实现webservice provider + sts(Implementing webservice provider + sts)
我必须整合两个系统:
- 用DELPHI编写的应用程序。 该应用程序充当Web服务客户端(WSC)
- 第二个系统充当Web服务提供商(WSP)
整个沟通必须遵守ws-policy asserions:
<wsp:Policy wsu:Id="WSHttpBinding_policy"> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> </wsp:Policy> </sp:TransportBinding> <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:BootstrapPolicy> <wsp:Policy> <sp:SignedParts> <sp:Body/> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> </sp:SignedParts> <sp:EncryptedParts> <sp:Body/> </sp:EncryptedParts> <sp:TransportBinding> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> </wsp:Policy> </sp:TransportBinding> <sp:SignedSupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SignedSupportingTokens> <sp:Wss11> <wsp:Policy/> </sp:Wss11> <sp:Trust10> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> </wsp:Policy> </sp:BootstrapPolicy> </wsp:Policy> </sp:SecureConversationToken> </wsp:Policy> </sp:EndorsingSupportingTokens> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy/> </sp:Wss11> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> <wsaw:UsingAddressing/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>我的任务是在java中实现WSP(最好是在Apache CXF中)。 分析ws-policy:
- 通信应该使用安全连接(HttpsToken)
- 它需要有一种“令牌”(可能是安全令牌服务(STS)令牌)
似乎我需要使用WS-TRUST规范,并且除了真正的WSP之外我还需要创建STS。
在DELPHI应用程序中,我只能为webservice指定一个URL。 如何实现这样的webservice:
- 生成STS令牌
- 运行真正的WSP操作。
I must integrate two systems:
- application written in DELPHI. The application acts as webservice client (WSC)
- second system acting as a webservice provider (WSP)
Whole communication must comply following ws-policy asserions:
<wsp:Policy wsu:Id="WSHttpBinding_policy"> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> </wsp:Policy> </sp:TransportBinding> <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:BootstrapPolicy> <wsp:Policy> <sp:SignedParts> <sp:Body/> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> </sp:SignedParts> <sp:EncryptedParts> <sp:Body/> </sp:EncryptedParts> <sp:TransportBinding> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> </wsp:Policy> </sp:TransportBinding> <sp:SignedSupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SignedSupportingTokens> <sp:Wss11> <wsp:Policy/> </sp:Wss11> <sp:Trust10> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> </wsp:Policy> </sp:BootstrapPolicy> </wsp:Policy> </sp:SecureConversationToken> </wsp:Policy> </sp:EndorsingSupportingTokens> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy/> </sp:Wss11> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> <wsaw:UsingAddressing/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>My task is to implement WSP in java (preferably in Apache CXF). Analyzing ws-policy:
- communiaction should use secure connection (HttpsToken)
- it is required to have kind of "token" (probably Secure Token Service (STS) token)
It seems that I need to use WS-TRUST specification, and that I need to create STS besides real WSP.
In DELPHI application I can specify only one URL for webservice. How to implement such webservice which:
- produce STS token
- run real WSP operation.
原文:https://stackoverflow.com/questions/35311224
更新时间:2023-11-20 11:11
最满意答案
对不起,我用--local选项,它工作..魔术!
Sorry for trouble, I used --local option and it worked.. Magic!!!
相关问答
更多-
阅读您的评论我看到您要复制结构,如果是这样,您可以在mysql中执行此操作: CREATE TABLE new_table AS (SELECT * FROM old_table); 这将使用旧表维护字段和值的数据创建新表。 Reading your comments I see that you want to copy the structure, if so you can do this in mysql: CREATE TABLE new_table AS (SELECT * FROM old_ ...
-
将旧表复制到newtable与newtable略有不同?(Copying oldtable to newtable with slight differences in newtable?)[2023-11-19]
这样的东西应该是你正在寻找的东西: oldTypeOnes = session.query(oldTable).filter(oldTable.type == 1).all() for oldTypeOne in oldTypeOnes: session.add(newTable(parent_id=oldTypeOne.id, type=oldTypeOne.type, \ name=oldTypeOne.name)) session.commit() Something l ... -
mysql加载数据infile无法获取文件的状态Errcode:2(mysql load data infile can't get stat of file Errcode: 2)[2023-08-06]
尝试使用LOAD DATA LOCAL INFILE代替LOAD DATA INFILE 否则检查apparmor是否为您的目录活动 try to use LOAD DATA LOCAL INFILE instead of LOAD DATA INFILE else check if apparmor is active for your directory -
使用perror命令 : $ perror 28 OS error code 28: No space left on device 除非系统上的错误代码不同,否则文件系统已满。 Use the perror command: $ perror 28 OS error code 28: No space left on device Unless error codes are different on your system, your file system is full.
-
使用SELECT INTO OUTFILE如何解决MySQL Errcode 13?(How can I get around MySQL Errcode 13 with SELECT INTO OUTFILE?)[2023-05-01]
Ubuntu的哪个特定版本是这个Ubuntu Server Edition? AppArmor附带的最新Ubuntu Server Edition(如10.04)和默认情况下,MySQL的配置文件可能处于强制模式。 您可以通过执行sudo aa-status来检查,如下所示: # sudo aa-status 5 profiles are loaded. 5 profiles are in enforce mode. /usr/lib/connman/scripts/dhclient-script ... -
它是代理身份验证, File> Settings...> Appearance & Behavior> System Settings> HTTP Proxy 检查图像 It was the Proxy authentication, File> Settings...> Appearance & Behavior> System Settings> HTTP Proxy Check the image
-
试试另一条路可以解决你的问题。 Just try another path it should solve your problem.
-
对不起,我用--local选项,它工作..魔术! Sorry for trouble, I used --local option and it worked.. Magic!!!
-
我认为你应该逃避LOAD DATA语句中\n的反斜杠,告诉Java它是文字\n而不是真正的换行符: String loadQuery = "LOAD DATA INFILE '" + path.toAbsolutePath() + "' INTO TABLE persons FIELDS TERMINATED BY ','" + " LINES TERMINATED BY '\\n' (PersonID, FirstName, City) "; ...
-
这是因为/usr/local/bin/ringo.py不能由您的脚本运行的用户执行。 您可以通过尝试从shell运行脚本(与脚本运行的用户相同)来检查: $ /usr/local/bin/ringo.py 您需要使用chmod命令使其可执行,或者像下面这样调用子进程: subprocess.call(["python", "/usr/local/bin/ringo.py",filename]) This caused because /usr/local/bin/ringo.py is not exec ...