CXF生成的WSDL不包含WS-SecurityPolicy定义
问题描述:
我想使用WS-Security来保护我的Web服务。我使用CXF来公开我的端点,并使用Java代码(又称为CXF代码优先服务)生成WSDL。CXF生成的WSDL不包含WS-SecurityPolicy定义
本教程介绍了如何使用WS-Security与CXF在WSDL手动管理:http://www.ibm.com/developerworks/java/library/j-jws13/index.html
不过,我使用CXF自动生成WSDL。 生成的WSDL并不表示客户端应该使用WS-Security。我希望在WSDL与此类似:
<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding/>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken=".../IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
我没有使用Spring,但我用一个嵌入式码头。这里是我如何接线的一切:
CXFNonSpringServlet cxfServlet = new CXFNonSpringServlet() {
private static final long serialVersionUID = 1L;
@Override
protected void loadBus(ServletConfig sc) {
super.loadBus(sc);
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
inProps.put(WSHandlerConstants.PW_CALLBACK_REF, new TestCallback());
JaxWsServerFactoryBean factory = new JaxWsServerFactoryBean();
factory.setBus(bus);
factory.setServiceBean(new MyServiceEndpointImpl());
factory.setAddress("/myservice");
factory.getInInterceptors().add(new WSS4JInInterceptor(inProps));
factory.create();
}
};
Server server = new Server(8080);
ContextHandlerCollection contexts = new ContextHandlerCollection();
server.setHandler(contexts);
ServletContextHandler rootContext = new ServletContextHandler(contexts, "/");
rootContext.addServlet(new ServletHolder(cxfServlet), "/soap/*");
server.start();
答
它现在不支持。
注意:此时,WS-SecurityPolicy支持仅适用于“WSDL优先”方案。 WS-SecurityPolicy片段只能从WSDL中提取。将来,我们也计划启用各种代码优先方案,但目前只有WSDL可用。
http://cxf.apache.org/docs/ws-securitypolicy.html
有人在这里说明了同样的问题,并揭示@Policy的解决方案。但是,解决方案与CXF < = 2.4.1(该策略在WSDL中添加了两次)混淆。
http://cxf.547215.n5.nabble.com/WS-Security-policy-in-wsdl-for-java-first-approach-td569052.html
的复制问题已经得到解决,将在2.4.2被释放(见https://issues.apache.org/jira/browse/CXF-3668)