如何向SOAP请求添加标头?
我尝试通过java代码调用HTTPS SOAP Web服务:
URL url = new URL("https://somehost:8181/services/"SomeService?wsdl"); QName qname = new QName("http://services.somehost.com/", "SomeService"); Service service = Service.create(url, qname); SomeService port = service.getPort(SomeService .class); port.doSomething(); 但得到例外:
threw an unexpected exception: javax.xml.ws.soap.SOAPFaultException: Security Requirements not met - No Security header in message
当我分析正确的请求样本时,我确定它必须包含标题:
http://somehost:8181/services/SomeService https://somehost:8181/services/"SomeService/doSomethingRequest http://www.w3.org/2005/08/addressing/anonymous uuid:3428539e-d645-72ae-adc0-5423c1e68942 2013-01-15T16:36:30Z 2014-01-15T14:06:30Z
那么如何将这个头添加到我的SOAP请求中呢?
我个人添加了两个类:HeaderHandler和HeaderHandlerResolver:
import java.util.HashSet; import java.util.Set; import javax.xml.namespace.QName; import javax.xml.soap.SOAPElement; import javax.xml.soap.SOAPEnvelope; import javax.xml.soap.SOAPHeader; import javax.xml.soap.SOAPMessage; import javax.xml.ws.handler.MessageContext; import javax.xml.ws.handler.soap.SOAPHandler; import javax.xml.ws.handler.soap.SOAPMessageContext; public class HeaderHandler implements SOAPHandler { public boolean handleMessage(SOAPMessageContext smc) { Boolean outboundProperty = (Boolean) smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY); if (outboundProperty.booleanValue()) { SOAPMessage message = smc.getMessage(); try { SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope(); SOAPHeader header = envelope.addHeader(); SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse"); usernameToken.addAttribute(new QName("xmlns:wsu"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); SOAPElement username = usernameToken.addChildElement("Username", "wsse"); username.addTextNode("test"); SOAPElement password = usernameToken.addChildElement("Password", "wsse"); password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"); password.addTextNode("test321"); //Print out the outbound SOAP message to System.out message.writeTo(System.out); System.out.println(""); } catch (Exception e) { e.printStackTrace(); } } else { try { //This handler does nothing with the response from the Web Service so //we just print out the SOAP message. SOAPMessage message = smc.getMessage(); message.writeTo(System.out); System.out.println(""); } catch (Exception ex) { ex.printStackTrace(); } } return outboundProperty; } public Set getHeaders() { // The code below is added on order to invoke Spring secured WS. // Otherwise, // http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd // won't be recognised final QName securityHeader = new QName( "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security", "wsse"); final HashSet headers = new HashSet(); headers.add(securityHeader); return headers; } public boolean handleFault(SOAPMessageContext context) { //throw new UnsupportedOperationException("Not supported yet."); return true; } public void close(MessageContext context) { //throw new UnsupportedOperationException("Not supported yet."); } }
和
import java.util.ArrayList; import java.util.List; import javax.xml.ws.handler.Handler; import javax.xml.ws.handler.HandlerResolver; import javax.xml.ws.handler.PortInfo; public class HeaderHandlerResolver implements HandlerResolver { public List getHandlerChain(PortInfo portInfo) { List handlerChain = new ArrayList (); HeaderHandler hh = new HeaderHandler(); handlerChain.add(hh); return handlerChain; } }
在HeaderHandler类中,您可以添加所需的凭据。 最后使用它们:
HeaderHandlerResolver handlerResolver = new HeaderHandlerResolver(); service.setHandlerResolver(handlerResolver);
我按照@LaabidiRaissi提到的步骤进行了操作。 代码工作正常但它永远不会在标头下附加安全元素。 我已通过将出站SOAP消息打印到System.out来确认它。 经过深入研究后,我发现需要明确保存SOAPMessage以反映更新的消息头。
soapMessage.saveChanges();
有关更多参考 – 请检查此链接
您还可以使用Apache wss4j轻松添加标头并加密密码。
import org.apache.ws.security.WSConstants; import org.apache.ws.security.message.WSSecHeader; import org.apache.ws.security.message.WSSecUsernameToken; import javax.xml.namespace.QName; import javax.xml.soap.SOAPMessage; import javax.xml.soap.SOAPPart; import javax.xml.ws.handler.MessageContext; import javax.xml.ws.handler.soap.SOAPHandler; import javax.xml.ws.handler.soap.SOAPMessageContext; import java.io.ByteArrayOutputStream; import java.util.Set; public class WSSecurityHeaderSOAPHandler implements SOAPHandler { private final String usernameText; private final String passwordText; public WSSecurityHeaderSOAPHandler(String usernameText, String passwordText) { this.usernameText = usernameText; this.passwordText = passwordText; } @Override public boolean handleMessage(SOAPMessageContext context) { Boolean outboundProperty = (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY); if (outboundProperty.booleanValue()) { try { SOAPMessage soapMessage = context.getMessage(); soapMessage.removeAllAttachments(); SOAPPart soappart = soapMessage.getSOAPPart(); WSSecHeader wsSecHeader = new WSSecHeader(); wsSecHeader.insertSecurityHeader(soappart); WSSecUsernameToken token = new WSSecUsernameToken(); token.setPasswordType(WSConstants.PASSWORD_DIGEST); token.setUserInfo(usernameText, passwordText); token.build(soappart, wsSecHeader); soapMessage.saveChanges(); } catch (Exception e) { throw new RuntimeException("Error on wsSecurityHandler: " + e.getMessage()); } } return true; } @Override public boolean handleFault(SOAPMessageContext context) { return false; } @Override public void close(MessageContext context) { } @Override public Set getHeaders() { return null; } }
您需要像这样更新您的请求:
// This is the block that apply the Ws Security to the request BindingProvider bindingProvider = (BindingProvider) portType; List handlerChain = new ArrayList<>(); handlerChain.add(new WSSecurityHeaderSOAPHandler("username", "password")); bindingProvider.getBinding().setHandlerChain(handlerChain);
Maven依赖:
org.apache.ws.security wss4j 1.6.19
样本主类:
package test; import java.util.ArrayList; import java.util.List; import javax.xml.ws.BindingProvider; import javax.xml.ws.handler.Handler; // next headers is generated from "NetBeans New Webservice Client" import sk.firma.wstest.definitions.*; import sk.firma.wstest.schemas.*; /** * * @author Jan */ public class TestWSService { /** * @param args the command line arguments */ public static void main(String[] args) { try { WsService service = new WsService(); Ws port = service.getWsKsSoap11(); // This is the block that apply the Ws Security to the request BindingProvider bindingProvider = (BindingProvider) port; @SuppressWarnings("rawtypes") List handlerChain = new ArrayList (); handlerChain.add(new WSSecurityHeaderSOAPHandler("username", "password")); bindingProvider.getBinding().setHandlerChain(handlerChain); // Initialize and Run Service InVal inVal = new InVal(); ReturnValue retVal = port.test(inVal); } catch (Exception e) { e.printStackTrace(); } } }
现在WS-Security Header SOAP Handler:
package test; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.Date; import java.util.HashSet; import java.util.Set; import java.util.TimeZone; import javax.xml.namespace.QName; import javax.xml.soap.SOAPElement; import javax.xml.soap.SOAPEnvelope; import javax.xml.soap.SOAPHeader; import javax.xml.ws.handler.MessageContext; import javax.xml.ws.handler.soap.SOAPHandler; import javax.xml.ws.handler.soap.SOAPMessageContext; public class WSSecurityHeaderSOAPHandler implements SOAPHandler { private static final String URL_WSSE_NAMESPACE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; private static final String URL_WSU_NAMESPACE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; private final String usernameText; private final String passwordText; public WSSecurityHeaderSOAPHandler(String usernameText, String passwordText) { this.usernameText = usernameText; this.passwordText = passwordText; } public String getCurrentDateTime() { /* eg 2001-10-13T09:00:00Z */ final SimpleDateFormat FORMATTER_DATETIME_NO_MS = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); DateFormat dfETC = FORMATTER_DATETIME_NO_MS; dfETC.setTimeZone(TimeZone.getTimeZone("CET")); StringBuffer dateETC = new StringBuffer(dfETC.format(new Date())); dateETC.append('Z'); return dateETC.toString(); } public String getCurrentDateTimePlusDelay(long delayInSeconds) { /* eg 2001-10-13T09:00:00Z */ final SimpleDateFormat FORMATTER_DATETIME_NO_MS = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); DateFormat dfETC = FORMATTER_DATETIME_NO_MS; dfETC.setTimeZone(TimeZone.getTimeZone("CET")); Date date = new Date(); long timeInMsecs = date.getTime(); date.setTime(timeInMsecs + delayInSeconds*1000L); StringBuffer dateETC = new StringBuffer(dfETC.format(date)); dateETC.append('Z'); return dateETC.toString(); } @Override public boolean handleMessage(SOAPMessageContext soapMessageContext) { Boolean outboundProperty = (Boolean) soapMessageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY); if (outboundProperty) { try { SOAPEnvelope soapEnvelope = soapMessageContext.getMessage().getSOAPPart().getEnvelope(); SOAPHeader header = soapEnvelope.getHeader(); if (header == null) { header = soapEnvelope.addHeader(); } SOAPElement securityHeaderElement = header.addChildElement("Security", "wsse", URL_WSSE_NAMESPACE); securityHeaderElement.addAttribute(soapEnvelope.createName("S:mustUnderstand"), "1"); // Add Timestamp element to "Security" soapHeaderElement // Sample: // 2011-10-13T08:20:01.183Z // 2011-10-13T17:25:01.183Z // javax.xml.soap.Name timestampElementName = soapEnvelope.createName("Timestamp", "wsu", URL_WSU_NAMESPACE); SOAPElement timestampSOAPElement = securityHeaderElement.addChildElement(timestampElementName); String created = getCurrentDateTime(); String expires = getCurrentDateTimePlusDelay(60L*60L); /* 60 minutes delay */ // Add Created to Timestamp SOAPElement createdSOAPElement = timestampSOAPElement .addChildElement("Created"/* local name */, "wsu" /* prefix */, URL_WSU_NAMESPACE); createdSOAPElement.addTextNode(created); // Add Expires to Timestamp SOAPElement expiresSOAPElement = timestampSOAPElement .addChildElement("Expires"/* local name */, "wsu" /* prefix */,URL_WSU_NAMESPACE); expiresSOAPElement.addTextNode(expires); // Add usernameToken to "Security" soapHeaderElement javax.xml.soap.Name usernameTokenElementName = soapEnvelope.createName("UsernameToken", "wsse", URL_WSSE_NAMESPACE); SOAPElement usernameTokenSOAPElement = securityHeaderElement.addChildElement(usernameTokenElementName); // Add Username to usernameToken SOAPElement userNameSOAPElement = usernameTokenSOAPElement .addChildElement("Username"/* local name */, "wsse" /* prefix */, URL_WSSE_NAMESPACE); userNameSOAPElement.addTextNode(this.usernameText); // Add password to UsernameToken javax.xml.soap.Name passwordElementName = soapEnvelope.createName("Password", "wsse", URL_WSSE_NAMESPACE); SOAPElement passwordSOAPElement = usernameTokenSOAPElement.addChildElement(passwordElementName); /* Add "Type" attribute to header element */ //passwordSOAPElement.addAttribute(soapEnvelope.createName("Type", "", ""), // "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"); passwordSOAPElement.addTextNode(this.passwordText); } catch (Exception e) { throw new RuntimeException("Error on wsSecurityHandler: " + e.getMessage()); } } return true; } @Override public void close(MessageContext context) { // TODO Auto-generated method stub } @Override public boolean handleFault(SOAPMessageContext context) { // TODO Auto-generated method stub return true; } @Override public Set getHeaders() { // throw new UnsupportedOperationException("Not supported yet."); final QName securityHeader = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security", "wsse"); final HashSet headers = new HashSet(); headers.add(securityHeader); return headers; } }