0

我在 Axis2 上使用 Rampart 作为我的 WS-Security 模块。

我的政策 XML 文件如下:

<wsp:Policy wsu:Id="UsernameToken"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<wsp:ExactlyOne>
    <wsp:All>
        <sp:TransportBinding
            xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>>
                <sp:IncludeTimestamp />
            </wsp:Policy>
        </sp:TransportBinding>
        <sp:SupportingTokens
            xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
            <wsp:Policy>
                <sp:UsernameToken
                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
            </wsp:Policy>
        </sp:SupportingTokens>
    </wsp:All>
</wsp:ExactlyOne>

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
    <ramp:passwordType>PasswordText</ramp:passwordType>
</ramp:RampartConfig>

它工作正常,如下面的 SOAP 调用所示:

  <soapenv:Header>
     <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
           <wsu:Created>2013-12-24T12:55:39.089Z</wsu:Created>
           <wsu:Expires>2013-12-24T13:00:39.089Z</wsu:Expires>
        </wsu:Timestamp>
        <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
           <wsse:Username>username</wsse:Username>
           <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
        </wsse:UsernameToken>
     </wsse:Security>
  </soapenv:Header>

我想做的是配置 Created 值,因此它不一定绑定到服务器时间,并且还配置 Created 和 Expires 之间的持续时间。

我怎样才能做到这一点?

4

2 回答 2

1

Ok so I'm answering my own question.

It seems like there is no point in setting different timestamps as, per standards, the Timestamp should be sent in UTC format.

As for the TTL, this can be configured from the policy.xml file:

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
  <ramp:timestampTTL>600</ramp:timestampTTL>
  <ramp:timestampMaxSkew>600</ramp:timestampMaxSkew>
<ramp:RampartConfig>

I will keep the thread open for a day or two to see if anyone else would like to present a different opinion.

于 2013-12-25T17:32:44.967 回答
0

现在我们有一个关于创建日期和过期日期之间的持续时间的问题。似乎消息在过期后在服务器上收到,这是因为服务器和客户端时钟之间存在很大差异(我的意思是超过 2 或 5 秒)。一种解决方法是增加

<ramp:timestampTTL>600</ramp:timestampTTL>
<ramp:timestampMaxSkew>600</ramp:timestampMaxSkew>

这可以通过在客户端使用rampartConfig.setTimestampTTL和方法来完成。rampartConfig.setTimestampmaxSkew

于 2014-06-17T22:09:24.620 回答