Web服务 – 在SOAP UI中测试安全的Webservivce

2019年8月2日 207次阅读

我正在使用AXIS2框架来创建我的webservices.现在我使用ramprt保护我的webservices.现在,整个请求和响应将被签名和加密.

现在我的疑问是如何在SOAP UI中测试它.当我加载wsdl文件时,它给我
下面.

    <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soapenvelope"
       xmlns:sam="http://sample03.policy.samples.rampart.apache.org">
    <soap:Header/>
     <soap:Body>
        <sam:echo>
              <!--Optional:-->
              <sam:args0>?</sam:args0>
        </sam:echo>
    </soap:Body>
  </soap:Envelope>

现在我可以放置数字证书相关数据,如何加密我想发送到轴服务器的内容.

谢谢,
纳伦德拉

最佳答案 证书数据存储在两个xml文件中,Outflowsecurity.xml和Inflowsecurity.xml应该如下所示:

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
    <xs:element name="action">
        <xs:annotation>
            <xs:documentation>Outflow security 'action' configuration</xs:documentation>
        </xs:annotation>
        <xs:complexType>
            <xs:sequence>
                <xs:element name="items" type="xs:string"/>
            <xs:element name="user" type="xs:string"/>
            <xs:element name="passwordCallbackClass" type="xs:string" minOccurs="0"/>
            <xs:element name="signaturePropFile" type="xs:string" minOccurs="0"/>
            <xs:element name="encryptionPropFile" type="xs:string" minOccurs="0"/>
            <xs:element name="encryptionPropFile" type="xs:string" minOccurs="0"/>
            <xs:element name="signatureKeyIdentifier" type="xs:string" minOccurs="0"/>
            <xs:element name="encryptionKeyIdentifier" type="xs:string" minOccurs="0"/>
            <xs:element name="encryptionUser" type="xs:string" minOccurs="0"/>
            <xs:element name="signatureParts" type="xs:string" minOccurs="0"/>

            <xs:element name="encryptionParts" type="xs:string" minOccurs="0"/>
            <xs:element name="optimizeParts" type="xs:string" minOccurs="0"/>
            <xs:element name="encryptionSymAlgorithm" type="xs:string" minOccurs="0"/>
            <xs:element name="EmbeddedKeyCallbackClass" type="xs:string" minOccurs="0"/>
            <xs:element name="encryptionKeyTransportAlgorithm" type="xs:string" minOccurs="0"/>
            <xs:element name="EmbeddedKeyName" type="xs:string" minOccurs="0"/>
            <xs:element name="timeToLive" type="xs:string" minOccurs="0"/>
        </xs:sequence>
    </xs:complexType>

</xs:element>

有关详细信息,请转到the Apache help Page

要在请求中使用身份验证,您需要在soap:Header中添加一个Tag

<soapenv:Header>
    <wsse:Security
        soapenv:mustUnderstand="1">
        <wsu:Timestamp
            wsu:Id="Timestamp-31497899">
            <wsu:Created>2008-02-06T13:39:50.943Z</wsu:Created>
            <wsu:Expires>2008-02-06T13:44:50.943Z</wsu:Expires>
        </wsu:Timestamp>
        <wsse:UsernameToken
            wsu:Id="UsernameToken-10697954">
            <wsse:Username>apache</wsse:Username>
            <wsse:Password
                Type="http://...#PasswordText">password</wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>

名称空间是:

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
点赞