java - Webservice JAX RPC 客户端如何与受 OWSM 保护的服务配合使用

Question

首先，对这篇长文章感到抱歉，但自从几天以来我一直在思考这个问题，但没有成功。我真的寻求你的帮助。 我正在尝试调用由 OWSM 保护的 Web 服务。以下是 WSDL 中指定的策略断言。

*************************************
<wsp:Policy wsu:Id="service.BindingQSPort_Fault_Policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
    <sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
    <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
    <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
</wsp:Policy>

<wsp:Policy wsu:Id="service.BindingQSPort_Input_Policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        <sp:Body/>
        <sp:Header Name="fmw-context" Namespace="http://xmlns.oracle.com/fmw/context/1.0"/>
        <sp:Header Name="" Namespace="http://www.w3.org/2005/08/addressing"/>
        <sp:Header Name="" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
    </sp:SignedParts>
    <sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
    <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        <sp:Header Name="fmw-context" Namespace="http://xmlns.oracle.com/fmw/context/1.0"/>
    </sp:EncryptedParts>
    <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
</wsp:Policy>

<wsp:Policy wsu:Id="service.BindingQSPort_Output_Policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        <sp:Body/>
    </sp:SignedParts>
    <sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
    <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
    <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
</wsp:Policy>

<wsp:Policy wsu:Id="wss10_x509_token_over_ssl_service_policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        <wsp:Policy>
            <sp:InitiatorToken>
                <wsp:Policy>
                    <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
                        <wsp:Policy>
                            <sp:WssX509V3Token10/>
                        </wsp:Policy>
                    </sp:X509Token>
                </wsp:Policy>
            </sp:InitiatorToken>
            <sp:RecipientToken>
                <wsp:Policy>
                    <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
                        <wsp:Policy>
                            <sp:WssX509V3Token10/>
                        </wsp:Policy>
                    </sp:X509Token>
                </wsp:Policy>
            </sp:RecipientToken>
            <sp:AlgorithmSuite>
                <wsp:Policy>
                    <sp:Basic128/>
                </wsp:Policy>
            </sp:AlgorithmSuite>
            <sp:Layout>
                <wsp:Policy>
                    <sp:Lax/>
                </wsp:Policy>
            </sp:Layout>
            <sp:IncludeTimestamp/>
            <sp:OnlySignEntireHeadersAndBody/>
            <sp:ProtectTokens/>
        </wsp:Policy>
    </sp:AsymmetricBinding>
    <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        <wsp:Policy/>
    </sp:Wss10>
</wsp:Policy>

  <wsdl:message name="svcFault">
        <wsdl:part name="payload" element="WL5G3N2:fault"/>
    </wsdl:message>
    <wsdl:message name="sendSMS">
        <wsdl:part name="payload" element="WL5G3N1:sendSMS"/>
    </wsdl:message>
    <wsdl:message name="sendSMSResponse">
        <wsdl:part name="payload" element="WL5G3N1:sendSMSResponse"/>
    </wsdl:message>
    <wsdl:portType name="service">
        <wsdl:operation name="sendSMS">
            <wsdl:input message="WL5G3N1:sendSMS"/>
            <wsdl:output message="WL5G3N1:sendSMSResponse"/>
            <wsdl:fault name="svcFault" message="WL5G3N1:svcFault"/>
        </wsdl:operation>
    </wsdl:portType>

    <wsdl:binding name="service.Binding" type="WL5G3N1:service">
        <WL5G3N3:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
        <wsp:PolicyReference URI="#wss10_x509_token_over_ssl_service_policy" wsdl:required="false" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>

        <wsdl:operation name="sendEmail">
            <WL5G3N3:operation style="document" soapAction="sendEmail"/>
            <wsdl:input>
            <WL5G3N3:body use="literal"/>
            <wsp:PolicyReference URI="#service.BindingQSPort_Input_Policy" wsdl:required="false" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>
            </wsdl:input>
            <wsdl:output>
            <WL5G3N3:body use="literal"/>
            <wsp:PolicyReference URI="#service.BindingQSPort_Output_Policy" wsdl:required="false" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>
            </wsdl:output>

            <wsdl:fault name="svcFault">
            <WL5G3N3:fault name="svcFault" use="literal"/>
            <wsp:PolicyReference URI="#service.BindingQSPort_Fault_Policy" wsdl:required="false" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>
            </wsdl:fault>
        </wsdl:operation>

    </wsdl:binding>
*************************************

I have written a JAX-RPC client which is using "weblogic.wsee.security.bst.ClientBSTCredentialProvider" to provide client credential as required by the service. Below is the security related code.

*************************************
serverCert.checkValidity();
cp          =   new ClientBSTCredentialProvider(
                    clientKeyStore, clientKeyStorePass,
                    clientKeyAlias, clientKeyPass,
                    "JKS", serverCert);
l_credproviders.add(cp);

Stub stub   =   (Stub)port;
stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST
                    , l_credproviders
                    );
stub._setProperty(WSSecurityContext.TRUST_MANAGER
            , new TrustManager() {
            public boolean certificateCallback(
            X509Certificate[] chain,
            int validateErr) {
                // Check that the server cert matches
                boolean result = true;//chain[0].equals(serverCert);

                return result;
            }
        }
    );
*************************************

I am testing my client using SOAPUI. However above client code is giving me below Exceptions.

**************************************
java.rmi.RemoteException: SOAPFaultException - FaultCode [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}InvalidSecurity] FaultString [Error on verifying message against security policy Error code:4206] FaultActor [null]No Detail; nested exception is: 
**************************************

Can someone please help me to understand what my WSDL is specifying and why "ClientBSTCredentialProvider" is not able to attach the required policy? Or is is happening that since I am testing with SOAPUI, SOAPResponse is not as per the WSDL policy? Below are the SOAP requests and response for this.

***************************************
~~SOAP REQUEST~~
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:MessageID wsu:Id="MessageID_HUf02VXDqusotArv" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">uuid:c7404e48f626d447:-246df928:14183ec2b7f:-8000</wsa:MessageID><wsa:Action wsu:Id="Action_CcS8Hy0hmQ2wVKHH" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">sendSMS</wsa:Action><wsa:To wsu:Id="To_bb3aIWjwG1Got1IZ" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">http://domainname:8090/sendSMS</wsa:To><wsa:ReplyTo wsu:Id="ReplyTo_w1ZItNbfV8se2kbF" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address></wsa:ReplyTo><wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="bst_zM6y3VGAX9jZAaiV" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICQTCCAaqgAwIBAgIEUixN4TANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJMQjEPMA0GA1UECBMGQmVpcnV0MRAwDgYDVQQHEwdMZWJhbm9uMQ0wCwYDVQQKEwRNRFNMMQ0wCwYDVQQLEwRNRFNMMRUwEwYDVQQDEwxNYXl1ciBDbGllbnQwHhcNMTMwOTA4MTAxMzUzWhcNMTMxMjA3MTAxMzUzWjBlMQswCQYDVQQGEwJMQjEPMA0GA1UECBMGQmVpcnV0MRAwDgYDVQQHEwdMZWJhbm9uMQ0wCwYDVQQKEwRNRFNMMQ0wCwYDVQQLEwRNRFNMMRUwEwYDVQQDEwxNYXl1ciBDbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMeT5uG9IJFxUE8SP2eXxrW7Lvo0ZlEiv8NS2OzLHe4e4T1gZC6NZhsDk6G3GKt8z6yj8MlfIPzYTrXxNSgnW34WYZ2kFw6TrjakUr99i4sH5yi1Z0Bmm3nNq9/2WWrdMXVjeI5EwEdU/UUogb2Wdgh1HPZgGUuWhkLoDmVR36y1AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAlvFZVLJ2h0BNe7EFGDUtBmEPF8EkdQn1R2AyK5AQONLM2RwNJYhVdVGLI13y+XJbACiyrFz5Sxsgu46hk6Bk6P+K/ZAUWQwDiV0pLhLg7LuR/K33o2EGkXiUnwOdcScG040n2sUnbi7ed/5mPcNuOGlYMQL/PHHZ2QGGTLEOe2U=</wsse:BinarySecurityToken><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#MessageID_HUf02VXDqusotArv"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>oG0PCOutUmUrhIhjsHB2G9Nu7Qc=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Action_CcS8Hy0hmQ2wVKHH"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>jwnM3Pu8lEpk7WLokAfW/LcR8bM=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#To_bb3aIWjwG1Got1IZ"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>9RzmvWQQJG853YKPzwoWDUjWze8=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#ReplyTo_w1ZItNbfV8se2kbF"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>FPYcJ1NcK6nX5nx5cF+Jj5I2PZE=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Timestamp_H75m9X5C1O9rNV2E"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ZAoaTp1B5yQv/ZGM6Pd8dfmNyPg=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Body_q8jxTBg8ZRE0VjRO"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>tnn+BbvQz/kuDBocU8Po24hn8W4=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#bst_zM6y3VGAX9jZAaiV"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>IG2FZBY/Oqtsu4H6sl/6f2iHJx8=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>LaXCIcrxyatPzcAsKJGK28TEgaEOUdoXUrcmucjHrZDuErfGPS5fa9LrIX7irGYYDoYjJ5uQLq7a7nSRcazfNPznf03nISgr6Voc+23HON2E+fyRmHkKJzWe6OxHRPyHYmxbYQzgXkwGCKqLOZVLJsQLQykMiNV8YK3vuacDAdU=</dsig:SignatureValue><dsig:KeyInfo><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="str_gp0ybJxTKkZntAn1" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Reference URI="#bst_zM6y3VGAX9jZAaiV" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature><wsu:Timestamp wsu:Id="Timestamp_H75m9X5C1O9rNV2E" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2013-10-04T14:43:16Z</wsu:Created><wsu:Expires>2013-10-04T14:44:16Z</wsu:Expires></wsu:Timestamp></wsse:Security></env:Header><env:Body wsu:Id="Body_q8jxTBg8ZRE0VjRO" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ent:sendSMS xmlns:ent="http://www.banqueaudi.com/evs/ent.msg.Notification"><util:header xmlns:util="http://www.banqueaudi.com/ebo/util.cmn.EBMHeader"><util:ebmSID>FCDB</util:ebmSID></util:header><ent:body><msg:smsNotification xmlns:msg="http://www.banqueaudi.com/ebo/msg.Notification"><msg:sender>98989898</msg:sender><msg:recipients><msg:recipient>78831471</msg:recipient></msg:recipients><msg:subject>SUBJECT</msg:subject><msg:message>My message</msg:message></msg:smsNotification></ent:body></ent:sendSMS></env:Body></env:Envelope>
***************************************

***************************************
~~SOAP RESONSE~~

<soapenv:Envelope xmlns:ent="http://www.banqueaudi.com/evs/ent.msg.Notification" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:util="http://www.banqueaudi.com/ebo/util.cmn.EBMHeader" xmlns:util1="http://www.banqueaudi.com/ebo/util.cmn.Basic">
   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/></soapenv:Header>
   <soapenv:Body wsu:Id="id-45" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><xenc:EncryptedData Id="ED-2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><wsse:Reference URI="#EK-B692F44E26CFCF96A613807927256684"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>x6T1pLtqpeAyg8SNuQQi23Ok6ceQikgVKyj80ylEdecdZoNOs2tUwhaO+irKXYy0XbMrmM+t3mMHsi2nNX5fps/camDpP9yOlN8Hosd+vUWsI4RA/8mnJVePitR3pf2dLgJD44vBowH5bQZ8R8B1vxDDjUpU2DOpfIxaPaSMApXvYfmPOMiDNtM/tXRCHrbHcljTAFvRZG9ShUZM6419i0JtpSCr77EkxJiWcVu9NIVwkHZoXpS8zY+pjjaatKi2EMzB9zPMXhtEvCER5pnEXWzUdhb5s9mWJAGaTd8h0j5o93LY/Mnw/mWBlzhFlk6b8cyJw1IrDAl5Tar8isuCqR2FbFs0aWqS8ng1QPnnc4xtBmCdgViifiXP0877LmFEqW74vDXtEDZniAfiixWt0u0gVsSYurJdwCWdZrfON12jAW35j6fWtgmGprsb6yE2cwg+J2BJaODdxTMOwyBAswygdjJw+RPLOXxCcYddyKJiFb/K+U0WiDj41yl/v8dmkYX1g9f6/CzpHMz8zpDdb+ecp2WNu3ry3z7fksMzp/LLsC5x2eVdgchOdtNZqufgLv8WQ+Ae/Hmuw/zgQ2l+xjxP4gYWanOphJ92H1Lk5KC/VsB3VdR2uz6b+rQZl0fJnY45HL7mx9uGKwQeQB9FWO1LNwcSQZw2yq7CeqUgspyvNMvwu1EXlUiIkYTu9EU0yVC9OGsXnspD9J4AG1m4IwFAL9iFHy7tJfnn5P0pSuSAoa4HeI0zO73H2zyrxEvi7eurXABxo1fk+gtXKDHl+elDtbwC1eJSYpwWZKBcpJSDATa0RCn28YKVVXZVZf0WOA3pTZ9NQNPCNVF/FC9SW8rrQ/777CFcuSlYIsexqL2+D6/TWStLvhrZLZ3K/3CsY/mwsnLwh2aFql8RZCunLSAK2a91y7Z044VO5598KERgBw8gO5RJrmwnSixmPrBjPo1yLkYcmzquHMlqS0CpWpypt5iyDJuF91P39eqYcJHZnwjG7ni8S8RFr2H5Hi3JFNm/k+A4mH5YvtyBqqTfN4+QjJMDBZkVTGFYs6JiRRUJoUK17okXxs8Pq6VYW3iSwEB85CFiVHZlt1eWppveVSHZfQsZsUr+A/QrTdRMZIx+ChRuqmXYdXiYQ35TDPveYWhiIQcWeOXvumtIZRTqYMoA34KuB/9GaH0P+7HUNfeROw6knj5y1DO1w/uIC8x6Uuhr5gMyZSuuzSEfZGUhQ6aWFtSCmnJaoVq18hdAnxNG31Oqi2gy7daCLWDRleow25xGYI2Or+dxhal3khe9+37OceJEWhgmB8gTD2nGBvp7VWLptsoGBgXgqnXs6ab8mG9lLmXbO4ef2ECq84BN//oIiV570qY6OWTQwL1yjNDQ3+1h2bKQ4DE51xq5N1UcTRoGA9DycotHmrOzyhedAMQTndlaNMJr87cC+cRVHYE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soapenv:Body>
</soapenv:Envelope>
***************************************

Answer 1

我找到了问题的解决方案，并使用 SOAP-UI 成功进行了测试。一旦上线，我们将及时发布。

在为 OWSM 安全 Web 服务编写客户端之前，我们首先应该了解以下几点。

1. 使用 JAX-RPC 客户端调用 JAX-WS 服务是可行的，反之亦然。

2. 使用 JAX-RPC 客户端调用 OWSM 安全 Web 服务是可行的，无需在客户端安装/配置 OWSM。

3. 以下是客户端代码(仅与安全相关)供引用。

<小时/>

ist l_credproviders = new ArrayList(); CredentialProvider cp = null;

    cp          =   new ClientBSTCredentialProvider(MyClientKeystore.pubCertAlias, MyClientKeystore.prvKeyAlias, MyClientKeystore.serverPubCertAlias);
    l_credproviders.add(cp);

    Stub stub   =   (Stub)port;
    stub._setProperty(WSSecurityContext.CREDENTIAL_PROVIDER_LIST
                            , l_credproviders
                            );

    stub._setProperty(WLStub.POLICY_COMPATIBILITY_PREFERENCE
                            , JFProperties.getProperty(
                                    "POLICY.COMPATIBILITY.PREFERENCE")
                            );

    stub._setProperty(WSSecurityContext.TRUST_MANAGER
                            , new TrustManager() {
                                    public boolean certificateCallback(
                                            X509Certificate[] chain,
                                            int validateErr) {
                                            // Check that the server cert matches
                                                return true;
                                            }
                                            }
                        );

<小时/>

1. 客户端凭据提供程序 API 如何保护客户端: a) 它连接到 URL 并解析 WSDL。 b) 从 WSDL 获取策略断言。 c) 考虑客户端策略断言创建 SOAP 请求消息。 d) 发送和接收来自服务器的响应。 e) 根据已解析的 WSDL 的服务器响应的策略断言验证来自服务器的响应，如果服务器响应针对策略无效，则会抛出 SecurityExceptions。

希望这能有所帮助，并且有人能从我疲惫的经历中受益:)