t run 来试用客户机。如果所有内容都正确设置,那么应当看到如图 1 所示的输出:
图 1. 运行应用程序的控制台输出
Java Web服务 - Axis2 WS-Security签名和加密(5)
时间:2011-02-02 IBM Dennis Sosnoski
要查看消息中的实际 WS-Security 信息,需要使用 TCPMon 之类的工具。首先设置 TCPMon 并在一个端口上接受来自客户机的连接,该连接随后转发给运行在另一个端口上的服务器(或另一个主机)。随后可以编辑 build.properties 文件并将 host-port 值修改为 TCPMon 的侦听端口。如果在控制台中再一次输入 ant run,应当会看到被交换的消息。清单 3 展示了一个样例客户机消息捕捉:
清单 3. 从客户机发送给服务器的第一条消息
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse=".../oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu=".../oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-3753023">
<wsu:Created>2009-04-18T19:26:14.779Z</wsu:Created>
<wsu:Expires>2009-04-18T19:31:14.779Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
xmlns:wsu=".../oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType=".../oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType=".../oasis-200401-wss-x509-token-profile-1.0#X509v1"
wsu:Id="CertId-2650016">MIICoDC...0n33w==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="Signature-29086271">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-14306161">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>SiU8LTnBL10/mDCPTFETs+ZNL3c=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-3753023">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>2YopLipLgBFJi5Xdgz+harM9hO0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>TnUQtz...VUpZcm3Nk=</ds:SignatureValue>
|