Question

所以我试图使用WSSE安全（usernametoken）webservice，我创建了一个SoapHandler，但是我没有看到它被调用（我实际上用断点填充了Handler并且它没有停在那里），当然，除了我得到肥皂错误的事实（见下文）。我知道我搞砸了什么？

在CommonConstants中，我只是粘贴了SOAPUI的整个WSSE标题
在IntegrationBean中我（理论上）将处理程序绑定到wsi生成的代理并调用安全服务
在WSSEHandler中，我正在做所有黑魔法。捕获SOAP标头并附加WSSE标头。这是一个充满断点的地方。

SOAP错误

 javax.xml.ws.soap.SOAPFaultException: No username available

CommonConstants.java

public static String WSSE_USENAME_TOKEN_HEADER = "<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n"
        + "         <wsse:UsernameToken>\n"
        + "            <wsse:Username>**USERNAME**</wsse:Username>\n"
        + "            <wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">**PASSWORD**</wsse:Password>\n"
        + "         </wsse:UsernameToken>\n"
        + "</wsse:Security>";

IntegrationBean.java

public String testMethod() throws Exception {
    String result = "";
    CisChannelPort cisChannel = new ChannelService().getCisChannelPort();

    Binding binding = ((BindingProvider) cisChannel).getBinding();

    List<Handler> handlerList = binding.getHandlerChain();
    handlerList.add(new WSSEHandler());
    binding.setHandlerChain(handlerList);

    try {
        List<Channel> response = cisChannel.getallChannels(null).getChannels().getChannel();

        for (Channel c : response) {
            result += c.getNameChannel() + " -- ";
            LOG.info(PACKAGE + "Found Channel: " + c.getNameChannel());
        }

    } catch (Exception ex) {
        LOG.info(PACKAGE + "Error consumiendo el servicio");
        LOG.error(PACKAGE + ex.getMessage());
        throw new Exception("Error consumiendo el servicio");
    }

    return result;
}

WSSEHandler.java

public class WSSEHandler implements SOAPHandler<SOAPMessageContext> {

private static final String PACKAGE = "[co.com.tigo.test.integration.ejb.impl.WSSEHandler] ";

public WSSEHandler() {

}

@Override
public Set<QName> getHeaders() {
    return Collections.emptySet();
}

@Override
public boolean handleMessage(SOAPMessageContext context) {
    CommonConstants.LOG.info(PACKAGE + "Begin HandleMessage");
    Boolean outboundProperty = (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
    if (outboundProperty) {
        CommonConstants.LOG.info(PACKAGE + "Outbound Message Detected");
        try {
            addSecurityHeader(context);
        } catch (Exception ex) {
            CommonConstants.LOG.info(PACKAGE + "Error while setting WSSE Headers");
            CommonConstants.LOG.error(PACKAGE + ex.getClass().getCanonicalName() + " - " + ex.getMessage());
            return false;
        }

    }
    return true;
}

@Override
public boolean handleFault(SOAPMessageContext context) {
    return true;
}

@Override
public void close(MessageContext context) {

}

private void addSecurityHeader(SOAPMessageContext messageContext) throws SOAPException, SAXException, IOException {
    LOG.info(PACKAGE + "Adding Security Header");
    SOAPHeader header = messageContext.getMessage().getSOAPPart().getEnvelope().getHeader();
    if (header == null) {
        header = messageContext.getMessage().getSOAPPart().getEnvelope().addHeader();
    }

    DOMParser parser = new DOMParser();
    parser.parse(new InputSource(new java.io.StringReader(CommonConstants.WSSE_USENAME_TOKEN_HEADER)));
    Node doc = (Node) parser.getDocument();
    header.appendChild(doc);

}

}

JAX-WS：使用WSSE安全Web服务

0 个答案: