我正在使用WSDL,并且在发出SOAP请求时需要使用客户端证书对Timestamp和SOAP-body进行签名。
我的签名证书必须在消息中表示为BinarySecurityToken,并包含在SOAP header 中,如下所示:
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="true">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs
.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-15730854BE4465A46D14538884282111">MIIFO.......56Q==</wss
e:BinarySecurityToken>
<wsu:Timestamp wsu:Id="TS-1">
<wsu:Created>2016-03-16T09:53:48.201Z</wsu:Created>
<wsu:Expires>2016-03-16T09:58:48.201Z</wsu:Expires>
</wsu:Timestamp>
.......
我正在使用WSS4JOutInterceptor来定制我的请求,但找不到找到将签名证书包含到请求中的方法:
// for outgoing messages: Signature and Timestamp validation
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.TIMESTAMP);
outProps.put(WSHandlerConstants.USER, "sss");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientKeystorePasswordCallbackHandler.class.getName());
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "client_sec.properties");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "X509KeyIdentifier");
outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp}");
谁能建议我该怎么做?
最佳答案
好的,这里是要求的答案。 :-)
如我的评论中所述,您应该将SIG_KEY_ID的值更改为outProps.put(WSHandlerConstants.SIG_KEY_ID,“DirectReference”);
关于java-Apache CXF将签名证书作为BinarySecurityToken添加到WS-security header 中,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/36031468/