Java 从JibX WS访问SOAP头
我有一个tomcat web服务,它接受opentravel.org OTA XML请求并做出相应的响应。它使用JibX OTA类 到目前为止,该服务的用户已经使用了POX,并且它工作得非常好,但是一个新用户希望使用SOAP并像这样向SOAP头添加安全凭据(而不是将它们放在POS xml片段中) 所以用这个方法我可以做到Java 从JibX WS访问SOAP头,java,soap,header,jibx,usernametoken,Java,Soap,Header,Jibx,Usernametoken,我有一个tomcat web服务,它接受opentravel.org OTA XML请求并做出相应的响应。它使用JibX OTA类 到目前为止,该服务的用户已经使用了POX,并且它工作得非常好,但是一个新用户希望使用SOAP并像这样向SOAP头添加安全凭据(而不是将它们放在POS xml片段中) 所以用这个方法我可以做到 Security security = (Security ) inCtx.getAttribute("security"); 这样我就可以在 …已在服务中指定此项 <
Security security = (Security ) inCtx.getAttribute("security");
这样我就可以在
…已在服务中指定此项
<service name="OTAService">
<service-class>com.xx.webservice.ota.HotelServiceImpl</service-class>
<operation method="list"/>
<handler-class class="org.jibx.ws.io.handler.ContextAttributeUnmarshallingInHandler">
<constructor-arg value="com.xx.shared.soap.security.Security"/>
<constructor-arg value="security"/>
</handler-class>
</service>
我将看一看bindgen customisations,看看它是否有任何启示,因为这是针对这个问题给出的唯一线索。你能告诉我你是怎么做到的吗
再次感谢。我可以分享一些用于WS-Security用户名/密码头的生产代码。我不明白你的代码为什么不起作用,但也许这会有帮助 我们从oasis-200401-wss-wssecurity-secext-1.0.xsd模式生成WS-Security代码和绑定,并进行以下定制:
<!-- Contains customization elements for code generation from WS Security schema -->
<schema-set show-schema="false" generate-all="false" xmlns:xs="http://www.w3.org/2001/XMLSchema" line-width="120">
<schema name="oasis-200401-wss-wssecurity-secext-1.0.xsd" generate-all="true" prefer-inline="true" any-handling="mapped">
<class-decorator class="org.jibx.schema.codegen.extend.CollectionMethodsDecorator" />
</schema>
</schema-set>
我们使用securityHeader的代码如下所示:
if (securityHeader == null) {
throw new AuthenticationException("No WS-Security header found");
}
List<Object> securityHeaderTypes = securityHeader.getSecurityHeaderTypes();
if (securityHeaderTypes == null || securityHeaderTypes.size() == 0) {
throw new AuthenticationException("WS-Security header appears to be empty");
}
UsernameTokenType usernameToken = null;
try {
usernameToken = (UsernameTokenType) securityHeaderTypes.get(0);
} catch (ClassCastException e) {
throw new AuthenticationException("Expected UsernameToken in WS-Security header");
}
AttributedString usernameAttStr = usernameToken.getUsername();
if (usernameAttStr == null) {
throw new AuthenticationException("Expected Username in WS-Security header");
}
String username = usernameAttStr.getString();
if (!username.equals(retailer.getRetailerUsername())) {
throw new AuthenticationException("Invalid username in WS-SecurityHeader");
}
List<Object> any = usernameToken.getAny();
if (any == null) {
throw new AuthenticationException("Expected Password element in WS-Security header");
}
PasswordString passwordString = null;
for (Iterator iterator = any.iterator(); iterator.hasNext();) {
try {
passwordString = (PasswordString) iterator.next();
} catch (ClassCastException ignore) {
logger.debug("Found non password string object");
}
}
if (passwordString == null) {
throw new AuthenticationException("Expected Password in WS-Security header");
}
if (passwordString.getAttributedString() == null) {
throw new AuthenticationException("Expected Password AttributedString in WS-Security header");
}
String password = passwordString.getAttributedString().getString();
if (!password.equals(retailer.getRetailerPassword())) {
throw new AuthenticationException("Invalid password in WS-SecurityHeader");
}
if(securityHeader==null){
抛出新的AuthenticationException(“未找到WS-Security标头”);
}
List securityHeaderTypes=securityHeader.getSecurityHeaderTypes();
if(securityHeaderTypes==null | | securityHeaderTypes.size()==0){
抛出新的AuthenticationException(“WS-Security标头似乎为空”);
}
UsernameTokenType usernameToken=null;
试一试{
usernameToken=(UsernameTokeType)securityHeaderTypes.get(0);
}catch(ClassCastException e){
抛出新的AuthenticationException(“WS-Security标头中预期的UsernameToken”);
}
AttributedString usernameAttStr=usernameToken.getUsername();
if(usernameAttStr==null){
抛出新的AuthenticationException(“WS-Security标头中的预期用户名”);
}
String username=usernameAttStr.getString();
如果(!username.equals(retailer.getRetailerUsername())){
抛出新的AuthenticationException(“WS-SecurityHeader中的用户名无效”);
}
List any=usernameToken.getAny();
if(any==null){
抛出新的AuthenticationException(“WS-Security标头中预期的密码元素”);
}
PasswordString PasswordString=null;
for(Iterator Iterator=any.Iterator();Iterator.hasNext();){
试一试{
passwordString=(passwordString)迭代器.next();
}捕获(ClassCastException忽略){
debug(“找到非密码字符串对象”);
}
}
if(passwordString==null){
抛出新的AuthenticationException(“WS-Security标头中的预期密码”);
}
if(passwordString.getAttributedString()==null){
抛出新的AuthenticationException(“WS-Security标头中的预期密码AttributeString”);
}
字符串密码=passwordString.getAttributedString().getString();
如果(!password.equals(retailer.getRetailerPassword())){
抛出新的AuthenticationException(“WS-SecurityHeader中的密码无效”);
}
我希望这有帮助 还有其他人必须这样做吗?我是唯一一个吗?
<Security>
<UsernameToken>
<Username>USERNAME</Username>
<Password>SECRET</Password>
</UsernameToken>
</Security>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.opentravel.org/OTA/2003/05">
<soapenv:Header>
<Security>
<UsernameToken>
<Username>USERNAME</Username>
<Password>SECRET</Password>
</UsernameToken>
</Security>
</soapenv:Header>
<soapenv:Body>
<OTA_HotelRoomListRQ xmlns="http://www.opentravel.org/OTA/2003/05" Version="2.0">
....
</OTA_HotelRoomListRQ>
</soapenv:Body>
</soapenv:Envelope>
C:\Java\wsse>java org.jibx.binding.generator.BindGen org.oasisopen.docs.wss.oasis200401wsswssecuritysecext1.SecurityHeaderType
Exception in thread "main" java.lang.IllegalStateException: No way to handle type java.lang.Object, referenced from org.oasisopen.docs.wss.oasis200401wsswssecuritysecext1.SecurityHeaderType
at org.jibx.binding.generator.BindGen.expandReferences(BindGen.java:227)
at org.jibx.binding.generator.BindGen.findReferences(BindGen.java:1010)
at org.jibx.binding.generator.BindGen.generate(BindGen.java:1124)
at org.jibx.binding.generator.BindGen.main(BindGen.java:1302)
<!-- Contains customization elements for code generation from WS Security schema -->
<schema-set show-schema="false" generate-all="false" xmlns:xs="http://www.w3.org/2001/XMLSchema" line-width="120">
<schema name="oasis-200401-wss-wssecurity-secext-1.0.xsd" generate-all="true" prefer-inline="true" any-handling="mapped">
<class-decorator class="org.jibx.schema.codegen.extend.CollectionMethodsDecorator" />
</schema>
</schema-set>
<target name="codegen-wss" description="Regenerate JiBX bindings and generated code for WS-Security schema">
<echo message="Running code generation from schema" />
<mkdir dir="${gen.src.dir}" />
<java classname="org.jibx.schema.codegen.CodeGen" fork="yes" classpathref="build.classpath" failonerror="true">
<arg value="-c" />
<arg value="custom_jibx_gen_wssec.xml" />
<arg value="-t" />
<arg value="${gen.src.dir}" />
<arg value="wsdl/wssec/oasis-200401-wss-wssecurity-secext-1.0.xsd" />
</java>
<move file="${gen.src.dir}/binding.xml" tofile="${wssec.binding.file}" failonerror="true" />
</target>
<target name="compile" depends="init" description="Compile the source code and run JiBX binding compiler">
<mkdir dir="${dest.dir}" />
<javac srcdir="${src.dir}:${gen.src.dir}" destdir="${dest.dir}" deprecation="on">
<classpath refid="build.classpath" />
</javac>
<bind binding="${gen.src.dir}/xxx-binding.xml">
<classpath path="${dest.dir}" />
</bind>
<bind binding="${wssec.binding.file}">
<classpath path="${dest.dir}" />
</bind>
</target>
<property name="handlerDefinitions">
<list>
<bean class="org.jibx.ws.server.HandlerDefinition" >
<description>Handler for inbound WS/Security header</description>
<property name="className" value="org.jibx.ws.io.handler.ContextAttributeUnmarshallingInHandler" />
<property name="args">
<list>
<value>org.oasisopen.docs.wss.oasis200401wsswssecuritysecext1.SecurityHeaderType</value>
<value>wssecurity.header</value>
</list>
</property>
</bean>
public ServiceRequestReceipt processRequest(ServiceRequest request, InContext inCtx, OutContext outCtx)
throws WsException {
SecurityHeaderType securityHeader = (SecurityHeaderType) inCtx.getAttribute("wssecurity.header");
if (securityHeader == null) {
throw new AuthenticationException("No WS-Security header found");
}
List<Object> securityHeaderTypes = securityHeader.getSecurityHeaderTypes();
if (securityHeaderTypes == null || securityHeaderTypes.size() == 0) {
throw new AuthenticationException("WS-Security header appears to be empty");
}
UsernameTokenType usernameToken = null;
try {
usernameToken = (UsernameTokenType) securityHeaderTypes.get(0);
} catch (ClassCastException e) {
throw new AuthenticationException("Expected UsernameToken in WS-Security header");
}
AttributedString usernameAttStr = usernameToken.getUsername();
if (usernameAttStr == null) {
throw new AuthenticationException("Expected Username in WS-Security header");
}
String username = usernameAttStr.getString();
if (!username.equals(retailer.getRetailerUsername())) {
throw new AuthenticationException("Invalid username in WS-SecurityHeader");
}
List<Object> any = usernameToken.getAny();
if (any == null) {
throw new AuthenticationException("Expected Password element in WS-Security header");
}
PasswordString passwordString = null;
for (Iterator iterator = any.iterator(); iterator.hasNext();) {
try {
passwordString = (PasswordString) iterator.next();
} catch (ClassCastException ignore) {
logger.debug("Found non password string object");
}
}
if (passwordString == null) {
throw new AuthenticationException("Expected Password in WS-Security header");
}
if (passwordString.getAttributedString() == null) {
throw new AuthenticationException("Expected Password AttributedString in WS-Security header");
}
String password = passwordString.getAttributedString().getString();
if (!password.equals(retailer.getRetailerPassword())) {
throw new AuthenticationException("Invalid password in WS-SecurityHeader");
}