我正在尝试使用受 WS-Security 保护的 Web 服务,但我遇到了一些问题。它是一个CMDBuild 网络服务。我已阅读CMDBuild Webservices Manual,但尚未成功使用它。
我使用了两种方法来尝试使用 Web 服务:使用 Apache CXF的SoapUI和Java 。我将描述我为尝试使用这两种方法使用 Web 服务所做的工作。
首先,我成功安装了CMDB应用程序,可以正常访问WSDL。如果您需要查看WSDL,可以在此处查看。我知道我必须发送一个用户名令牌,但我不知道我必须在哪里放置用户名令牌以及我是如何做到的。
Web 服务中提供的所有方法都可以在 CMDBuild 系统中进行身份验证后使用。身份验证是根据 WSS 用户名令牌配置文件 1.0 规范和摘要密码执行的。
另一个问题是我如何获得这个用户名令牌和摘要密码。我拥有的是用于访问应用程序 GUI 的应用程序用户名和密码。
肥皂界面
当我尝试使用 SoapUI 使用任何 Web 服务方法时,响应总是相同的:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Body>
<soap:Fault>
<soap:Code>
<soap:Value>soap:Sender</soap:Value>
<soap:Subcode>
<soap:Value xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</soap:Value>
</soap:Subcode>
</soap:Code>
<soap:Reason>
<soap:Text xml:lang="en">An error was discovered processing the <wsse:Security> header</soap:Text>
</soap:Reason>
</soap:Fault>
</soap:Body>
</soap:Envelope>
这里,XML 请求(由 SoapUI 生成):
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:soap1="http://soap.services.cmdbuild.org">
<soap:Header/>
<soap:Body>
<soap1:getCardList>
<!--Optional:-->
<soap1:className></soap1:className>
<!--Zero or more repetitions:-->
<soap1:attributeList>
<!--Optional:-->
<soap1:code></soap1:code>
<!--Optional:-->
<soap1:name></soap1:name>
<!--Optional:-->
<soap1:value></soap1:value>
</soap1:attributeList>
<!--Optional:-->
<soap1:queryType>
<!--Optional:-->
<soap1:filter>
<!--Optional:-->
<soap1:name></soap1:name>
<!--Optional:-->
<soap1:operator>?</soap1:operator>
<!--Zero or more repetitions:-->
<soap1:value></soap1:value>
</soap1:filter>
<!--Optional:-->
<soap1:filterOperator>
<!--Optional:-->
<soap1:operator></soap1:operator>
<!--Zero or more repetitions:-->
<soap1:subquery/>
</soap1:filterOperator>
</soap1:queryType>
<!--Zero or more repetitions:-->
<soap1:orderType>
<!--Optional:-->
<soap1:columnName></soap1:columnName>
<!--Optional:-->
<soap1:type></soap1:type>
</soap1:orderType>
<!--Optional:-->
<soap1:limit></soap1:limit>
<!--Optional:-->
<soap1:offset></soap1:offset>
<!--Optional:-->
<soap1:fullTextQuery></soap1:fullTextQuery>
</soap1:getCardList>
</soap:Body>
</soap:Envelope>
阿帕奇 CXF
使用 Java,我尝试使用 Apache CXF 并自动生成类(wsdl2java)。之后,我编写了一点代码:
public class Main {
public static void main(String[] args) throws MalformedURLException {
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
Proxy315Service srv = new Proxy315Service(new URL("http://example.com.br:8080/cmdbuild/services/soap/Webservices?wsdl"));
Webservices services = srv.getProxy315Port();
EndpointImpl jaxWsEndpoint = (EndpointImpl) EndpointImpl.publish("http://example.com.br:8080/cmdbuild/services/soap/Webservices", services);
Endpoint cxfEndpoint = jaxWsEndpoint.getServer().getEndpoint();
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, "gchaves");
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
MenuSchema menu = services.getMenuSchema();
System.out.println(menu.getDescription());
}
}
输出:
Exception in thread "main" javax.xml.ws.WebServiceException: Could not find service named {http://proxy.sun.com/}Proxy315Service in wsdl http://example.com.br:8080/cmdbuild/services/soap/Webservices?wsdl
at org.apache.cxf.jaxws.ServiceImpl.initializePorts(ServiceImpl.java:161)
at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:149)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:101)
at javax.xml.ws.Service.<init>(Unknown Source)
at com.sun.proxy.Proxy315Service.<init>(Proxy315Service.java:40)
at com.example.main.Main.main(Main.java:26)