我是 Android 开发新手。我需要使用根据 OASIS Web Services Security specification 设计的 .NET Web 服务.
我正在使用 KSOAP2 最新 API 生成 SOAP 信封。我需要严格按照以下格式发送 SOAP 请求
必需的 SOAP 信封
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>http://myXYZ_Action</wsa:Action>
<wsa:MessageID>XYZ</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://something.com</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://something.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="XYZ">
<wsu:Created>2012-03-02T14:03:24Z</wsu:Created>
<wsu:Expires>2012-03-02T14:08:24Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-XYZ">
<wsse:Username>XYZ</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XYZ</wsse:Password>
<wsse:Nonce>XYZ==</wsse:Nonce>
<wsu:Created>2012-03-02T14:04:24Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<DoSomeThing xmlns="http://something"/></soap:Body>
</soap:Envelope>
在进行大量搜索并引用在线帮助后,我已经能够使用 KSOAP2 生成 SOAP 请求,如下所示
KSOAP2 生成的请求转储
<?xml version="1.0" encoding="utf-8"?>
<v:Envelope xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:d="http://www.w3.org/2001/XMLSchema" xmlns:c="http://schemas.xmlsoap.org/soap/encoding/" xmlns:v="http://schemas.xmlsoap.org/soap/envelope/">
<v:Header>
<Action>http://myXYZ_Action</Action>
<MessageID>XYZ</MessageID>
<ReplyTo>
<Address>http://something.com</Address>
</ReplyTo>
<To>http://something.asmx</To>
<Security mustUnderstand="1">
<Timestamp Id="XYZ">
<Created>2012-03-02T14:03:24Z</Created>
<Expires>2012-03-02T14:08:24Z</Expires>
</Timestamp>
<n0:UsernameToken xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<Username>XYZ</Username>
<Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XYZ</Password>
<Nonce>XYZ==</Nonce>
<Created>2012-03-06T00:04:24Z</Created>
</n0:UsernameToken>
</Security>
</v:Header>
<v:Body>
<GetActualDateTime xmlns="http://something/" />
</v:Body>
</v:Envelope>
我的代码(这只是一个 POC 代码,因此没有遵循编码标准/最佳实践)
出于安全目的,某些信息已被屏蔽。
public class TestActivity extends Activity {
/** Called when the activity is first created. */
private static final String SOAP_ACTION = "http://myXYZ_Action";
private static final String METHOD_NAME = "DoSomeThing";
private static final String NAMESPACE = "http://something/";
private static final String URL = "http://xyz.asmx/wse";
TextView tv;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
try
{
SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
envelope.xsd = SoapSerializationEnvelope.XSD;
envelope.xsi= SoapSerializationEnvelope.XSI;
envelope.env= SoapSerializationEnvelope.ENV;
//Prepare header
envelope.headerOut = new Element[5];
envelope.headerOut[0] = buildActionHeader();
envelope.headerOut[1] = buildMessageIDHeader();
envelope.headerOut[2] = buildReplyToHeader();
envelope.headerOut[3] = buildToHeader();
envelope.headerOut[4] = buildSecurityHeader();
envelope.dotNet=true;
envelope.implicitTypes=true;
envelope.setAddAdornments(false);
envelope.setOutputSoapObject(request);
HttpTransportSE androidHttpTransport = new HttpTransportSE(URL);
androidHttpTransport.setXmlVersionTag("<?xml version=\"1.0\" encoding=\"utf-8\"?>");
androidHttpTransport.debug=true;
androidHttpTransport.call(SOAP_ACTION, envelope);
//To be removed. This is just to check the request and response.
@SuppressWarnings("unused")
String req = androidHttpTransport.requestDump;
@SuppressWarnings("unused")
String res = androidHttpTransport.responseDump;
//End
Object result = (Object)envelope.getResponse();
@SuppressWarnings("unused")
String[] results = (String[]) result;
}
catch (Exception e)
{
e.printStackTrace();
}
}
private Element buildActionHeader() {
// TODO Auto-generated method stub
//<wsa:Action> Element
Element actionElement = new Element().createElement("", "Action");
actionElement.addChild(Node.TEXT, "http://myXYZ_Action");
return actionElement;
}
private Element buildMessageIDHeader() {
// TODO Auto-generated method stub
//<wsa:MessageID> Element
Element messageIDElement = new Element().createElement("", "MessageID");
messageIDElement.addChild(Node.TEXT, "XYZ");
return messageIDElement;
}
private Element buildReplyToHeader() {
// TODO Auto-generated method stub
//<wsa:Address> Element
Element addressElement = new Element().createElement("", "Address");
addressElement.addChild(Node.TEXT, "http://something.com");
//<wsa:ReplyTo> Element
Element replyToElement = new Element().createElement("", "ReplyTo");
replyToElement.addChild(Node.ELEMENT, addressElement);
return replyToElement;
}
private Element buildToHeader() {
Element toElement = new Element().createElement("", "To");
toElement.addChild(Node.TEXT, "http://something.asmx");
return toElement;
}
private Element buildSecurityHeader() {
Element securityElement = new Element().createElement(null, "Security");
securityElement.setAttribute(null, "mustUnderstand", "1");
//<wsu:Timestamp> Element
Element timestampElement = new Element().createElement(null, "Timestamp");
timestampElement.setAttribute(null, "Id", "XYZ");
//<wsu:Created> Element
Element createdElement = new Element().createElement(null, "Created");
createdElement.addChild(Node.TEXT, "2012-03-06T00:01:24Z");
//<wsu:Expires> Element
Element expiresElement = new Element().createElement(null, "Expires");
expiresElement.addChild(Node.TEXT, "2012-03-06T00:05:24Z");
timestampElement.addChild(Node.ELEMENT, createdElement);
timestampElement.addChild(Node.ELEMENT,expiresElement);
Element usernameTokenElement = new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "UsernameToken");
Element usernameElement = new Element().createElement(null, "Username");
usernameElement.addChild(Node.TEXT, "XYZ");
Element passwordElement = new Element().createElement(null, "Password");
passwordElement.setAttribute(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
passwordElement.addChild(Node.TEXT, "XYZ");
Element nonceElement = new Element().createElement(null, "Nonce");
nonceElement.addChild(Node.TEXT, "XYZ====");
Element created2Element = new Element().createElement(null, "Created");
created2Element.addChild(Node.TEXT, "2012-03-06T00:04:24Z");
usernameTokenElement.addChild(Node.ELEMENT, usernameElement);
usernameTokenElement.addChild(Node.ELEMENT, passwordElement);
usernameTokenElement.addChild(Node.ELEMENT, nonceElement);
usernameTokenElement.addChild(Node.ELEMENT, created2Element);
securityElement.addChild(Node.ELEMENT, timestampElement);
securityElement.addChild(Node.ELEMENT, usernameTokenElement);
return securityElement;
}
}
我的以下查询没有找到任何帮助。我将感谢您的专家建议,请尽快帮助我生成正确的 SOAP 请求。
1.如何在信封上添加额外的命名空间?即向信封添加以下属性。
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
2。如何跨信封更改/映射正确的命名空间,即在 header 中添加 xmlns:wsse、xmlns:wsu、xmlns:was 命名空间并如下所述映射它们
xmlns:i="http://www.w3.org/2001/XMLSchema-instance"
to
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
OR
xmlns:d="http://www.w3.org/2001/XMLSchema"
to
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
AND
<v:Envelope> to <soap:Envelope> ; <Action> to <wsa:Action> ;
<n0:UsernameToken xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
TO
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-XYZ">
最佳答案
xmlns:i token 的这部分无关紧要,只要它引用的命名空间是正确的即可
上面的答案对我有用,就像 ie: xmlns:i xmlns:v 等
关于android - 使用 KSOAP2 根据 OASIS WS 安全规范生成复杂的 SOAP 信封?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9633733/