如http://static.springframework.org/spring-ws/sites/1.5/reference/html/security.html所述,我已经通过 WS-Security 在我的 web 服务上实现了身份验证,如下所示:
<bean id="callbackHandler" class="org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler">
<property name="users">
<props>
<prop key="bart">arnie</prop>
</props>
</property>
</bean>
<bean id="annotationMapping" class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping">
<property name="interceptors">
<list>
<bean class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<property name="validationActions" value="UsernameToken" />
<property name="securementActions" value="NoSecurity" />
<property name="validationCallbackHandler" ref="callbackHandler" />
</bean> ...
但是,客户端(如 SoapUI)不知道他们应该使用安全性,因为 WSDL 中没有提到它。我怎样才能做到这一点?这就是我生成它的方式:
<bean id="qwertyService" class="org.springframework.ws.wsdl.wsdl11.DefaultWsdl11Definition">
<property name="schemaCollection" ref="schemaCollection" />
<property name="portTypeName" value="QwertyService" />
<property name="locationUri" value="/QwertyService/" />
<property name="targetNamespace" value="http://www.ead2.nl/demo/wsdl" />
</bean>