WSDL 中的安全机制
Security mechanism in WSDL
我想知道 WSDL 如何保护流量数据。我搜索过,但找不到我需要的任何东西。这是一个WSDL服务示例,我想了解他们的安全机制。
<wsdl:definitions
xmlns:apachesoap="http://xml.apache.org/xml-soap"
xmlns:impl="http://services.test" xmlns:intf="http://services.test"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://services.test">
<!--
WSDL created by Apache Axis version: 1.4
Built on Apr 22, 2006 (06:55:48 PDT)
-->
....
<wsdl:types>....
<wsdl:message....
<wsdl:portType>
<wsdl:operation ....
<wsdl:binding name="InterfacesSoapBinding" type="impl:Interfaces">
<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="topup">
<wsdlsoap:operation soapAction=""/>
<wsdl:input name="topupRequest">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://services.test" use="encoded"/>
</wsdl:input>
<wsdl:output name="topupResponse">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://services.test" use="encoded"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
....
<wsdl:service name="InterfacesService">
<wsdl:port binding="impl:InterfacesSoapBinding" name="Interfaces">
<wsdlsoap:address location="...."/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
这个
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://services.test" use="encoded"/>
数据流量编码正确吗?
在您的示例中根本没有安全声明。 encodingStyle 仅定义 SOAP 消息的编码和序列化方式。声明的编码风格 http://schemas.xmlsoap.org/soap/encoding 是标准的。有关详细信息,请参阅 SOAP encoding。
如果您想了解有关保护 WSDL/SOAP 网络服务的信息,请查看 OASIS 网站,例如WS-SecurityPolicy Examples or especially for message encryption SOAP Message security。通常,WSDL/SOAP 有多种针对不同用例的安全方法。
WS-Policy 声明是为 SOAP 网络服务提供安全性的方式。您需要在 WSDL 文件中实施 wsp:PolicyReference。完整的教程在这里(https://concentricsky.com/blog/article/implementing-ws-security-cxf-wsdl-first-web-service)。
我想知道 WSDL 如何保护流量数据。我搜索过,但找不到我需要的任何东西。这是一个WSDL服务示例,我想了解他们的安全机制。
<wsdl:definitions
xmlns:apachesoap="http://xml.apache.org/xml-soap"
xmlns:impl="http://services.test" xmlns:intf="http://services.test"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://services.test">
<!--
WSDL created by Apache Axis version: 1.4
Built on Apr 22, 2006 (06:55:48 PDT)
-->
....
<wsdl:types>....
<wsdl:message....
<wsdl:portType>
<wsdl:operation ....
<wsdl:binding name="InterfacesSoapBinding" type="impl:Interfaces">
<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="topup">
<wsdlsoap:operation soapAction=""/>
<wsdl:input name="topupRequest">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://services.test" use="encoded"/>
</wsdl:input>
<wsdl:output name="topupResponse">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://services.test" use="encoded"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
....
<wsdl:service name="InterfacesService">
<wsdl:port binding="impl:InterfacesSoapBinding" name="Interfaces">
<wsdlsoap:address location="...."/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
这个
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://services.test" use="encoded"/>
数据流量编码正确吗?
在您的示例中根本没有安全声明。 encodingStyle 仅定义 SOAP 消息的编码和序列化方式。声明的编码风格 http://schemas.xmlsoap.org/soap/encoding 是标准的。有关详细信息,请参阅 SOAP encoding。
如果您想了解有关保护 WSDL/SOAP 网络服务的信息,请查看 OASIS 网站,例如WS-SecurityPolicy Examples or especially for message encryption SOAP Message security。通常,WSDL/SOAP 有多种针对不同用例的安全方法。
WS-Policy 声明是为 SOAP 网络服务提供安全性的方式。您需要在 WSDL 文件中实施 wsp:PolicyReference。完整的教程在这里(https://concentricsky.com/blog/article/implementing-ws-security-cxf-wsdl-first-web-service)。