Camel cxf pax-web句柄WS-安全用户名令牌

Question

我正在使用camel cxf实现一个web服务，并将其部署在Karaf中。我用的是空手道上的pax网。我正在使用pom中的cxf codegen插件来对java执行wsdl。

我正在定义cxf和RouteBuilder Java中的路由。blueprint.xml只有一些bean和引用到RouteBuilder。

final String cxfUri =
            String.format("cxf:%s?serviceClass=%s&wsdlURL=wsdl/Event.wsdl",
                    "/Event.jws", com.example.EventPortType.class.getCanonicalName());

我已经用pax(jetty.xml)安装了ssl。如果我发送带有用户名和密码的WSSE安全头，它将生成MustUnderstand soap错误。

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-LdZa8aaGdy7mWQWXLp_zpbfg">
    <wsse:Username>xxx</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">xxx</wsse:Password>
  </wsse:UsernameToken>
</wsse:Security>

无法更改输入请求。我明白这个例外。

<soap:Fault>
     <faultcode>soap:MustUnderstand</faultcode>
     <faultstring>MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.</faultstring>
  </soap:Fault>

如何保护cxf端点以验证请求？

谢谢。

Answer 1

您需要向公开的CXF服务添加一个WSS4J拦截器。您可以为用户验证提供自己的PasswordCallback，但我更愿意利用本地JAAS。这是一个蓝图示例，要求UsernameToken与任何Karaf用户一起使用(这是用于公开camel-cxf路由，但是同样的原则适用于纯CXF实现)。如果您更喜欢基于Java的Camel路由构建器，则可以将拦截器bean添加到上下文注册表以使用它们。但是-蓝图(或spring配置)允许您比简单的端点参数更细粒度的控制。

<?xml version="1.0" encoding="UTF-8"?>
    <blueprint 
        xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" 
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:cxf="http://cxf.apache.org/blueprint/core" 
        xmlns:camelcxf="http://camel.apache.org/schema/blueprint/cxf" 
        xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0" 
        xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws"
        xsi:schemaLocation="
            http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
            http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd http://camel.apache.org/schema/blueprint 
            http://camel.apache.org/schema/blueprint/camel-blueprint.xsd http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0
            http://svn.apache.org/repos/asf/aries/trunk/blueprint/blueprint-cm/src/main/resources/org/apache/aries/blueprint/compendium/cm/blueprint-cm-1.1.0.xsd 
            http://cxf.apache.org/blueprint/core http://cxf.apache.org/schemas/blueprint/core.xsd
            http://cxf.apache.org/blueprint/jaxws       http://cxf.apache.org/schemas/blueprint/jaxws.xsd
            http://camel.apache.org/schema/blueprint/cxf http://camel.apache.org/schema/cxf/camel-cxf-2.7.5.xsd">

  <bean id="authenticationInterceptor" class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
            <property name="contextName" value="karaf"/>
            <property name="roleClassifier" value="RolePrincipal"/>
            <property name="roleClassifierType" value="classname"/>        
        </bean>

        <bean id="wsSecInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <argument>
                <map>
                    <entry key="action" value="UsernameToken"/>
                    <entry key="passwordType" value="PasswordText"/>
                </map>
            </argument>
        </bean>     

        <!-- ================  Apache Camel impl ======================= -->
         <camelcxf:cxfEndpoint id="testService2" 
                          address="/api/2.0/external/TestService"
                          xmlns:apogado="http://test.ws.apogado.com/v1_0/ws"
                          endpointName="apogado:AddressServicePort"
                          serviceName="apogado:AddressService"    
                          wsdlURL="classpath:/xsd/ws/TestService.wsdl"
    >

        <camelcxf:properties>
            <entry key="dataFormat" value="PAYLOAD" /> 
            <entry key="ws-security.ut.no-callbacks" value="true"/>
            <entry key="ws-security.validate.token" value="false"/>  
        </camelcxf:properties>  
        <camelcxf:inInterceptors>
            <ref component-id="wsSecInterceptor" />
            <ref component-id="authenticationInterceptor"/>  
        </camelcxf:inInterceptors>
        <camelcxf:features> 
        </camelcxf:features>
    </camelcxf:cxfEndpoint>

 <camelContext xmlns="http://camel.apache.org/schema/blueprint" id="testWsCtx" trace="true">
   <!-- your service implementation -->
   <route>
      <from uri="testService2" />
      <to uri="..." />
   <route>
</camelContext>
 </blueprint>