我想知道是否可以使用WS-SecurityPolicy而不是WS-Security來構建cxf-bc。 WS-SecurityPolicy似乎是一個更優雅的解決方案,因爲所有東西都在WSDL中。例子歡迎。 :)cxf-bc中的WS-securitypolicy部署在servicemix中
那麼與大衛的幫助我得到了CXF-BC在ESB上安裝和運行,但我似乎無法測試它。它讓回來用:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
我味精:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:typ="http://nwec.faa.gov/wxrec/UserAccount/types">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-25" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>bob</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobspassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:Action>http://nwec.faa.gov/wxrec/UserAccount/UserAccountPortType/ApproveDenyAccountRequest</wsa:Action>
</soapenv:Header>
<soapenv:Body>
...
</soapenv:Body>
這裏的WSDL中的策略:
<wsp:Policy wsu:Id="UserAccountBindingPolicy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
<wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" wsp:Optional="true" />
<wsp:Policy >
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
好的,在看了JAASTest之後,我仍然沒有絲毫知道如何實現它。此外,它似乎並沒有JAASTest甚至使用wsdl與其中定義的ws-security策略,除非我遺漏了一些東西,而且似乎並沒有apache發佈servicemix-cxf-bc-2010.01.xsd ,所以我不能使用它。 – Vinh 2010-04-06 18:24:57
帶外部策略附件的CXF總線示例: http://fisheye6.atlassian.com/browse/servicemix/components/bindings/servicemix-cxf-bc/tags/servicemix-cxf-bc-2010.01/src/test/ resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas-policy-bus-context.xml?r = HEAD 請參閱http://cxf.apache.org/docs/ws-securitypolicy。HTML的其他方式來附加政策。 配置您的CXF-BC消費者: http://fisheye6.atlassian.com/browse/servicemix/components/bindings/servicemix-cxf-bc/tags/servicemix-cxf-bc-2010.01/src/test/resources/ org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml?r = HEAD – DavidValeri 2010-04-07 12:14:36
你需要的一切應該在這裏http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf- bc/2010.01/ – DavidValeri 2010-04-07 12:15:45