属性为UsernameToken的wsu:Id=“SecurityToken-.”

Question

我使用的是WSS4J 1.6和Axis1.4。

我正在使用org.apache.ws.security.message.WSSecUsernameToken.创建UsernameToken

我不明白的是wsu:Id属性。根据web服务规范，它必须以"SecurityToken-24ada6f8-4626-4269-b786-a22361bfde78".的形式出现。

不管我做什么，wsu:Id属性都包含"UsernameToken-123“，但是，根据服务规范，它必须在表单上。

我完全不知道如何实现这一点，谷歌已经干涸了。

有人能告诉我我需要做什么吗？

现在是UsernameToken xml了。

<wsse:UsernameToken wsu:Id="UsernameToken-133"
     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>stan</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">secrit</wsse:Password>
  </wsse:UsernameToken>

正如我所希望的那样，UsernameToken xml能够发布出来。

<wsse:UsernameToken wsu:Id="SecurityToken-24ada6f8-4626-4269-b786-a22361bfde78"
     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>stan</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">secrit</wsse:Password>
  </wsse:UsernameToken>

下面是我用来创建soap消息的代码。

public String soapTest() throws Exception {
    MessageFactoryImpl messageFactory = new MessageFactoryImpl();
    SOAPMessage soapMessage = null;
    soapMessage = messageFactory.createMessage();
    Message message = (Message)soapMessage;
    SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
    unsignedEnvelope.addNamespaceDeclaration( "xsd", "http://www.w3.org/2001/XMLSchema" );
    unsignedEnvelope.addNamespaceDeclaration( "xsi", "http://www.w3.org/2001/XMLSchema-instance" );
    unsignedEnvelope.addNamespaceDeclaration( "enc", "http://schemas.xmlsoap.org/soap/encoding/" );
    unsignedEnvelope.addNamespaceDeclaration( "env", "http://schemas.xmlsoap.org/soap/envelop/" );
    unsignedEnvelope.addNamespaceDeclaration( "wsa", "http://schemas.xmlsoap.org/ws/2004/03/addressing" );
    unsignedEnvelope.addNamespaceDeclaration( "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" );
    unsignedEnvelope.addNamespaceDeclaration( "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" );
    unsignedEnvelope.addNamespaceDeclaration( "ws", "http://ws.stupidsoap.com" );

    SOAPBody soapMsgBody = (SOAPBody)soapMessage.getSOAPBody();
    org.apache.axis.message.SOAPEnvelope soapMsgEnvelope = ((Message)soapMessage).getSOAPEnvelope();

    SOAPBodyElement be = (SOAPBodyElement)soapMsgBody.addChildElement( soapMsgEnvelope.createName( "addTwoNumbers", "", "http://ws.stupidsoap.com" ) );
    be.addChildElement( "number1" ).addTextNode( "5" );
    be.addChildElement( "number2" ).addTextNode( "10" );

    org.w3c.dom.Document doc = (org.w3c.dom.Document)soapMsgEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader( doc );

    WSSecUsernameToken utBuilder = new WSSecUsernameToken();
    utBuilder.setPasswordType( WSConstants.PASSWORD_TEXT );
    utBuilder.setUserInfo( "stan", "secrit" );
    utBuilder.addNonce();
    utBuilder.addCreated();
    utBuilder.build( doc, secHeader );

    return org.apache.ws.security.util.XMLUtils.PrettyDocumentToString( doc );
}

Answer 1

试试这个：

WsuIdAllocator idAllocator = new WsuIdAllocator() {
    public String createId(String prefix, Object o) {
        return "SecurityToken-" + UUIDGenerator.getUUID();
    }

    public String createSecureId(String prefix, Object o) {
        return "SecurityToken-" + UUIDGenerator.getUUID();
    }
};

WSSecUsernameToken utBuilder = new WSSecUsernameToken();
WSSConfig wsConfig = new WSSConfig();
wsConfig.setIdAllocator(idAllocator);

utBuilder.setWsConfig(wsConfig);
utBuilder.setPasswordType( WSConstants.PASSWORD_TEXT );
utBuilder.setUserInfo( "stan", "secrit" );