我正在尝试从 java 调用网络服务。这基本上没有那么难,除了 web 服务需要用户名和密码以及随机数形式的一些安全性。 当我尝试从 SoapUi 调用网络服务时,我看到原始消息如下所示:
<soapenv:Envelope xmlns:sch="http://somedomain.com/pe/ws/schema"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-E70691ACBDEFEC750814238295617871">
<wsse:Username>usr</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
>pw</wsse:Password>
<wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>4smQZF5KMSktEXrQc0v5yw==</wsse:Nonce>
<wsu:Created>2015-02-13T12:12:41.784Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<sch:EventSubmitRequest>
<sch:Event>
<sch:EventId>392</sch:EventId>
<sch:Recoverable>false</sch:Recoverable>
</sch:Event>
</sch:EventSubmitRequest>
</soapenv:Body>
</soapenv:Envelope>
消息中最明显的元素是用户名、密码和创建时间,但令我困惑的是随机数。在示例中,此字段的值为 4smQZF5KMSktEXrQc0v5yw==,但每次请求时此值都不同(这是有道理的,因为根据维基百科,随机数是只使用一次的任意数字)。四处搜索时,我找不到任何有关如何在 java 中生成随机数的可用示例(虽然我确实在堆栈溢出上找到了一些 php 示例,但我无法轻松验证它们是否有效)。虽然我不介意自己构造这个 nonce,但我想知道这是否真的有必要,我有点希望这是 java 中的标准功能。
下面是我使用的代码:
import java.text.SimpleDateFormat;
import java.util.Calendar;
import javax.xml.namespace.QName;
import javax.xml.soap.*;
import javax.xml.transform.*;
import javax.xml.transform.stream.*;
public class soaptest {
public static void main(String args[]) {
try {
// Create SOAP Connection
SOAPConnectionFactory soapConnectionFactory = SOAPConnectionFactory.newInstance();
SOAPConnection soapConnection = soapConnectionFactory.createConnection();
// Send SOAP Message to SOAP Server
String url = "http://142.10.10.52:8080/pe/ws/pe/";
SOAPMessage soapResponse = soapConnection.call(createSOAPRequest(), url);
// Process the SOAP Response
printSOAPResponse(soapResponse);
soapConnection.close();
} catch (Exception e) {
System.err.println("Error occurred while sending SOAP Request to Server");
e.printStackTrace();
}
}
private static SOAPMessage createSOAPRequest() throws Exception {
MessageFactory messageFactory = MessageFactory.newInstance();
SOAPMessage soapMessage = messageFactory.createMessage();
SOAPPart soapPart = soapMessage.getSOAPPart();
SOAPEnvelope envelope = soapPart.getEnvelope();
SOAPHeader header = soapMessage.getSOAPHeader();
SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
usernameToken.addAttribute(new QName("xmlns:wsu"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
SOAPElement username = usernameToken.addChildElement("Username", "wsse");
username.addTextNode("usr");
SOAPElement password = usernameToken.addChildElement("Password", "wsse");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
password.addTextNode("pw");
SOAPElement nonce = usernameToken.addChildElement("Nonce", "wsse");
nonce.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
nonce.addTextNode("???");
SOAPElement created = usernameToken.addChildElement("Created", "wsse");
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
Calendar c1 = Calendar.getInstance();
created.addTextNode(sdf.format(c1.getTime()));
String serverURI = "http://somedomain.com/pe/ws/schema";
envelope.addNamespaceDeclaration("sch", serverURI);
// SOAP Body
SOAPBody soapBody = envelope.getBody();
SOAPElement soapBodyElem = soapBody.addChildElement("EventSubmitRequest", "sch");
SOAPElement soapBodyElem1 = soapBody.addChildElement("Event", "sch");
soapBodyElem.addChildElement(soapBodyElem1);
SOAPElement soapBodyElem2 = soapBodyElem1.addChildElement("EventId", "sch");
soapBodyElem2.addTextNode("392");
SOAPElement soapBodyElem3 = soapBodyElem1.addChildElement("Recoverable", "sch");
soapBodyElem3.addTextNode("false");
MimeHeaders headers = soapMessage.getMimeHeaders();
headers.addHeader("SOAPAction", serverURI + "EventSubmitRequest");
soapMessage.saveChanges();
/* Print the request message */
System.out.print("Request SOAP Message = ");
soapMessage.writeTo(System.out);
System.out.println();
return soapMessage;
}
/**
* Method used to print the SOAP Response
*/
private static void printSOAPResponse(SOAPMessage soapResponse) throws Exception {
TransformerFactory transformerFactory = TransformerFactory.newInstance();
Transformer transformer = transformerFactory.newTransformer();
Source sourceContent = soapResponse.getSOAPPart().getContent();
System.out.print("\nResponse SOAP Message = ");
StreamResult result = new StreamResult(System.out);
transformer.transform(sourceContent, result);
}
}
最佳答案
Oasis reference因为 UsernameToken 帮助我填补了一些空白。第 7、8、9 页最适合这种情况。特别是这些部分
/wsse:UsernameToken/wsse:Nonce
This optional element specifies a cryptographically random nonce. Each message including a element MUST use a new nonce value in order for web service producers to detect replay attacks.
和
/wsse:UsernameToken/wsse:Nonce/@EncodingType
This optional attribute URI specifies the encoding type of the nonce (see the definition of <wsse:BinarySecurityToken> for valid values). If this attribute isn't specified then the default of Base64 encoding is used.
关于生成“加密随机”随机数,建议您使用 this answer然后从中创建一个编码字符串。在您的情况下为 Base64 编码,因为这是您在上面的 XML 请求中使用的 encodingType。
关于java - 使用安全 header 中的随机数从 java 调用 soap webservice,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28501207/