小贝子编程

安讯士网络服务标头安全密码文本



我是安全标头的新手,我需要您的帮助。我可以通过身份验证进行轴 Web 服务调用,这很容易,但在安全性方面却很困难。我有以下安全标头,它无法真实,我知道这是因为用户名令牌,因为我收到异常:org.apache.ws.security.WSSecurityException:提供了无效的安全令牌(处理用户名令牌时出错)。

这是来自 Soapui 的工作请求

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-1"> <wsse:Username>tibco-admin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">secret</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">d6zrRrsSdfulAUmTq6VFtQ==</wsse:Nonce> <wsu:Created>2014-01-07T15:55:58.816Z</wsu:Created> </wsse:UsernameToken> </wsse:Security>

这是从 java 失败的请求: 

<wsse:Security xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <wsse:UsernameToken wsu:Id="UsernameToken-2">
     <wsse:Username xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">tibco-admin</wsse:Username>
     <wsse:Password EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">secret</wsse:Password>
     <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">XY7Kb6UcEhloWOlmcbDlGg==</wsse:Nonce>
     <wsse:Created xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">2014-01-07T17:48:39Z</wsse:Created>
 </wsse:UsernameToken>

我的 java 代码是:

            //set header
            SOAPHeaderElement wsseSecurity =  new SOAPHeaderElement(new PrefixedQName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security", "wsse"));
            wsseSecurity.setMustUnderstand(true);
            wsseSecurity.setAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            wsseSecurity.setActor(null);
            //set userNameToken
            SOAPElement userNameToken = wsseSecurity.addChildElement("UsernameToken", "wsse");
            userNameToken.setAttribute("wsu:Id", "UsernameToken-1");
            //set username
            SOAPElement userName = userNameToken.addChildElement("Username", "wsse");
            userName.setValue("tibco-admin");
            //set password
            SOAPElement password = userNameToken.addChildElement("Password", "wsse");
            password.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
            password.setValue("secret");
            //set nonce
            SOAPElement nonce = userNameToken.addChildElement("Nonce", "wsse");
            nonce.setValue("XY7Kb6UcEhloWOlmcbDlGg==");
            nonce.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
            //set created
            Calendar c = Calendar.getInstance();
            c.setTime(new Date());
    String timestamp = DatatypeConverter.printDateTime(c);
    timestamp = timestamp.substring(0, 19);
    timestamp = timestamp+"Z";
            SOAPElement created = userNameToken.addChildElement("Created", "wsse");
            created.setValue(timestamp);
            stub.setHeader(wsseSecurity);
            System.out.println(wsseSecurity);
    stub.setUsername("tibco-admin");
    stub.setPassword("secret");

我硬编码了随机数的值以进行测试。

任何帮助或指示将不胜感激。

我发现了这个问题,我在代码中犯了一个愚蠢的错别字,

我将以下内容的属性名称设置为编码类型,但失败了。它应该是:

password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");

错误出在密码中,

尝试

"password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"); password.setValue("secret");"

SOAPElement create = userNameToken.addChildElement("Created", "wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium