我正在尝试使用普通 Java 客户端和 Metro Web 服务 API (webservices-rt-2.2.0-1) 访问在 .NET 平台上编写的安全 Windows Common Foundation (WCF) Web 服务
使用带有 ant 目标的 WCF Web 服务的 WSDL,我能够生成 Web 服务工件。
为了访问 WCF Web 服务,我需要在 SOAP 请求中插入一个 SAML2 令牌。此 SAML2 令牌是通过访问 REST 服务来检索的,该服务的响应包含 SAML2 断言。目前,我将令牌作为 String 对象(整个 Assertion XML)
My client code looks something like this:
MyService service = new MyService(new URL(wsdlLocation), new QName("http://tempuri.org/",
"MyService"));
IMyService port = service.getCustomBindingIMyService();
port.callMyServiceApi();
此代码引发以下错误:WST0029:无法从 IssuedToken 或客户端获取 STS 位置
因此,我将代码修改为以下内容:
MyService service = new MyService(new URL(wsdlLocation), new QName("http://tempuri.org/",
"MyService"));
DefaultSTSIssuedTokenConfiguration config = new DefaultSTSIssuedTokenConfiguration(stsEndpointAddress, wsdl, "MyService","CustomBinding_IMyService","http://tempuri.org/");
STSIssuedTokenFeature feature = new STSIssuedTokenFeature(config);
IMyService port = service.getCustomBindingIMyService(new WebServiceFeature[]{feature});
port.getApiVersion();
有了上述,STS位置错误消失了,但看到了以下错误。线程“主”javax.xml.ws.WebServiceException 中的异常:com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:250) 处 com.sun.xml.ws 处的 java.lang.NullPointerException .api.pipe.Fiber.__doRun(Fiber.java:961) 在 com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:910) 在 com.sun.xml.ws.api.pipe .Fiber.doRun(Fiber.java:873) 在 com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775) 在 com.sun.xml.ws.client.Stub.process(Stub .java:429) 在 com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168) 在 com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119 ) 在 com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:
我打开了 SOAP 消息的日志记录并检查了请求,我发现请求中没有与安全相关的信息。Web 服务端点正在返回一个失败响应,指示请求中存在无效安全性。
我想知道: 1. 到目前为止,我与客户的关系是否正确?2. 调用我的 REST 服务并解析 SAML2 令牌的响应的最佳方式是什么?3. 如何将步骤 2 中的 SAML2 令牌全部设置到我的 Web 服务中?
根据 WCF Web 服务的实施者,他们使用的是 WS-Security 而不是联合安全性。收到的 SAML2 令牌如下所示:
<wsse:Security soap:mustUnderstand="true"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<Assertion ID="_909088b3-d972-4b6f-84b1-26301c1c3b69"
IssueInstant="2012-10-16T12:32:44.293Z" Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>xyz:appl:identity</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_909088b3-d972-4b6f-84b1-26301c1c3b69">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>some_value_here</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>sig_here</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>certHere</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<NameID
Format="http://schemas.xyz.com/2009/09/Identity/Format/Idm/InsightUserName">user222</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
</Subject>
<Conditions NotBefore="2012-10-16T12:32:44.293Z"
NotOnOrAfter="2022-01-01T12:00:00.000Z">
<AudienceRestriction>
<Audience>uri:samlclient.xyzbadal.com</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>support@abc.com</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/CustomerId">
<AttributeValue>11209</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/InsightUserId">
<AttributeValue>1</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/NameIdFormat">
<AttributeValue>http://schemas.xyz.com/2009/09/Identity/Format/Idm/InsightUserName</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasProfile">
<AttributeValue>True</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/Password">
<AttributeValue>test1</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasPassword">
<AttributeValue>True</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/LocaleName">
<AttributeValue>en-US</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasCredential">
<AttributeValue>false</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/InternalReferenceId">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role">
<AttributeValue>CustomiseUI</AttributeValue>
<AttributeValue>EditConfiguration</AttributeValue>
...
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/ProfileUrl">
<AttributeValue>https://identity.com/able/</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement AuthnInstant="2012-10-16T12:32:44.000Z"
SessionNotOnOrAfter="2022-01-01T12:00:00.000Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</wsse:Security>
我得到了几个 WSDL 文件。片段粘贴在下面:WSDL 1:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions targetNamespace="http://schemas.xyz.com/TrackMe/2010/06/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://schemas.xyz.com/TrackMe/2010/06/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<wsdl:types>
<xsd:schema targetNamespace="http://schemas.xyz.com/TrackMe/2010/06/Imports">
<xsd:import schemaLocation="TrackMe.xsd" namespace="http://schemas.xyz.com/TrackMe/2010/06/"/>
<xsd:import schemaLocation="TrackMe_1_2_3_4.xsd" namespace="http://schemas.xyz.com/shs/api"/>
<xsd:import schemaLocation="TrackMe_1_2.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
<xsd:import schemaLocation="TrackMe_1.xsd" namespace="http://schemas.xyz.com/TrackMe/2010/06/Data"/>
<xsd:import schemaLocation="TrackMe_1_2_3_4_5.xsd" namespace="http://schemas.datacontract.org/2004/07/xyz.Validation"/>
<xsd:import schemaLocation="TrackMe_1_2_3.xsd" namespace="http://schemas.datacontract.org/2004/07/xyz.TrackMe.PublicApiService.Contract"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="IMyService_GetApiVersion_InputMessage">
<wsdl:part name="parameters" element="tns:GetApiVersion"/>
</wsdl:message>
<wsdl:message name="IMyService_GetApiVersion_OutputMessage">
<wsdl:part name="parameters" element="tns:GetApiVersionResponse"/>
</wsdl:message>
<wsdl:message name="IMyService_GetApiVersion_FaultDetailFault_FaultMessage">
<wsdl:part name="detail" element="q2:Fault" xmlns:q2="http://schemas.xyz.com/shs/api"/>
</wsdl:message>
....
<wsdl:operation name="GetApiVersion">
<wsdl:input wsaw:Action="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersion" message="tns:IMyService_GetApiVersion_InputMessage"/>
<wsdl:output wsaw:Action="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersionResponse" message="tns:IMyService_GetApiVersion_OutputMessage"/>
<wsdl:fault wsaw:Action="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersionFaultDetailFault" name="FaultDetailFault" message="tns:IMyService_GetApiVersion_FaultDetailFault_FaultMessage"/>
</wsdl:operation>
...
</wsdl:portType>
</wsdl:definitions>
WSDL 2:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions name="MyService" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://tempuri.org/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:i0="http://schemas.xyz.com/TrackMe/2010/06/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<wsp:Policy wsu:Id="CustomBinding_IMyService_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<sp:RequestSecurityTokenTemplate>
<trust:TokenType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</trust:TokenType>
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:import namespace="http://schemas.xyz.com/TrackMe/2010/06/" location="TrackMe.wsdl"/>
<wsdl:types/>
<wsdl:binding name="CustomBinding_IMyService" type="i0:IMyService">
<wsp:PolicyReference URI="#CustomBinding_IMyService_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
...
<wsdl:operation name="GetApiVersion">
<soap12:operation soapAction="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersion" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
<wsdl:fault name="FaultDetailFault">
<soap12:fault name="FaultDetailFault" use="literal"/>
</wsdl:fault>
</wsdl:operation>
....
</wsdl:binding>
<wsdl:service name="MyService">
<wsdl:port name="CustomBinding_IMyService" binding="tns:CustomBinding_IMyService">
<soap12:address location="https://apidev2.devel.abc.com/tnt/public_api/TrackMe.svc"/>
<wsa10:EndpointReference>
<wsa10:Address>https://apidev2.devel.abc.com/tnt/public_api/TrackMe.svc</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
如果您需要更多信息,请告诉我。将不胜感激任何帮助。提前致谢!卡尔。