如何在 java 中将安全头参数添加到 SOAP 请求答案

【问题标题】：How to add security header parameters to SOAP Request in java如何在 java 中将安全头参数添加到 SOAP 请求
【发布时间】：2019-01-06 17:59:11
【问题描述】：

默认标头为空，我必须向 Soap 请求添加安全标头，如下所示：

<soapenv:Envelope xmlns:end="http://endpoint.soap.esb.steg.com.tn/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:UsernameToken wsu:Id="UsernameToken-633D8322A7C327A0D5153295320052614">
            <wsse:Username>website</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">7MyXmdbbBuyiHQwGCAY2+NxYRH8=</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">sdc+Kcgj/aghCxpUCACCxQ==</wsse:Nonce>
            <wsu:Created>2018-07-30T12:20:00.526Z</wsu:Created>
        </wsse:UsernameToken></wsse:Security>    
    </soapenv:Header>
    <soapenv:Body>
        <end:consultInfoAboBT>
            <reference>00095013</reference>
        </end:consultInfoAboBT>
    </soapenv:Body>
</soapenv:Envelope>

这是我的代码

request = "<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' xmlns:end='http://endpoint.soap.esb.steg.com.tn/'>"+ "<soapenv:Header/>"+"<soapenv:Body>" + "<end:consultInfoAboBT>"
+ "<reference>"+reference+"</reference>" + "</end:consultInfoAboBT>" + "</soapenv:Body>"+ "</soapenv:Envelope>";
StringEntity param = new StringEntity(request);     
response = json.makeHttpRequestSteg(URLSWSTEG1, "POST", param, message);
Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(new StringReader(response)));

【问题讨论】：

什么平台？什么语言？
@kiran Biradar 我正在使用 java
通过使用登录/密码对对 Web 服务服务器进行身份验证来使用此服务。此外，客户端（网站）和服务器之间的消息是在 HTTPS 中的，也就是说保护（加密）消息是由传输层在 https 中进行的。
你能发布一下你是如何构建和发送soap消息的吗？
我添加我的代码看看@kiran Biradar

标签： java web-services soap soap-client webservices-client

【解决方案1】：

getHeader 将返回带有用户名令牌的完整标题，您需要以字符串格式传递用户名、密码和创建（日期和时间）。

如下图

       request = "<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' xmlns:end='http://endpoint.soap.esb.steg.com.tn/'>"

+ getHeader("website", "7MyXmdbbBuyiHQwGCAY2+NxYRH8=", "2018-07-30T12:20:00.526Z") +

    "<soapenv:Body>" + "<end:consultInfoAboBT>"
        + "<reference>"+reference+"</reference>" + "</end:consultInfoAboBT>" + "</soapenv:Body>"+ "</soapenv:Envelope>";
        StringEntity param = new StringEntity(request);     
        response = json.makeHttpRequestSteg(URLSWSTEG1, "POST", param, message);
        Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(new StringReader(response)));

GetHeader() 函数将返回 Header 令牌。

  public String getHeader(String Username, String Password, String Created)
    {
        String Nonce;
        String authID = "";
        String nonceLocal = "";
        Random randGen = new Random();

        nonceLocal = "" + randGen.nextInt();

        authID = nonceLocal  + Created + Password;

        MessageDigest mDigest = null;
        try {
            mDigest = MessageDigest.getInstance("SHA1");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }

        mDigest.reset();
        byte[] digestResult = mDigest.digest(authID.getBytes());

       Password = Base64.getEncoder().encodeToString(digestResult);
       Nonce = Base64.getEncoder().encodeToString(nonceLocal.getBytes());


        return "<soapenv:Header>\n" +
                "<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n" +
        "<wsse:UsernameToken wsu:Id=\"UsernameToken-633D8322A7C327A0D5153295320052614\">\n" +
            "<wsse:Username> + Username + </wsse:Username>\n" +
            "<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest\">" + Password + "</wsse:Password>\n" +
            "<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">"+Nonce +"</wsse:Nonce>\n" +
            "<wsu:Created>" + Created +"</wsu:Created>\n" +
       "</wsse:UsernameToken></wsse:Security>\n" +    
    "</soapenv:Header>";
    }

【讨论】：

【解决方案2】：

请参考以下示例。

HeaderHandlerResolver头类：

public class HeaderHandlerResolver implements HandlerResolver {
    @Override
    public List<Handler> getHandlerChain(PortInfo portInfo) {
        List handlerChain = new ArrayList();
        HeaderHandler hh = new HeaderHandler();
        handlerChain.add(hh);
        return handlerChain;
    }    
}

HeaderHandler 类：

public class HeaderHandler implements SOAPHandler<SOAPMessageContext> {

    public Set<QName> getHeaders() {
        return null;
    }

    public boolean handleMessage(SOAPMessageContext smc) {

        Boolean outboundProperty = (Boolean) smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
        if (outboundProperty.booleanValue()) {
            SOAPMessage message = smc.getMessage();
            try {
                SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope();
                SOAPHeader header = envelope.getHeader();
                if (header == null) {
                    header = envelope.addHeader();
                }
                SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");

                SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
                usernameToken.addAttribute(new QName("xmlns:wsu"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                usernameToken.addAttribute(QName.valueOf("wsu:Id"), "UsernameToken-1");
                SOAPElement username = usernameToken.addChildElement("Username", "wsse");
                username.addTextNode("username");
                SOAPElement password = usernameToken.addChildElement("Password", "wsse");
                password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
                password.addTextNode("password");
                SOAPFactory soapFactory = SOAPFactory.newInstance();
                security.addAttribute(soapFactory.createName("SOAP-ENV:mustUnderstand"), "1");
                message.saveChanges();
                message.writeTo(System.out);
                System.out.println("");

            } catch (Exception e) {
                e.printStackTrace();
            }

        } else {
            try {

                SOAPMessage message = smc.getMessage();
                message.writeTo(System.out);
                System.out.println("");

            } catch (Exception ex) {
                ex.printStackTrace();
            }
        }

        return outboundProperty;
    }

    public boolean handleFault(SOAPMessageContext context) {
        return true;
    }

    public void close(MessageContext context) {
    }

}

在 SOAP Web 服务客户端方法下实现以下。

HeaderHandlerResolver handlerResolver = new HeaderHandlerResolver(); service.setHandlerResolver(handlerResolver);

【讨论】：