我们如何在C++/Linux中为Gsoap实现WSSE插件?此链接不提供所有信息.
问题是我必须包含在我的WSDL生成的头文件中,使它与wsse兼容,以便soapcpp2 header.h生成足够的代码,以便我可以成功编译wsseapi.c?
另外,如果可能的话请提供实现wsse插件的工作示例代码(仅限C++,没有C plz)?
我使用ColdFusion创建了一个使用内联身份验证的Web服务的现有API,但我想使用某种身份验证来保护它,但我无从何处开始.
ColdFusion通过在我的cfcs末尾添加?wsdl来自动生成Web服务.
当我说""我的意思是,对于每个Web服务调用,客户端必须传入soapenv:body中的密钥/传递,如下所示:
<apiKey xsi:type="xsd:string">test</apiKey>
<apiPass xsi:type="xsd:string">test!ng</apiPass>
但我想我想使用WS-Security或基本身份验证,但我不知道我在做什么.
似乎没有人在CF社区做我想问的事情,这似乎很奇怪.
我正在尝试与CXF的WS-security实现(usernametoken)结合在一起.我已经完成了所有工作,如http://cxf.apache.org/docs/ws-security.html所述.我的PasswordCallbackHandler似乎正在工作,但困扰我的是一部分:
if (pc.getIdentifier().equals("joe")) {
// set the password on the callback. This will be compared to the
// password which was sent from the client.
pc.setPassword("password");
}
如上所述
请注意,对于最高版本(包括CXF 2.3.x),明文密码(或任何其他未知密码类型)的特殊情况的密码验证将委托给回调类,请参阅org.apache.ws.security. processor.UsernameTokenProcessor#handleUsernameToken()方法WSS4J项目的javadoc.在这种情况下,ServerPasswordCallback应该类似于以下内容:
所以cxf 2.3.x就是这样完成的
if (pc.getIdentifer().equals("joe") {
if (!pc.getPassword().equals("password")) {
throw new IOException("wrong password");
}
}
我的问题是:我不想pc.setPassword("plainTextPassword"),因为我想将它存储在任何资源中.这种高达2.3.x的设计允许我这样做,因为我可以手动加密它.有没有办法在回调中设置加密密码或对存储的加密密码进行用户名口令认证?
我正在使用cxf 2.5.x.
我有一个WCF SOAP使用者,它由Visual Studio 2012从WSDL实现.WSDL由PeopleTools生成.基础对象是类型System.ServiceModel.ClientBase.
我需要SOAP请求类似于:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sch="http://xmlns.oracle.com/Enterprise/Tools/schemas">
<soapenv:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>[plain text username goes here]</wsse:Username>
<wsse:Password>[plain text password goes here]</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<sch:InputParameters>
<Last_Name>Aren</Last_Name>
<First_Name>Cambre</First_Name>
</sch:InputParameters>
</soapenv:Body>
</soapenv:Envelope>
这是我们最接近的地方:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:MessageID>urn:uuid:3cc3f2ca-c647-466c-b38b-f2423462c837</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">http://[internal URL to soap listener]</a:To>
</s:Header>
<s:Body>
<t:RequestSecurityToken Context="uuid-7db82975-2b22-4236-94a1-b3344a0bf04d-1" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:KeySize>256</t:KeySize>
<t:BinaryExchange ValueType=" http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FgMBAFoBAABWAwFQ9IhUFGUO6tCH+0baQ0n/3us//MMXzQA78Udm4xFj5gAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAABX/AQABAAAKAAYABAAXABgACwACAQA=</t:BinaryExchange>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
你会发现两个问题:
Body不在Header.InputParameters.这是必不可少的C#代码:
var …我正在使用WSIT/Metro创建一个简单的Web服务.当客户端尝试使用简单的用户名/ passowrd身份验证方案连接时,我在服务器上收到以下错误:
2010.03.31. 19:10:33 com.sun.xml.ws.protocol.soap.MUTube getMisUnderstoodHeaders
INFO: Element not understood={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
我不知道如何使WSIT理解安全块.
我从客户端获得的请求:
<?xml version="1.0" encoding="http://www.w3.org/2003/05/soap-envelope" standalone="no"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="true">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-1">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:To>http://localhost:11122/services/TopJtapiRemoteMethods</wsa:To>
<wsa:MessageID>urn:uuid:D5C576F83D74F761311270055433217</wsa:MessageID>
<wsa:Action>urn:hasCallPolling</wsa:Action>
</soapenv:Header>
<soapenv:Body />
</soapenv:Envelope>
服务器的WSDL:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions
targetNamespace="http://soapserver.topjtapi.cti.topdesk.com"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:ns="http://soapserver.topjtapi.cti.topdesk.com"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:wsoap12="http://schemas.xmlsoap.org/wsdl/soap12/">
<wsp:Policy wsu:Id="PasswordAuthPolicy">
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:Policy>
<wsdl:types>
<!-- ... -->
</wsdl:types>
<wsdl:message name="incomingCallRequest">
<!-- ... -->
</wsdl:message>
<wsdl:portType …我正在尝试使用Apache CXF开发支持WS-security的Web服务.我关注的教程就在这里.不幸的是,我不断得到以下错误让人感到懊恼.我正在使用Spring framework 3.0.5和CXF 2.3.3以及WSS4J 1.6.1.这可能是一个愚蠢的问题,但我几乎厌倦了寻找解决方案.请帮忙....
org.springframework.web.util.NestedServletException: Handler processing failed; nested exception is java.lang.NoSuchMethodError: org.apache.ws.security.util.WSSecurityUtil.decodeAction(Ljava/lang/String;Ljava/util/Vector;Lorg/apache/ws/security/WSSConfig;)I
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:839)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
root cause
java.lang.NoSuchMethodError: org.apache.ws.security.util.WSSecurityUtil.decodeAction(Ljava/lang/String;Ljava/util/Vector;Lorg/apache/ws/security/WSSConfig;)I
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:192)
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:134)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
$Proxy800.getEmployee(Unknown Source)
org.samith.web.controller.FrontController.frontRequestHandler(FrontController.java:35)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
这就是我的客户端代码的样子.
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
new String[]{"SpringCXFClient-servlet.xml"});
AuthService client = (AuthService) context.getBean("client");
Employee employee = client.getEmployee("0223938");
model.addAttribute("lastname", employee.getLastName());
model.addAttribute(
"firstname", employee.getFirstName());
和我的clientCXF.xml文件,
<bean id="proxyFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass" …我正在使用Apache CXF来构建Web服务.它使用Apache WSS4J来提供WS-Security功能.我需要发出SOAP请求,必须签名.
这是我传递给WSS4J的属性文件的内容:
org.apache.ws.security.crypto.provider = org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type = PKCS12
org.apache.ws.security.crypto.merlin.keystore.provider = BC
org.apache.ws.security.crypto.merlin.keystore.password = 12345678
org.apache.ws.security.crypto.merlin.keystore.alias = my-alias
org.apache.ws.security.crypto.merlin.keystore.file = my_certificate.p12
我希望摆脱那条线,我的密码写成纯文本.我删除了那一行并为我的WSS4JOutInterceptor提供了一个密码回调处理程序,就像上面的代码一样:
public SoapInterceptor newSignerInterceptor() {
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, "Signature");
outProps.put(WSHandlerConstants.USER, config.getKeyAlias());
outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
outProps.put(WSHandlerConstants.USE_REQ_SIG_CERT, WSHandlerConstants.SIGNATURE_USER);
outProps.put(WSHandlerConstants.USE_SINGLE_CERTIFICATE, "false");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, this.getClass().getName());
outProps.put(WSHandlerConstants.SIG_PROP_FILE, config.getPropertiesFileName());
return new WSS4JOutInterceptor(outProps);
}
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
((WSPasswordCallback) callbacks[i]).setPassword(password);
}
} …我正在使用 Apache CXF 从 Java 客户端调用 WCF 服务。使用另一个地址的 STS 来保护服务的安全。我已将服务客户端配置为在调用主服务之前调用安全令牌,并且它可以工作(它尝试调用 STS),但 STS 期望在元素中提供一些额外的数据RequestSecurityToken。STS 的策略指定RequestSecurityToken在发送之前对其进行加密和签名,这就是导致我出现问题的原因。加密和签名正在工作,但我似乎无法在加密之前修改 SOAP 消息。
我查看了这个问题:如何修改出站 CXF 请求的原始 XML 消息?虽然它有很大帮助,但我需要更改的 XML 部分位于已加密和签名的 SOAP 消息的一部分内。
我做了一个Interceptor并在我能找到的所有不同阶段进行了尝试,但在RequestSecurityToken创建和加密和签名之间似乎没有一个阶段被调用。
有吗?或者已经有一个可以向其中添加额外元素的工具RequestSecurityToken?
为了清楚起见编辑:
这是我的 RST 现在的样子:
<wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
<wsp:AppliesTo xmlns:wsp="http://www.w3.org/ns/ws-policy">
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>http://localhost:9085/MyService</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>
<wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType>
<wst:KeySize>192</wst:KeySize>
<wst:Entropy>
<wst:BinarySecret Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">OlbfbuCUf3N2lNf9mhD03gfeMk0TfPI2nLWx8edlL5w=</wst:BinarySecret>
</wst:Entropy>
<wst:ComputedKeyAlgorithm>http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1</wst:ComputedKeyAlgorithm>
<wst:Renewing/>
</wst:RequestSecurityToken>
以下是服务提供商的文档所说的大致内容(请注意Credentials末尾附近的元素):
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://localhost:9085/MyService</Address>
</EndpointReference>
</wsp:AppliesTo>
<t:Entropy>
<t:BinarySecret u:Id="uuid-e2d08122-45ab-45cd-80d1-46de2306836b-1" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce" …我正在尝试调用 Web 服务并希望手动将 ws-security 标头添加到请求中,因为 .net core 2.2 当前不支持 ws-security。
我已经创建了我的自定义安全头类:
public class SoapSecurityHeader : MessageHeader
{
private readonly string _password, _username;
public SoapSecurityHeader(string id, string username, string password)
{
_password = password;
_username = username;
}
public override bool MustUnderstand => true;
public override string Name
{
get { return "Security"; }
}
public override string Namespace
{
get { return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; }
}
protected override void OnWriteStartHeader(XmlDictionaryWriter writer, MessageVersion messageVersion)
{
writer.WriteStartElement("wsse", Name, Namespace);
writer.WriteAttributeString("s", "mustUnderstand", "http://schemas.xmlsoap.org/soap/envelope/", "1"); …帮助签署 SOAP 调用。
在 .Net Framework 的旧实现中,其工作方式为 (Microsoft.Web.Services3):
var svc = new QueryNumberPortingService.QueryNumberPortingService
{
Url = "someServiceUrl"
};
var cert = new X509Certificate2("certFilePath", "certPassword", X509KeyStorageFlags.MachineKeySet);
svc.wsMessageHeader = new WsMessageHeaderType { ... };
var signatureToken = new X509SecurityToken(cert);
SoapContext requestContext = svc.RequestSoapContext;
requestContext.Security.Elements.Add(new MessageSignature(signatureToken));
return svc;
收到的输出:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
// Custom headers
// ...
<wsa:Action wsu:Id="Id-b6bb139a-38eb-4b01-8adc-dd8f7212dd65">...</wsa:Action>
<wsa:MessageID wsu:Id="Id-4601e0cd-aae2-4405-a7ec-8a6002563478">urn:uuid:6eaf15d8-9769-454f-9fc3-9757a7a8c924</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-c6a68fcf-2b3d-4f02-afcf-e88fa760e7b8">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-1b0b6cf7-a96c-4a09-a57e-c96122fadb0c">https://...</wsa:To>
<wsse:Security soap:mustUnderstand="1"> …ws-security ×10
cxf ×4
java ×3
wcf ×3
asp.net-core ×2
c# ×2
soap ×2
web-services ×2
asp.net-4.5 ×1
c++ ×1
coldfusion ×1
gsoap ×1
linux ×1
security ×1
spring ×1
wcf-security ×1
wsdl ×1
wsit ×1
wss4j ×1
xml ×1