我已经实现了Spring XwsSecurityInterceptor,并在<wsse:Security/>标签(OASIS WS-Security)内使用<wsse:UsernameToken/>接收soap消息。
现在我正在尝试实现一个日志拦截器来记录DB中的请求/响应soap消息。
我可以得到安全元素在 getSource() 方法我的自定义日志拦截器(扩展org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor):
@Override
protected Source getSource(WebServiceMessage message) {
SaajSoapMessage soap = (SaajSoapMessage) message;
logger.info(Utils.getSoapEnvelopeAsString(soap));
// this envelop contains the <wsse:Security/> element as expected
// ...
// ...
}
但我的问题是,当我提取信封内我的端点方法,我没有得到 <wsse:Security/> 元素在头了。
public JAXBElement<MyResponseType> getRecepientInfo(@RequestPayload JAXBElement<MyRequestType> request, MessageContext messageContext) {
SaajSoapMessage soapReq = (SaajSoapMessage) messageContext.getRequest();
logger.info(Utils.getSoapEnvelope(soapReq));
// this envelop doesn't contain the <wsse:Security/> element
}
以下是Utils.getSoapEnvelope(soap)的代码:
public static String getSoapEnvelope(SaajSoapMessage soapMessage) {
SoapEnvelope envelope = soapMessage.getEnvelope();
String envelopeMessge = "";
try {
envelopeMessge = Utils.getSourceAsString(envelope.getSource());
} catch (Exception e) {
// TODO handle Exception here.
}
return envelopeMessge;
}
public static String getSourceAsString(Source source) throws Exception{
TransformerFactory tfactory = TransformerFactory.newInstance();
Transformer xform = tfactory.newTransformer();
StringWriter writer = new StringWriter();
Result result = new StreamResult(writer);
xform.transform(source, result);
return writer.toString();
}
弹簧删除 <wsse:Security/> 元素从头认证已完成后?或者,我做错了什么?
我应该如何得到 <wsse:Security/> 元素从头内端点方法?
我知道这是一个迟来的答案,但是对于可能感兴趣的人来说,我找到了解决这个问题的方法。
您需要修改securityPolicy.xml文件,以便保留安全头。只需将属性retainSecurityHeader设置为true。下面是这样一个文件的示例:
<xwss:SecurityConfiguration retainSecurityHeader="true" dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:UsernameToken digestPassword="false" useNonce="false" id="someId"/>
</xwss:SecurityConfiguration>