Jax ws 使用SAML2令牌编写独立Java客户端以访问安全的WCF Web服务 我试图通过使用一个简单的java客户端和Metro Web服务API(WebService -RT-2.2.0-1)访问.NET平台上编写的一个安全的Windows公共基础(WCF)Web服务。
使用带有ant目标的WCF web服务的WSDL,我能够生成web服务构件 为了访问WCF web服务,我需要在SOAP请求中插入SAML2令牌。通过访问REST服务来检索此SAML2令牌,REST服务的响应包含SAML2断言。目前,我将令牌作为字符串对象(整个断言XML)随身携带 此代码引发了以下错误: WST0029:无法从IssuedToken或客户端获取STS位置 因此,我将代码修改为以下内容:Jax ws 使用SAML2令牌编写独立Java客户端以访问安全的WCF Web服务 我试图通过使用一个简单的java客户端和Metro Web服务API(WebService -RT-2.2.0-1)访问.NET平台上编写的一个安全的Windows公共基础(WCF)Web服务。,jax-ws,wcf-client,wsit,Jax Ws,Wcf Client,Wsit,使用带有ant目标的WCF web服务的WSDL,我能够生成web服务构件 为了访问WCF web服务,我需要在SOAP请求中插入SAML2令牌。通过访问REST服务来检索此SAML2令牌,REST服务的响应包含SAML2断言。目前,我将令牌作为字符串对象(整个断言XML)随身携带 此代码引发了以下错误: WST0029:无法从IssuedToken或客户端获取STS位置 因此,我将代码修改为以下内容: MyService service = new MyService(new URL(wsdl
MyService service = new MyService(new URL(wsdlLocation), new QName("http://tempuri.org/",
"MyService"));
DefaultSTSIssuedTokenConfiguration config = new DefaultSTSIssuedTokenConfiguration(stsEndpointAddress, wsdl, "MyService","CustomBinding_IMyService","http://tempuri.org/");
STSIssuedTokenFeature feature = new STSIssuedTokenFeature(config);
IMyService port = service.getCustomBindingIMyService(new WebServiceFeature[]{feature});
port.getApiVersion();
通过上述操作,STS定位错误消失了,但出现了以下错误。
线程“main”javax.xml.ws.WebServiceException中的异常:java.lang.NullPointerException
位于com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:250)
在com.sun.xml.ws.api.pipe.Fiber.\uu doRun(Fiber.java:961)
com.sun.xml.ws.api.pipe.Fiber.\u-doRun(Fiber.java:910)
位于com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:873)
位于com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:775)
位于com.sun.xml.ws.client.Stub.process(Stub.java:429)
位于com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:168)
位于com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
位于com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:102)
位于com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:151)
在$Proxy44.getApiVersion(未知来源)
在TnTActionsClient.callTnT(TnTActionsClient.java:426)
位于TnTActionsClient.main(TnTActionsClient.java:447)
原因:java.lang.NullPointerException
在com.sun.xml.ws.security.trust.impl.wstrustclientcontracmpl.setLifetime上(wstrustclientcontracmpl.java:215)
在com.sun.xml.ws.security.trust.impl.wstrustclientcontracmpl.handleRSTR(wstrustclientcontracmpl.java:145)
位于com.sun.xml.ws.security.trust.impl.TrustPluginImpl.process(TrustPluginImpl.java:177)
在com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.getIssuedTokenContext(STSIssuedTokenProviderImpl.java:144)上
在com.sun.xml.ws.security.trust.impl.client.STSIssuedTokenProviderImpl.issue(STSIssuedTokenProviderImpl.java:74)上
位于com.sun.xml.ws.api.security.trust.client.IssuedTokenManager.getIssuedToken(IssuedTokenManager.java:83)
位于com.sun.xml.wss.jaxws.impl.SecurityClientTube.invokeTrustPlugin(SecurityClientTube.java:685)
位于com.sun.xml.wss.jaxws.impl.SecurityClientTube.ProcessClientRequestPack(SecurityClientTube.java:281)
位于com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:247)
... 还有12个
我已经打开了SOAP消息的日志记录,并且在检查请求时,我看到请求中没有任何与安全相关的信息。
正在从Web服务端点返回失败响应,指示请求中存在无效的安全性
我想知道:
1.到目前为止,我与客户的关系是否正常?
2.调用我的REST服务并解析SAML2令牌的响应的最佳方法是什么?
3.如何将步骤2中的SAML2令牌设置到我的web服务all中
根据WCF web服务的实现者的说法,他们使用的是WS-Security,而不是联合安全性。
收到的SAML2令牌如下所示:
<wsse:Security soap:mustUnderstand="true"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<Assertion ID="_909088b3-d972-4b6f-84b1-26301c1c3b69"
IssueInstant="2012-10-16T12:32:44.293Z" Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>xyz:appl:identity</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_909088b3-d972-4b6f-84b1-26301c1c3b69">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>some_value_here</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>sig_here</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>certHere</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<NameID
Format="http://schemas.xyz.com/2009/09/Identity/Format/Idm/InsightUserName">user222</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
</Subject>
<Conditions NotBefore="2012-10-16T12:32:44.293Z"
NotOnOrAfter="2022-01-01T12:00:00.000Z">
<AudienceRestriction>
<Audience>uri:samlclient.xyzbadal.com</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>support@abc.com</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/CustomerId">
<AttributeValue>11209</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/InsightUserId">
<AttributeValue>1</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/NameIdFormat">
<AttributeValue>http://schemas.xyz.com/2009/09/Identity/Format/Idm/InsightUserName</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasProfile">
<AttributeValue>True</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/Password">
<AttributeValue>test1</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasPassword">
<AttributeValue>True</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/LocaleName">
<AttributeValue>en-US</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasCredential">
<AttributeValue>false</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/InternalReferenceId">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role">
<AttributeValue>CustomiseUI</AttributeValue>
<AttributeValue>EditConfiguration</AttributeValue>
...
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/ProfileUrl">
<AttributeValue>https://identity.com/able/</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement AuthnInstant="2012-10-16T12:32:44.000Z"
SessionNotOnOrAfter="2022-01-01T12:00:00.000Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</wsse:Security>
xyz:appl:identity
这里有些价值
这里有信号吗
当然
用户222
uri:samlclient.xyzbadal.com
用户222
用户222
support@abc.com
11209
1.
http://schemas.xyz.com/2009/09/Identity/Format/Idm/InsightUserName
真的
测试1
真的
恩美
假的
用户222
客户界面
编辑配置
..
<wsse:Security soap:mustUnderstand="true"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<Assertion ID="_909088b3-d972-4b6f-84b1-26301c1c3b69"
IssueInstant="2012-10-16T12:32:44.293Z" Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>xyz:appl:identity</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_909088b3-d972-4b6f-84b1-26301c1c3b69">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>some_value_here</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>sig_here</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>certHere</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<NameID
Format="http://schemas.xyz.com/2009/09/Identity/Format/Idm/InsightUserName">user222</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
</Subject>
<Conditions NotBefore="2012-10-16T12:32:44.293Z"
NotOnOrAfter="2022-01-01T12:00:00.000Z">
<AudienceRestriction>
<Audience>uri:samlclient.xyzbadal.com</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>support@abc.com</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/CustomerId">
<AttributeValue>11209</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/InsightUserId">
<AttributeValue>1</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/NameIdFormat">
<AttributeValue>http://schemas.xyz.com/2009/09/Identity/Format/Idm/InsightUserName</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasProfile">
<AttributeValue>True</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/Password">
<AttributeValue>test1</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasPassword">
<AttributeValue>True</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/LocaleName">
<AttributeValue>en-US</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/HasCredential">
<AttributeValue>false</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/InternalReferenceId">
<AttributeValue>user222</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role">
<AttributeValue>CustomiseUI</AttributeValue>
<AttributeValue>EditConfiguration</AttributeValue>
...
</Attribute>
<Attribute
Name="http://schemas.xyz.com/2009/09/Identity/Claims/ProfileUrl">
<AttributeValue>https://identity.com/able/</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement AuthnInstant="2012-10-16T12:32:44.000Z"
SessionNotOnOrAfter="2022-01-01T12:00:00.000Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</wsse:Security>
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions targetNamespace="http://schemas.xyz.com/TrackMe/2010/06/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://schemas.xyz.com/TrackMe/2010/06/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<wsdl:types>
<xsd:schema targetNamespace="http://schemas.xyz.com/TrackMe/2010/06/Imports">
<xsd:import schemaLocation="TrackMe.xsd" namespace="http://schemas.xyz.com/TrackMe/2010/06/"/>
<xsd:import schemaLocation="TrackMe_1_2_3_4.xsd" namespace="http://schemas.xyz.com/shs/api"/>
<xsd:import schemaLocation="TrackMe_1_2.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
<xsd:import schemaLocation="TrackMe_1.xsd" namespace="http://schemas.xyz.com/TrackMe/2010/06/Data"/>
<xsd:import schemaLocation="TrackMe_1_2_3_4_5.xsd" namespace="http://schemas.datacontract.org/2004/07/xyz.Validation"/>
<xsd:import schemaLocation="TrackMe_1_2_3.xsd" namespace="http://schemas.datacontract.org/2004/07/xyz.TrackMe.PublicApiService.Contract"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="IMyService_GetApiVersion_InputMessage">
<wsdl:part name="parameters" element="tns:GetApiVersion"/>
</wsdl:message>
<wsdl:message name="IMyService_GetApiVersion_OutputMessage">
<wsdl:part name="parameters" element="tns:GetApiVersionResponse"/>
</wsdl:message>
<wsdl:message name="IMyService_GetApiVersion_FaultDetailFault_FaultMessage">
<wsdl:part name="detail" element="q2:Fault" xmlns:q2="http://schemas.xyz.com/shs/api"/>
</wsdl:message>
....
<wsdl:operation name="GetApiVersion">
<wsdl:input wsaw:Action="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersion" message="tns:IMyService_GetApiVersion_InputMessage"/>
<wsdl:output wsaw:Action="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersionResponse" message="tns:IMyService_GetApiVersion_OutputMessage"/>
<wsdl:fault wsaw:Action="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersionFaultDetailFault" name="FaultDetailFault" message="tns:IMyService_GetApiVersion_FaultDetailFault_FaultMessage"/>
</wsdl:operation>
...
</wsdl:portType>
</wsdl:definitions>
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions name="MyService" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://tempuri.org/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:i0="http://schemas.xyz.com/TrackMe/2010/06/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<wsp:Policy wsu:Id="CustomBinding_IMyService_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<sp:RequestSecurityTokenTemplate>
<trust:TokenType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</trust:TokenType>
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy/>
</sp:Wss11>
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:import namespace="http://schemas.xyz.com/TrackMe/2010/06/" location="TrackMe.wsdl"/>
<wsdl:types/>
<wsdl:binding name="CustomBinding_IMyService" type="i0:IMyService">
<wsp:PolicyReference URI="#CustomBinding_IMyService_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
...
<wsdl:operation name="GetApiVersion">
<soap12:operation soapAction="http://schemas.xyz.com/TrackMe/2010/06/IMyService/GetApiVersion" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
<wsdl:fault name="FaultDetailFault">
<soap12:fault name="FaultDetailFault" use="literal"/>
</wsdl:fault>
</wsdl:operation>
....
</wsdl:binding>
<wsdl:service name="MyService">
<wsdl:port name="CustomBinding_IMyService" binding="tns:CustomBinding_IMyService">
<soap12:address location="https://apidev2.devel.abc.com/tnt/public_api/TrackMe.svc"/>
<wsa10:EndpointReference>
<wsa10:Address>https://apidev2.devel.abc.com/tnt/public_api/TrackMe.svc</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>