Android ksoap2 UsernameToken身份验证安全处理失败

Question

我尝试使用UsernameToken身份验证(波兰描述和文档：http://www.poczta-polska.pl/webservices/)调用WS的测试过程"String (String)“。

    private final String NAMESPACE = "http://sledzenie.pocztapolska.pl/";
    private final String URL = "https://tt.poczta-polska.pl/Sledzenie/services/Sledzenie?wsdl";
    private final String SOAP_ACTION = "http://sledzenie.pocztapolska.pl/witaj";
    private final String METHOD_NAME = "witaj";

    @Override
    protected Void doInBackground(Void... params) {
        SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
        PropertyInfo name = new PropertyInfo();
        name.setNamespace(NAMESPACE);
        name.setName("imie");
        name.setValue("ciumciurumcia");
        name.setType(String.class);
        request.addProperty(name);
        SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
        envelope.dotNet = true;
//--------------------------------------------------------------------------------------------
        Element headers[] = new Element[1];
        headers[0]= new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
        headers[0].setAttribute(envelope.env, "mustUnderstand", "1");
        Element security=headers[0];

        Element to = new Element().createElement(security.getNamespace(), "UsernameToken");
        to.setAttribute("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id", "UsernameToken-2");

        Element action1 = new Element().createElement(security.getNamespace(), "Username");
        action1.addChild(Node.TEXT, "sledzeniepp");
        to.addChild(Node.ELEMENT,action1);

        Element action2 = new Element().createElement(security.getNamespace(), "Password");
        action2.setAttribute(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-tokenprofile-1.0#PasswordText");
        action2.addChild(Node.TEXT, "PPSA");
        to.addChild(Node.ELEMENT,action2);

        headers[0].addChild(Node.ELEMENT, to);
        envelope.headerOut = headers;
//--------------------------------------------------------------------------------------------
        envelope.setOutputSoapObject(request);
        HttpTransportSE androidHttpTransport = new HttpTransportSE(URL);

        try {
            androidHttpTransport.debug = true;
            androidHttpTransport.call(SOAP_ACTION, envelope);
...

文档中描述的soap信封示例：

<soapenv:Envelope xmlns:sled="http://sledzenie.pocztapolska.pl" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>sledzeniepp</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-tokenprofile-1.0#PasswordText">PPSA</wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>
<soapenv:Body>
    <sled:witaj>
        <sled:imie>Jan</sled:imie>
    </sled:witaj>
</soapenv:Body>

​

由我的代码生成的信封：

<v:Envelope xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:d="http://www.w3.org/2001/XMLSchema" xmlns:c="http://schemas.xmlsoap.org/soap/encoding/" xmlns:v="http://schemas.xmlsoap.org/soap/envelope/">
<v:Header>
    <n0:Security v:mustUnderstand="1" xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <n0:UsernameToken n1:Id="UsernameToken-2" xmlns:n1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <n0:Username>sledzeniepp</n0:Username>
            <n0:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-tokenprofile-1.0#PasswordText">PPSA</n0:Password>
        </n0:UsernameToken>
    </n0:Security>
</v:Header>
<v:Body>
    <n2:witaj id="o0" c:root="1" xmlns:n2="http://sledzenie.pocztapolska.pl/">
        <n2:imie i:type="d:string">ciumciurumcia</n2:imie>
    </n2:witaj>
</v:Body>

​

我尝试过使用Nonce+Created等版本，答案一直是：

... <faultcode>soapenv:Server</faultcode>
    <faultstring>WSDoAllReceiver: security processing failed</faultstring>
    <detail />

我认为可疑的是信封标签中缺少命名空间http://sledzenie.pocztapolska.pl/。但我不能把它放在那里。欢迎任何建议。

Answer 1

密码字段的类型命名空间是错误的。剩下的代码现在正在工作。

正确的uri是"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText“

最后，我将工作代码与头结构和webservice数据模型放在https://github.com/mmprog/wspocztapolska上。