1

我正在使用要部署在 Karaf 中的骆驼 cxf 实现 Web 服务。我正在使用 karaf 附带的 pax web。我在 pom 中使用 cxf codegen 插件对 java 执行 wsdl。

我在 RouteBuilder Java DSL 中定义 cxf uri 和路由。blueprint.xml 只有一些 bean 和 RouteBuilder 的引用。

final String cxfUri =
            String.format("cxf:%s?serviceClass=%s&wsdlURL=wsdl/Event.wsdl",
                    "/Event.jws", com.example.EventPortType.class.getCanonicalName());

我已经使用 pax-web(jetty.xml) 设置了 ssl。如果我发送带有用户名和密码的 WSSE 安全标头,它会生成 MustUnderstand soap 错误。

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-LdZa8aaGdy7mWQWXLp_zpbfg">
    <wsse:Username>xxx</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxx</wsse:Password>
  </wsse:UsernameToken>
</wsse:Security>

无法更改输入请求。我得到了这个例外。

<soap:Fault>
     <faultcode>soap:MustUnderstand</faultcode>
     <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.</faultstring>
  </soap:Fault>

如何保护 cxf 端点以验证请求?

谢谢你。

4

1 回答 1

2

您需要向暴露的 CXF 服务添加 WSS4J 拦截器。您可以为用户验证提供自己的 PasswordCallback,但我更喜欢利用本机 JAAS。这是一个需要任何 Karaf 用户的 UsernameToken 的蓝图示例(这是为了公开 camel-cxf 路由,但同样的原则适用于纯 CXF 实现)。如果您更喜欢基于 Java 的 Camel 路由构建器,您可以将拦截器 bean 添加到上下文注册表中以使用它们。但是 - 蓝图(或 spring 配置)允许您比简单的端点参数进行更细粒度的控制。

<?xml version="1.0" encoding="UTF-8"?>
    <blueprint 
        xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" 
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:cxf="http://cxf.apache.org/blueprint/core" 
        xmlns:camelcxf="http://camel.apache.org/schema/blueprint/cxf" 
        xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0" 
        xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws"
        xsi:schemaLocation="
            http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
            http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd http://camel.apache.org/schema/blueprint 
            http://camel.apache.org/schema/blueprint/camel-blueprint.xsd http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0
            http://svn.apache.org/repos/asf/aries/trunk/blueprint/blueprint-cm/src/main/resources/org/apache/aries/blueprint/compendium/cm/blueprint-cm-1.1.0.xsd 
            http://cxf.apache.org/blueprint/core http://cxf.apache.org/schemas/blueprint/core.xsd
            http://cxf.apache.org/blueprint/jaxws       http://cxf.apache.org/schemas/blueprint/jaxws.xsd
            http://camel.apache.org/schema/blueprint/cxf http://camel.apache.org/schema/cxf/camel-cxf-2.7.5.xsd">

  <bean id="authenticationInterceptor" class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
            <property name="contextName" value="karaf"/>
            <property name="roleClassifier" value="RolePrincipal"/>
            <property name="roleClassifierType" value="classname"/>        
        </bean>

        <bean id="wsSecInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <argument>
                <map>
                    <entry key="action" value="UsernameToken"/>
                    <entry key="passwordType" value="PasswordText"/>
                </map>
            </argument>
        </bean>     

        <!-- ================  Apache Camel impl ======================= -->
         <camelcxf:cxfEndpoint id="testService2" 
                          address="/api/2.0/external/TestService"
                          xmlns:apogado="http://test.ws.apogado.com/v1_0/ws"
                          endpointName="apogado:AddressServicePort"
                          serviceName="apogado:AddressService"    
                          wsdlURL="classpath:/xsd/ws/TestService.wsdl"
    >

        <camelcxf:properties>
            <entry key="dataFormat" value="PAYLOAD" /> 
            <entry key="ws-security.ut.no-callbacks" value="true"/>
            <entry key="ws-security.validate.token" value="false"/>  
        </camelcxf:properties>  
        <camelcxf:inInterceptors>
            <ref component-id="wsSecInterceptor" />
            <ref component-id="authenticationInterceptor"/>  
        </camelcxf:inInterceptors>
        <camelcxf:features> 
        </camelcxf:features>
    </camelcxf:cxfEndpoint>

 <camelContext xmlns="http://camel.apache.org/schema/blueprint" id="testWsCtx" trace="true">
   <!-- your service implementation -->
   <route>
      <from uri="testService2" />
      <to uri="..." />
   <route>
</camelContext>
 </blueprint>
于 2015-12-06T13:24:23.720 回答