Java Web 服务: WS-Security 的大开销
2009-11-05 00:00:00 来源:WEB开发网WS-SecureConversation 策略(未包含在此处,请参见 下载 中的 secureconversation-policy-client.xml)包括一个 <sp:SecureConversationToken> 元素,用于描述消息交换将使用的安全令牌,以及提供应用于 token-exchange 消息的安全性选项。这些 token-exchange 消息使用由 rahas 模块实现的操作为客户机和服务之间的消息交换提供支持 — 因此在使用 WS-SecureConversation 时,您偶尔会看到 request-response 消息对在客户机和服务器之间传递,如 清单 2 所示。要区分添加的这些 token-exchange 消息与应用程序消息,可以根据它们所使用的不同的安全性选项(由策略定义),以及它们所使用的特殊的 http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT 请求和 http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT 响应操作代码(两者都由 WS-SecureConversation 定义)。
清单 2. 示例请求和响应
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsse:Security xmlns:wsse="http://...-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
...
</wsse:Security>
<wsa:To
>http://localhost:8800/axis2/services/seismic-secureconversation</wsa:To>
<wsa:ReplyTo>
<wsa:Address
>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:MessageID>urn:uuid:5EA8E8F04EBA73255B1246409570148</wsa:MessageID>
<wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</wsa:Action>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://...-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-30222347">
<xenc:EncryptedData ...>
...
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsse:Security xmlns:wsse="http://...-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
...
</wsse:Security>
<wsa:To
>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
<wsa:MessageID>urn:uuid:1BCDE6BE423F5FDE791246409571325</wsa:MessageID>
<wsa:Action
>http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT</wsa:Action>
<wsa:RelatesTo>urn:uuid:5EA8E8F04EBA73255B1246409570148</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://...-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-5148380">
<xenc:EncryptedData ...>
...
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
更多精彩
赞助商链接