个人中心
gpt4 book ai didi

java - 使用 WS-SecurityPolicy 方法时,有没有办法添加 WSS4J 拦截器来签署 SOAP 请求?

转载 作者:行者123 更新时间:2023-12-02 09:39:06 27 4
gpt4 key购买 nike

我正在尝试创建一个遵循 WS-SecurityPolicySOAP 客户端。除了 SOAP 请求中的加密之外,该服务还要求对 TimestampUsernameTokenBody 进行数字签名。

用于签署请求的 keystore 不能以文件形式提供 (jks/pfx)。我使用的是基于 USB 的 token ,我可以通过编程方式从中加载 keystore 。 USB token 不允许导出到 pfx 文件。

有没有一种方法可以让我在使用基于策略的 WS-Security 方法时覆盖用于使用拦截器进行签名的 keystore ?

WS-SecurityPolicy 的 Spring 配置类似于以下内容:

<jaxws:client name="{http://cxf.apache.org}MyPortName"
      createdFromAPI="true">
      <jaxws:properties>
         <entry key="security.callback-handler"
             value="interop.client.KeystorePasswordCallback"/>
         <entry key="security.signature.properties"
             value="etc/client.properties"/>
         <entry key="security.encryption.properties"
             value="etc/service.properties"/>
         <entry key="security.encryption.username"
             value="servicekeyalias"/>
      </jaxws:properties>
</jaxws:client>

可以将其与将覆盖签名部分的拦截器一起配置吗?我不想在上面的配置中使用 security.signature.properties ,而是想使用如下所示的拦截器。注意:下面的代码使用来自 Spring-WS 的库。我正在从 apache cxf 寻找可用于这种情况的类似库/类。

@Bean
public Wss4jSecurityInterceptor securityInterceptor() throws Exception {

    Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();

    String secAction = String.join(" ", WSHandlerConstants.USERNAME_TOKEN,WSHandlerConstants.TIMESTAMP,WSHandlerConstants.SIGNATURE);

    // set security actions
    securityInterceptor.setSecurementActions(secAction);
    // sign the request
    securityInterceptor.setSecurementUsername(config.getUsername());
    securityInterceptor.setSecurementPassword(config.getPassword());
    securityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT);
    securityInterceptor.setSecurementUsernameTokenNonce(true);
    securityInterceptor.setSecurementUsernameTokenCreated(false);

    Properties properties = new Properties();
    properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");

    Merlin crypto = (Merlin)CryptoFactory.getInstance(properties);
    crypto.setKeyStore(getKeyStore()); //This is my keystore fetched programmatically
    securityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference");
    securityInterceptor.setSecurementSignatureCrypto(crypto);

    securityInterceptor.setSecurementSignatureParts("{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" +
    "{Element}{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.xsd}UsernameToken;" +
    "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");

    return securityInterceptor;
}

我尝试使用 Spring-WS 来使用上面所示的 Wss4jSecurityInterceptor 来实现 SOAP 客户端。这样,就不需要首先显示的 spring 配置了。 

CommVerRequest request = new CommVerRequest();

            prepareRequest(pan, request);

            SOAPClient client = soapClientConfig.getSoapClient();
            CommVerResponse callResponse = client.call(request);

            /*CommVerResponse callResponse = port.verifyDetails(request);*/


            validationResponse = prepareResponse(callResponse);
@Bean
    public SOAPClient getSoapClient() throws Exception {
        SOAPClient soapClient = new SOAPClient();
        soapClient.setDefaultUri("https://foo.bar/CommVerService");
        ClientInterceptor[] interceptors = new ClientInterceptor[]{securityInterceptor()};
        soapClient.setInterceptors(interceptors);

        soapClient.setMarshaller(marshaller());
        soapClient.setUnmarshaller(marshaller());

        return soapClient;
    }
@Bean
    public Jaxb2Marshaller marshaller() {
        Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
        marshaller.setContextPath("flatStub");
        return marshaller;
    }

但是,在调用网络服务时,我收到此错误。 

WRONG_DOCUMENT_ERR: A node is used in a different document than the one that created it.

org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a different document than the one that created it.
    at com.sun.org.apache.xerces.internal.dom.ParentNode.internalInsertBefore(ParentNode.java:357) ~[na:1.8.0_191]
    at com.sun.org.apache.xerces.internal.dom.ParentNode.insertBefore(ParentNode.java:288) ~[na:1.8.0_191]
    at com.sun.org.apache.xerces.internal.dom.NodeImpl.appendChild(NodeImpl.java:237) ~[na:1.8.0_191]
    at org.apache.wss4j.dom.util.WSSecurityUtil.prependChildElement(WSSecurityUtil.java:314) ~[wss4j-ws-security-dom-2.2.0.jar:2.2.0]
    at org.apache.wss4j.dom.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:435) ~[wss4j-ws-security-dom-2.2.0.jar:2.2.0]
    at org.apache.wss4j.dom.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:165) ~[wss4j-ws-security-dom-2.2.0.jar:2.2.0]
    at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:117) ~[wss4j-ws-security-dom-2.2.0.jar:2.2.0]
    at org.springframework.ws.soap.security.wss4j2.Wss4jHandler.doSenderAction(Wss4jHandler.java:63) ~[spring-ws-security-3.0.6.RELEASE.jar:na]
    at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:574) ~[spring-ws-security-3.0.6.RELEASE.jar:na]
    at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:210) ~[spring-ws-security-3.0.6.RELEASE.jar:na]
    at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:597) ~[spring-ws-core-3.0.7.RELEASE.jar:na]
    at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:555) ~[spring-ws-core-3.0.7.RELEASE.jar:na]
    at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390) ~[spring-ws-core-3.0.7.RELEASE.jar:na]
    at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:383) ~[spring-ws-core-3.0.7.RELEASE.jar:na]
    at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:373) ~[spring-ws-core-3.0.7.RELEASE.jar:na

最佳答案

受下面这篇博文的启发,我们将版本升级到 Spring 2.1.10.RELEASE,该版本随 Spring WS Security 3.0.8.RELEASE 一起提供,随后 org.apache.wss4j:wss4j-ws- security-dom:jar:2.2.3:compile 修复错误。您可以仅覆盖 WSS4J 依赖项,但我更喜欢更改整个套件。

https://better-coding.com/solved-org-w3c-dom-domexception-wrong_document_err/

我会检查我的依赖树,看看你是否有同样的问题:

mvn dependency:tree

关于java - 使用 WS-SecurityPolicy 方法时,有没有办法添加 WSS4J 拦截器来签署 SOAP 请求?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57249961/

27 4 0
文章推荐: java - 运行 Maven 测试时 Cucumber 测试未执行
文章推荐: java - 无法借助 ldif 文件将示例数据加载到 ldap 服务器中
文章推荐: java - 多对多关系 : save the transient instance before flushing
文章推荐: java - 最大化javafx后舞台最大化场景
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com