如何将自定义安全标头添加到 Spring Soap 客户端

【问题标题】:How to add custom security header to spring soap client如何将自定义安全标头添加到 Spring Soap 客户端
【发布时间】:2019-06-14 11:13:00
【问题描述】:

我正在开发一个带有soap客户端的spring boot应用程序,试图连接到使用标头保护的soap Web服务,因此我尝试使用基于Wss4jSecurityInterceptor的拦截器这是我的客户端配置

当我调用 Soap WS 时,我得到了这个错误:

org.springframework.ws.soap.client.SoapFaultClientException: An error was discovered processing the <wsse:Security> header
    at org.springframework.ws.soap.client.core.SoapFaultMessageResolver.resolveFault(SoapFaultMessageResolver.java:38) ~[spring-ws-core-2.4.0.RELEASE.jar:2.4.0.RELEASE]
    at org.springframework.ws.client.core.WebServiceTemplate.handleFault(WebServiceTemplate.java:830) ~[spring-ws-core-2.4.0.RELEASE.jar:2.4.0.RELEASE]
    at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:624) ~[spring-ws-core-2.4.0.RELEASE.jar:2.4.0.RELEASE]

在我的配置类中:

@Bean
    public Wss4jSecurityInterceptor securityInterceptor() {
        Wss4jSecurityInterceptor security = new Wss4jSecurityInterceptor();
        // what should I add here 
        return security;
    }
    @Bean
    public SOAPConnector soapConnector(Jaxb2Marshaller marshaller)throws Exception {
        SOAPConnector client = new SOAPConnector();
        client.setDefaultUri(defaultUri);
        client.setMarshaller(marshaller);
        client.setUnmarshaller(marshaller);
        client.setInterceptors(new ClientInterceptor[]{ securityInterceptor() });
        client.setMessageSender(httpComponentsMessageSender());
        return client;
    }

这是我的客户:

@Component
public class SOAPConnector extends WebServiceGatewaySupport {

    public Object callWebService(String url, Object request){
        return getWebServiceTemplate().marshalSendAndReceive(url, request);
    }
}

这是我要添加到客户端的安全标头:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-FD1EC894572B22912315605098864444600">MIIC1zCCAkACAiWNMA0GCSqGSIb.....=
            </wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-3068">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/>
                     </ds:CanonicalizationMethod>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <ds:Reference URI="#id-3067">
                    <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
                    </ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>C7JMsbXSGGOrlvGi+fIeoViI3aI=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>KDNG2Og3FcDNMvgyii/U....==</ds:SignatureValue>

            <ds:KeyInfo Id="KI-FD1EC894572B22912315605098864444601">
                <wsse:SecurityTokenReference wsu:Id="STR-FD1EC894572B22912315605098864444602">
                    <wsse:Reference URI="#X509-FD1EC894572B22912315605098864444600" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>

        </ds:Signature>

</wsse:Security>

【问题讨论】:

    标签: java spring spring-boot http spring-ws


    【解决方案1】:

    您可以将整个自定义安全标头定义为固定字符串,并覆盖 WebServiceMessageCallback 类 doWithMessage(WebServiceMessage message) 方法以根据需要设置您的肥皂请求标头;

    public class SoapConnector extends WebServiceGatewaySupport {

    private static final Logger LOGGER = LoggerFactory.getLogger(SoapConnector.class);

    public static final String YOUR_CUSTOM_HEADER = "<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n" +
        "\t<wsse:BinarySecurityToken EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\" wsu:Id=\"X509-FD1EC894572B22912315605098864444600\">MIIC1zCCAkACAiWNMA0GCSqGSIb.....=\n" +
        "\t</wsse:BinarySecurityToken>\n" +
        "\t<ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"SIG-3068\">\n" +
        "\t\t<ds:SignedInfo>\n" +
        "\t\t\t<ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\n" +
        "\t\t\t\t<ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"soap\"/>\n" +
        "\t\t\t</ds:CanonicalizationMethod>\n" +
        "\t\t\t<ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>\n" +
        "\t\t\t<ds:Reference URI=\"#id-3067\">\n" +
        "\t\t\t\t<ds:Transforms>\n" +
        "\t\t\t\t\t<ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">\n" +
        "\t\t\t\t\t\t<ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"\"/>\n" +
        "\t\t\t\t\t</ds:Transform>\n" +
        "\t\t\t\t</ds:Transforms>\n" +
        "\t\t\t\t<ds:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>\n" +
        "\t\t\t\t<ds:DigestValue>C7JMsbXSGGOrlvGi+fIeoViI3aI=</ds:DigestValue>\n" +
        "\t\t\t</ds:Reference>\n" +
        "\t\t</ds:SignedInfo>\n" +
        "\t\t<ds:SignatureValue>KDNG2Og3FcDNMvgyii/U....==</ds:SignatureValue>\n" +
        "\t\t<ds:KeyInfo Id=\"KI-FD1EC894572B22912315605098864444601\">\n" +
        "\t\t\t<wsse:SecurityTokenReference wsu:Id=\"STR-FD1EC894572B22912315605098864444602\">\n" +
        "\t\t\t\t<wsse:Reference URI=\"#X509-FD1EC894572B22912315605098864444600\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\"/>\n" +
        "\t\t\t</wsse:SecurityTokenReference>\n" +
        "\t\t</ds:KeyInfo>\n" +
        "\t</ds:Signature>\n" +
        "</wsse:Security>";

    public Object callWebService(String url, Object request) {

        return getWebServiceTemplate().marshalSendAndReceive(url, request, new WebServiceMessageCallback() {
            @Override
            public void doWithMessage(WebServiceMessage webServiceMessage) {
                try {
                    SaajSoapMessage saajSoapMessage = (SaajSoapMessage) webServiceMessage;
                    SoapHeader soapHeader = saajSoapMessage.getSoapHeader();

                    StringSource headerSource = new StringSource(YOUR_CUSTOM_HEADER);
                    Transformer transformer = TransformerFactory.newInstance().newTransformer();
                    transformer.transform(headerSource, soapHeader.getResult());

                } catch (Exception e) {
                    e.printStackTrace();
                    LOGGER.error(e.toString(), e);
                }
            }
        });
    }
}

    【讨论】:

      【解决方案2】: 
      @Configuration

      公共类配置{

      @Value("${client.default-uri}")
private String defaultUri;

@Value("${client.user.name}")
private String userName;

@Value("${client.user.password}")
private String userPassword;

@Bean
public Jaxb2Marshaller marshaller() {
    Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
    marshaller.setContextPath("com.example.eppmsoapclient");
    return marshaller;
}


@Bean
public Wss4jSecurityInterceptor securityInterceptor() {
    Wss4jSecurityInterceptor security = new Wss4jSecurityInterceptor();
    security.setSecurementActions("UsernameToken");
    security.setSecurementUsername(userName);
    security.setSecurementPassword(userPassword);
    security.setSecurementPasswordType("PasswordText");
    return security;
}

@Bean
public SOAPClient soapClient(Jaxb2Marshaller marshaller) {
    SOAPClient client = new SOAPClient();
    client.setDefaultUri(defaultUri);
    client.setMarshaller(marshaller);
    client.setUnmarshaller(marshaller);
    client.setInterceptors(new ClientInterceptor[]{ securityInterceptor() });
    return client;
}

      }

      公共类 SOAPClient 扩展 WebServiceGatewaySupport {

       public Response doExecute(Request request) {
    
     Response response = (Response) getWebServiceTemplate()
              .marshalSendAndReeive(request);
    
     return response;
    
 }

      }

      【讨论】:

        猜你喜欢
        • 2011-05-02
        • 1970-01-01
        • 2013-09-24
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2018-07-11
        • 2014-10-07
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode