人可以帮助,我们将非常高兴。

预期的请求消息 

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mob="http://com.mobitel.payment/MobitelPaymentGW/">
   <soapenv:Header>
      <wsse:Security 
         xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
         soapenv:mustUnderstand="1">
         <wsse:UsernameToken 
            wsu:Id="UsernameToken-B4BD97FC2A64C1B4DE15580859645869">
            <wsse:Username>MobitelPaymentGWUser</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">MobitelPay#123Test</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">8mIivn6+R6uqXclmVDva1A==</wsse:Nonce>
            <wsu:Created>2019-05-17T09:39:24.586Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <mob:payBill>
         <transaction>
            <serviceId>TEST</serviceId>
            <mobileOrAccountNo>0710380350</mobileOrAccountNo>
            <signature>201905170000000007</signature>
            <amount>1</amount>
            <payMode>COU</payMode>
            <txnDate>2019-05-17 13:28:00</txnDate>
         </transaction>
      </mob:payBill>
   </soapenv:Body>
</soapenv:Envelope>

ESB生成的请求 

[![<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
   <soapenv:Header>
      <wsse:Security 
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
        soapenv:mustUnderstand="true">
         <wsse:UsernameToken 
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
            wsu:Id="UsernameToken-4">
            <wsse:Username>MobitelPaymentGWUser</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">MobitelPay#123Test
            </wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">pf0L6vJFNPvYzn+Zaz8PJQ==
            </wsse:Nonce>
            <wsu:Created>2019-07-15T03:23:29.681Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <mob:payBill xmlns:mob="http://com.mobitel.payment/MobitelPaymentGW/">
         <transaction xmlns="http://ws.apache.org/ns/synapse">
            <serviceId>TEST</serviceId>
            <mobileOrAccountNo>0710380350</mobileOrAccountNo>
            <signature>201905170000000007</signature>
            <amount>1</amount>
            <payMode>COU</payMode>
            <txnDate>2019-05-17 13:28:00</txnDate>
         </transaction>
      </mob:payBill>
   </soapenv:Body>
</soapenv:Envelope>

Rampart版本1.6.1

添加了一个图像,用于指示标题不同的地方:1

预先感谢 Yasothar

1 个答案:

答案 0 :(得分:0)

我已经看了一眼,没有发现任何明显的差异。是的,名称空间声明不在同一位置,但是两者都是“ XML等效”的,因此,如果接收端遵循相同的标准,则签名不会成为问题。 编辑:并非所有建议都是有效的,因为这是关于基本身份验证而不是签名的。

相关问题
最新问题