问题
I have a wsdl file and i am writing a client for that in WAS 8.0
I kept username/password required for the soap request in ApplicationResources.properties.
I am using 'wss-username-token-profile-1.0',
I am unable to find how to implement this.
I need know, how to write the policy.xml and how to use in the Webservice clienr.
回答1:
The Soap request must contain the appropriate header elements for username token wss profile. Either you can manually create the elements using a Soap handler or SAAJ if youre using Java. In Websphere you can use the feature called "policy sets" to meta program this support with configuration of various policy sets and bindings.
Here is a good article describing how this is done using the configuration approach: http://www.ibm.com/developerworks/websphere/library/techarticles/1103_balakrishnan/1103_balakrishnan.html
Here is a example adding this headers programatically using SAAJ:
public class WssHandler implements SOAPHandler<SOAPMessageContext> {
private static final Logger cTRACE = Logger.getLogger(WssHandler.class.getName());
// SOAP
private static final String cWSSE = "wsse";
private static final String cURL = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
private static final String cNODE_SECURITY = "Security";
private static final String cNODE_USRTOKEN = "UsernameToken";
private static final String cNODE_USERNAME = "Username";
private static final String cNODE_PASSWORD = "Password";
private String iUsername;
private String iPassword;
/**
* Constructor for SOAP handler with specific wss credentials.
* @param aUsername wss username
* @param aPassword wss password
*/
public WssHandler(String username, String passwd) {
super();
iUsername = username;
iPassword = passwd;
}
@Override
public boolean handleMessage(SOAPMessageContext context) {
if (cTRACE.isLoggable(Level.FINEST)) {
cTRACE.logp(Level.FINEST,
WssHandler.class.getName(),
"handleMessage", "add WSS credentials for user "+iUsername);
}
try {
SOAPMessage tMessage = context.getMessage();
SOAPEnvelope tSoapEnvelope = tMessage.getSOAPPart().getEnvelope();
// header
SOAPHeader tHeader = tSoapEnvelope.getHeader();
if (tHeader==null) {
// no header yet, create one
tHeader = tSoapEnvelope.addHeader();
}
// security node
Name tWsseHeaderName = tSoapEnvelope.createName(cNODE_SECURITY, cWSSE, cURL);
SOAPHeaderElement tSecurityElement = tHeader.addHeaderElement(tWsseHeaderName);
tSecurityElement.setMustUnderstand(true);
Name tUserTokenElementName = tSoapEnvelope.createName(cNODE_USRTOKEN, cWSSE, cURL);
SOAPElement tUserTokenElement = tSecurityElement.addChildElement(tUserTokenElementName);
tUserTokenElement.removeNamespaceDeclaration(cWSSE);
tUserTokenElement.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
// user name child
Name tUsernameElementName = tSoapEnvelope.createName(cNODE_USERNAME, cWSSE, cURL);
SOAPElement tUsernameElement = tUserTokenElement.addChildElement(tUsernameElementName);
tUsernameElement.removeNamespaceDeclaration(cWSSE);
tUsernameElement.addTextNode(iUsername);
// password child
Name tPasswordElementName = tSoapEnvelope.createName(cNODE_PASSWORD, cWSSE, cURL);
SOAPElement tPasswordElement = tUserTokenElement.addChildElement(tPasswordElementName);
tPasswordElement.removeNamespaceDeclaration(cWSSE);
tPasswordElement.addTextNode(iPassword);
tPasswordElement.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
} catch (SOAPException e) {
if (cTRACE.isLoggable(Level.SEVERE)) {
cTRACE.logp(Level.SEVERE,
WssHandler.class.getName(),
"handleMessage", "Unable to add WSS credentials", e);
}
// stop processing
return false;
}
// continue processing
return true;
}
@Override
public boolean handleFault(SOAPMessageContext context) {
return true;
}
@Override
public void close(MessageContext context) {
// nothing to do
}
@Override
public Set<QName> getHeaders() {
return null;
}
}
来源:https://stackoverflow.com/questions/18281495/ws-security-username-token-profile