Sign JAX-WS SOAP request
I would like to write a JAX-WS web service that signs my SOAP messages using the http://www.w3.org/TR/xmldsig-core/ recommendation.
With what I found on the internet
-
You can try soapPart.saveChanges();
讨论(0) -
I develop a SOAPHandler for Xml Digital Signature of Soap Request.
public class SOAPSecurityHandler implements LogicalHandler<LogicalMessageContext> { static final String KEYSTORE_FILE = "keystore_name.jks"; static final String KEYSTORE_INSTANCE = "JKS"; static final String KEYSTORE_PWD = "123456"; static final String KEYSTORE_ALIAS = "keystore"; public Set<QName> getHeaders() { return Collections.emptySet(); } @Override public boolean handleMessage(LogicalMessageContext smc) { Boolean outboundProperty = (Boolean) smc .get(MessageContext.MESSAGE_OUTBOUND_PROPERTY); try { if (outboundProperty) { Source source = smc.getMessage().getPayload(); Node root = null; root = ((DOMSource) source).getNode(); XMLSignatureFactory fac = XMLSignatureFactory .getInstance("DOM"); Reference ref = fac.newReference("", fac.newDigestMethod( DigestMethod.SHA1, null), Collections.singletonList(fac .newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null); SignedInfo si = fac.newSignedInfo(fac .newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac .newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); // Load the KeyStore and get the signing key and certificate. KeyStore ks = KeyStore.getInstance(KEYSTORE_INSTANCE); ks.load(new FileInputStream(KEYSTORE_FILE), KEYSTORE_PWD.toCharArray()); KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) ks .getEntry( KEYSTORE_ALIAS, new KeyStore.PasswordProtection(KEYSTORE_PWD .toCharArray())); X509Certificate cert = (X509Certificate) keyEntry .getCertificate(); // Create the KeyInfo containing the X509Data. KeyInfoFactory kif2 = fac.getKeyInfoFactory(); List x509Content = new ArrayList(); x509Content.add(cert.getSubjectX500Principal().getName()); x509Content.add(cert); X509Data xd = kif2.newX509Data(x509Content); KeyInfo ki = kif2.newKeyInfo(Collections.singletonList(xd)); Element header = DOMUtils.getFirstChildElement(root); DOMSignContext dsc = new DOMSignContext( keyEntry.getPrivateKey(), header); XMLSignature signature = fac.newXMLSignature(si, ki); signature.sign(dsc); } } catch (Exception e) { e.printStackTrace(); } return true; } public boolean handleFault(SOAPMessageContext smc) { // addDigitalSignature(smc); return true; } // nothing to clean up public void close(MessageContext messageContext) { } @Override public boolean handleFault(LogicalMessageContext arg0) { // TODO Auto-generated method stub return false; } }I think the problem in code of @AndrewBourgeois is the way of get Source.
Regards,
讨论(0) -
The simplest way is to use functionality integrated in application server. For example :Securing JAX-WS Web services using message-level security with WebSphere App Server
How to configure signing on WAS you can find here.
And here is WebLogic documentation about Configuring Message-Level Security.
讨论(0) -
After the code line:
signature.sign(dsc);insert this statement:
soapMsg.saveChanges();It will save your changes.
讨论(0)
加载中...
- 热议问题