我有一个带WS- *安全性的WCF Web服务,我需要使用WSS4J API为它编写Java客户端。
但是,事实证明WSS4J不支持<SecurityContextToken>和<DerivedKeyToken>标记,这些标记特定于WS-SecureConversation。
有没有办法通过代码或更好的方式通过web.config来关闭它?
更新
服务定义:
<service name="my.service"
behaviorConfiguration="SecureTransport">
<endpoint
address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
<endpoint
contract="my.interface"
binding="wsHttpBinding"
bindingConfiguration="UsernameAndPassword"/>
</service>
行为和约束:
<behaviors>
<serviceBehaviors>
<behavior name="SecureTransport">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="example.API.Security.CustomUserNameValidator, APISecurity" />
<serviceCertificate findValue="CN=Example" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="UsernameAndPassword">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
答案 0 :(得分:0)
只需打开安全上下文,也可能在绑定配置中进行协商:
<bindings>
<wsHttpBinding>
<binding name="UsernameAndPassword">
<security mode="Message">
<message clientCredentialType="UserName" establishSecurityContext="false"
negotiateServiceCredential="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>