Spring Web服务模板:添加用户名令牌

时间:2012-02-14 20:53:04

标签: web-services spring jax-ws spring-ws

我有一个Web应用程序,它充当使用Spring WS实现的Jax-WS Web服务的客户端。 Spring WS配置为在SOAP标头中需要用户名标记。在Web应用程序中,我计划使用Spring Web服务模板,但我似乎找不到任何显示如何将UsernameToken添加到传出请求的示例。

有人能指出我正确的方向吗?

感谢。

3 个答案:

答案 0 :(得分:11)

您必须使用Interceptors。请参阅Chapter 7. Securing your Web services with Spring-WS

配置将是这样的

<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
    <property name="marshaller" ref="marshaller" />
    <property name="unmarshaller" ref="marshaller" />
    <property name="defaultUri"
        value="http://localhost:8080/ws-demo/myws" />
    <property name="interceptors">
        <list>
            <ref bean="wsSecurityInterceptor" />
        </list>
    </property>
</bean>

<bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    <property name="securementActions" value="UsernameToken"/>
    <property name="securementUsername" value="Ernie"/>
    <property name="securementPassword" value="Bert"/>
</bean>

答案 1 :(得分:2)

除了jddsantaella的回答之外,客户端类可以使用SAAJ在SOAP头中添加用户名令牌:

OrganisationPortfolioRequest request = WS_CLIENT_FACTORY.createOrganisationsPortfolioRequest();
OrganisationPortfolioResponse response;

response = (OrganisationPortfolioResponse) webServiceTemplate.marshalSendAndReceive(request, 
            new WebServiceMessageCallback() {
        public void doWithMessage(WebServiceMessage message) throws IOException, TransformerException {
            SaajSoapMessage soapMessage = (SaajSoapMessage) message;
            SoapEnvelope envelope = soapMessage.getEnvelope();
            envelope.addNamespaceDeclaration("soapenv", "http://schemas.xmlsoap.org/soap/envelope/");
            envelope.addNamespaceDeclaration("s", "http://company.com/ws/security.xsd");

            SoapHeaderElement username =  soapMessage.getSoapHeader().addHeaderElement(new QName("http://company.com/ws/security.xsd", "username", "s"));
            username.setText(getCurrentUser.getUsername());
        }
    });
response.getResults();

答案 2 :(得分:2)

以上给出的答案用于xml。

我在这里提到了用于Web服务的usernameToken安全策略的注释基础配置。

使用Spring Boot客户端添加此配置

@Bean
public WebServiceTemplate webServiceTemplate() {
    WebServiceTemplate webServiceTemplate = new WebServiceTemplate();
    webServiceTemplate.setMarshaller(marshaller());
    webServiceTemplate.setUnmarshaller(marshaller());
    webServiceTemplate.setDefaultUri("http://localhost:8080/ws");
    webServiceTemplate.setInterceptors(new ClientInterceptor[] {wsSecurityInterceptor()}); 
    return webServiceTemplate;
}

@Bean
public Wss4jSecurityInterceptor wsSecurityInterceptor() {
    Wss4jSecurityInterceptor wss4jSecurityInterceptor = new Wss4jSecurityInterceptor();
    wss4jSecurityInterceptor.setSecurementActions(WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.USERNAME_TOKEN);
    wss4jSecurityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT);
    wss4jSecurityInterceptor.setSecurementUsername("user");
    wss4jSecurityInterceptor.setSecurementPassword("password");
    return wss4jSecurityInterceptor;
}
相关问题
最新问题