4

我编写了一个 JAX-WS 处理程序来将 WS-Security 标头添加到我的 SOAP 客户端的出站消息中:

package com.soap.client;

import javax.xml.namespace.QName;
import javax.xml.soap.Name;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFactory;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;

public class ClientHeaderHandler implements SOAPHandler<SOAPMessageContext> {

    private static final String WSSECURITY_PREFIX = "wsse";
    private static final String WSSECURITY_NAMESPACE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    private static final String PASSWORD_TEXT_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";

    /**
     * {@inheritDoc}
     * @see javax.xml.ws.handler.Handler#handleMessage(javax.xml.ws.handler.MessageContext)
     */
    @Override
    public boolean handleMessage(final SOAPMessageContext context) {
        boolean outbound = false;
        outbound = (Boolean) context.get (MessageContext.MESSAGE_OUTBOUND_PROPERTY);

        if (outbound) {
            try {
                addSecurityHeader(context);             
            } catch (SOAPException e) {
                // do nothing
            }
        }

        return true;
    }

    private void addSecurityHeader(final SOAPMessageContext context) throws SOAPException {
        SOAPFactory sf = SOAPFactory.newInstance();
        SOAPElement securityElem = sf.createElement("Security", WSSECURITY_PREFIX, WSSECURITY_NAMESPACE);
        SOAPElement tokenElem = sf.createElement("UsernameToken", WSSECURITY_PREFIX, WSSECURITY_NAMESPACE);
        SOAPElement usernameElem = sf.createElement("Username", WSSECURITY_PREFIX, WSSECURITY_NAMESPACE);
        usernameElem.addTextNode("myusername");
        tokenElem.addChildElement(usernameElem);

        Name passwordTypeName = sf.createName("Type", WSSECURITY_PREFIX, WSSECURITY_NAMESPACE);
        SOAPElement passwordElem = sf.createElement("Password", WSSECURITY_PREFIX, WSSECURITY_NAMESPACE);
        passwordElem.addAttribute(passwordTypeName, PASSWORD_TEXT_TYPE);
        passwordElem.addTextNode("mypassword");

        tokenElem.addChildElement(passwordElem);
        securityElem.addChildElement(tokenElem);
        context.getMessage().getSOAPPart().getEnvelope().addHeader().addChildElement(securityElem);
    }
}

这主要是有效的;但是,WS-Security 命名空间和前缀在它们使用的每个元素上重新声明(xmlns:wsse=http://...):

<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">myusername</wsse:Username>
                <wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">mypassword</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </S:Header>
    <S:Body>
        <MyBody/>
    </S:Body>
</S:Envelope>

我尝试了 QNames、Names 等的各种组合,但我似乎无法完成这项工作。 我需要更改什么以便仅在最顶层的 Security 元素中声明 WS-Security 命名空间?

更新:下面 gpeche 的建议对我有用。从使用 SOAPFactory 创建元素然后通过 addChildElement 附加它到直接通过 addChildElement 创建它:

private void addSecurityHeader(final SOAPMessageContext context) throws SOAPException {
    SOAPFactory sf = SOAPFactory.newInstance();
    SOAPElement securityElem = context.getMessage().getSOAPPart().getEnvelope().addHeader().addChildElement("Security", WSSECURITY_PREFIX, WSSECURITY_NAMESPACE);
    SOAPElement tokenElem = securityElem.addChildElement("UsernameToken", WSSECURITY_PREFIX, WSSECURITY_NAMESPACE);
    SOAPElement usernameElem = tokenElem.addChildElement("Username", WSSECURITY_PREFIX, WSSECURITY_NAMESPACE);
    usernameElem.addTextNode("myusername");

    Name passwordTypeName = sf.createName("Type", WSSECURITY_PREFIX, WSSECURITY_NAMESPACE);
    SOAPElement passwordElem = tokenElem.addChildElement("Password", WSSECURITY_PREFIX, WSSECURITY_NAMESPACE);
    passwordElem.addAttribute(passwordTypeName, PASSWORD_TEXT_TYPE);
    passwordElem.addTextNode("mypassword");
}

生成更清晰的 XML:

<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:UsernameToken>
                <wsse:Username>myusername</wsse:Username>
                <wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">mypassword</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </S:Header>
    <S:Body>
        <MyBody/>
    </S:Body>
</S:Envelope>
4

1 回答 1

3

我遇到了同样的问题,我发现可靠地做到这一点的唯一方法是逐个节点重新生成 XML 树节点:

  1. 获取对要在其中设置命名空间的节点的引用
  2. 将一个孩子附加到他的父母身上,并带有所需的前缀、名称、属性和命名空间。
  3. 递归地将后代复制到新的孩子中,调整前缀和命名空间
  4. 完成后,分离原始节点

但是我一直认为必须有一个更简单的方法......

更新:

好的,我想我明白你的问题是什么了:你是SOAPElement直接从SOAPFactory. 在创建时SOAPElements 没有父集,因此它们不能从任何人那里继承您指定的命名空间,并决定自己编写命名空间声明。一旦他们被创建,他们就不会费心在append()/setParent()时间检查他们是否可以放弃任何声明。

你可以尝试只创建最外层的元素SOAPFactory,然后通过创建其余的元素SOAPElement.addChildElement()吗?

于 2012-09-19T20:11:37.327 回答