使用HttpClient发送WebService Security(WSS)请求
使用HttpClient发起普通的WebService还是非常方便的,为了测试代码能够正常运行,最好是先准备以下的JAR包:
commons-codec-1.3.jar
commons-httpclient-3.1.jar
commons-logging-1.1.1.jar
not-yet-commons-ssl-0.3.11.jar
saxon-9.1.0.8j.jar
wsdl4j-1.6.2-fixed.jar
wss4j-1.5.8.jar
xalan-2.7.1.jar
xbean-fixed-2.4.0.jar
xbean_xpath-2.4.0.jar
xercesImpl.jar
xml-apis-2.9.1.jar
xml-apis.jar
xmlpublic-2.4.0.jar
xmlsec-1.4.3.jar
第二步,根据生成的Crypto生成WSS Header,首先需要将WS请求字符串转换为Document对象,然后才可以的,看下面源码:
commons-codec-1.3.jar
commons-httpclient-3.1.jar
commons-logging-1.1.1.jar
not-yet-commons-ssl-0.3.11.jar
saxon-9.1.0.8j.jar
wsdl4j-1.6.2-fixed.jar
wss4j-1.5.8.jar
xalan-2.7.1.jar
xbean-fixed-2.4.0.jar
xbean_xpath-2.4.0.jar
xercesImpl.jar
xml-apis-2.9.1.jar
xml-apis.jar
xmlpublic-2.4.0.jar
xmlsec-1.4.3.jar
这里先看一个简单的调用示例,几行代码就可以搞定:
public static void sendWSRequest() throws IOException, SAXException, ParserConfigurationException{
String soapRequestXml = "(You soapRequest Xml)";
PostMethod postmethod = new PostMethod("http://****/soapAddress");
byte[] b = soapRequestXml.getBytes("UTF-8");
InputStream is = new ByteArrayInputStream(b, 0, b.length);
RequestEntity re = new InputStreamRequestEntity(is, b.length,"application/xop+xml; charset=UTF-8; type=\"text/xml\"");
postmethod.setRequestEntity(re);
HttpClient httpClient = new HttpClient();
httpClient.executeMethod(postmethod);
System.out.println(postmethod.getResponseBodyAsString());
} 这里的soapReuqestXml是符合soap请求规范的XML String,如下:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> </soapenv:Header> <soapenv:Body> <Field1>600001</Field1> <Field2>3123619</Field2> <Field3>HK</Field3> </soapenv:Body> </soapenv:Envelope>这里的Header因为是普通的SOAP请求,所以是可以为空的;如果是WebService Security请求,我们需要做的就是在Header里面补充上Security Header就OK了,而下面我们要继续的就是为WSS请求补充Security Header。
这里假设你已经准备好了JKS文件了,并且知道JKS的密码和需要使用的ALIAS的密码,后面要做的就是使用Apache的WS Security生成Security Header了。
第一步,先获取Crypto,下面是一个我去掉了一些东西,但是功能完整实现类,不过使用者需要根据自己的情况修改JKS文件名以及密码等:
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.Properties;
import org.apache.commons.ssl.KeyStoreBuilder;
import org.apache.commons.ssl.Util;
import org.apache.ws.security.components.crypto.CredentialException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.Merlin;
public class KeyMaterialWssCrypto
{
private KeyStore keyStore;
private static Crypto crypto;
//Notice: This must be modified.
String jksFile = "Your JKS File.";
String jksPass = "Your JKS Password.";
String alias = "The jks alias";
String aliasPass = "The jks alias password";
public KeyStore load() throws Exception
{
if( keyStore != null ){
return keyStore;
}
if( !isEmpty( alias ) && !isEmpty( aliasPass ) ){
keyStore = KeyStoreBuilder.build( Util.streamToBytes( new FileInputStream( jksFile ) ),
alias.getBytes(), jksPass.toCharArray(), aliasPass.toCharArray() );
}
else{
keyStore = KeyStoreBuilder.build( Util.streamToBytes( new FileInputStream( jksFile ) ), jksPass.toCharArray() );
}
return keyStore;
}
public Crypto getCrypto() throws CredentialException, IOException
{
if(crypto==null){
Properties properties = new Properties();
properties.put( "org.apache.ws.security.crypto.merlin.file", jksFile );
properties.put( "org.apache.ws.security.crypto.merlin.keystore.provider", "this" );
if( !isEmpty( alias ) )
properties.put( "org.apache.ws.security.crypto.merlin.keystore.alias", alias );
if( !isEmpty( aliasPass ) )
properties.put( "org.apache.ws.security.crypto.merlin.alias.password", aliasPass );
crypto = new KeyMaterialCrypto( properties );
}
return crypto;
}
private class KeyMaterialCrypto extends Merlin
{
private KeyMaterialCrypto( Properties properties ) throws CredentialException, IOException
{
super( properties );
}
@Override
public KeyStore load( InputStream input, String storepass, String provider, String type )
throws CredentialException
{
if( "this".equals( provider ) )
{
try
{
return CopyOfKeyMaterialWssCrypto.this.load();
}
catch( Exception e )
{
throw new CredentialException( 0, null, e );
}
}
else
return super.load( input, storepass, provider, type );
}
}
public static boolean isEmpty(String str){
if(str==null || "".equals(str.trim())){
return true;
}
return false;
}
}
第二步,根据生成的Crypto生成WSS Header,首先需要将WS请求字符串转换为Document对象,然后才可以的,看下面源码:
import java.io.IOException;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.CredentialException;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.w3c.dom.Document;
import com.ubs.tools.wsclient.util.StringUtil;
import com.ubs.tools.wsclient.wsdl.wss.crypto.KeyMaterialWssCrypto;
import com.ubs.tools.wsclient.wsdl.wss.crypto.WssCrypto;
/**
*
* @author libinfeng
*
*/
public class CopyOfWSSUtil {
/**
* Add Web Service Security Header to Request Document
* @param doc
* @param wssEntry
* @return
* @throws IOException
* @throws CredentialException
* @throws WSSecurityException
* @throws Exception
*/
public static void addWSSecurity(Document doc, WSSEntry wssEntry ) throws WSSecurityException, CredentialException, IOException
{
KeyMaterialWssCrypto wssCrypto = new KeyMaterialWssCrypto(wssEntry);
WSSecSignature wssSign = new WSSecSignature();
wssSign.setUserInfo( wssEntry.getAlias(), wssEntry.getAliasPassword() );
if( wssEntry.getKeyIdentifierType() != 0 )
wssSign.setKeyIdentifierType( wssEntry.getKeyIdentifierType() );
if( !StringUtil.isEmpty( wssEntry.getSignatureAlgorithm() ) )
wssSign.setSignatureAlgorithm( wssEntry.getSignatureAlgorithm() );
if( !StringUtil.isEmpty( wssEntry.getSignatureCanonicalization() ) )
wssSign.setSigCanonicalization( wssEntry.getSignatureCanonicalization() );
wssSign.setUseSingleCertificate( Boolean.FALSE );
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
wssSign.build( doc, wssCrypto.getCrypto(), secHeader );
}
class WSSEntry {
private String jksFile;
private String jksPass;
private String alias;
private String aliasPassword;
private int keyIdentifierType=3;
private String signatureAlgorithm;
private String signatureCanonicalization;
private String cryptoProvider;
//omit get and set method
}
}
通过调用方法addWSSecurity后,Document对象就包含了WSS Header了,此时只需要把这个Document对象转换为字符串,再通过HttpClient发送就OK了。
本文出自:冯立彬的博客