In addition to HTTP and JMS, Spring WS also provides server-side email handling. This functionality is provided through the MailMessageReceiver class. This class monitors a POP3 or IMAP folder, converts the email to a WebServiceMessage, and sends any response using SMTP.
Endpoints
An endpoint interprets the XML request message and uses that input to invoke a method on the business service (typically).
To enable the support for @Endpoint and related Spring WS annotations, you will need to add
<sws:annotation-driven /> in the servlet XML file.
Endpoints are singleton by default, so they have to be thread-safe.
Endpoint interceptors
Endpoint interceptors are typically defined by using a <sws:interceptors>. You can specify for which payload root name or SOAP action the interceptor should apply.
PayloadLoggingInterceptor: logs the payload of the message. SoapEnvelopeLoggingInterceptor: logs the entire SOAP envelop, including the headers. PayloadTransformingInterceptor: transform the payload to another XML format.
Server-side testing
The integration test support lives in the org.st.server package. The core class in that package is the MockWebServiceClient.
6. Using Spring Web Services on the Client
WebServiceTemplate
The core class for client-side Web service access in Spring WS. It contains methods for sending Source objects, and receiving response messages as either Source or Result. WebServiceGatewaySupport is a convenience base class.
JmsMessageSender
This class uses the facilities of the Spring framework to transform the WebServiceMessage into a JM
S Message, send it on its way on a Queue or Topic, and receive a response (if any). MailMessageSender
This class provides an email transport via SMTP, and retrieves them via POP3.
7. Securing the Web Services with Spring WS
XWSS = XML Web Services Security package
XwsSecurityInterceptor
Endpoint interceptor based on XWSS. It requires JSE5, SAAJ and an XML security policy file (what to require, what to add).
<bean id="wsSecurityInterceptor"
class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">  <property name="policyConfiguration" value="l"/>
<property name="callbackHandlers">
<list>
<ref bean="certificateHandler"/>
<ref bean="authenticationHandler"/>
</list>
</property>
</bean>
Keystores
They are storage facilities for private keys, symmetric keys, and trusted certificates (X509 certificates): <bean id="keyStore" class="org.springframework.*.KeyStoreFactoryBean">
<property name="password" value="password"/>
<property name="location" value="cp:*/test-keystore.jks"/>
</bean>
KeyStoreCallbackHandler
This callback must be used with keystores. To validate incoming certificates or signatures, use the truststore. To decrypt incoming certificates or sign outgoing messages, use the keystore.
<bean id="keyStoreHandler" class="org.*.KeyStoreCallbackHandler">
<property name="trustStore" ref="trustStore"/>
<property name="keyStore" ref="keyStore"/>
<property name="privateKeyPassword" value="changeit"/>
</bean>
<bean id="trustStore" class="org.*.KeyStoreFactoryBean">
<property name="location" value="classpath:truststore.jks"/>
<property name="password" value="changeit"/>
</bean>
<bean id="keyStore" class="org.*.KeyStoreFactoryBean">
<property name="location" value="classpath:keystore.jks"/>
<property name="password" value="changeit"/>
</bean>
Authentication
Plain text: the SOAP message contains Username and Password elements with plain text password. <xwss:RequireUsernameToken passwordDigestRequired="false"
nonceRequired="false"/>
Digest: passwordDigestRequired="true" nonceRequired="true"
Simple validation handler
SimplePasswordValidationCallbackHandler
With Spring security
Spring Plain TextPasswordValidationCallbackHandler or
Spring Digest PasswordValidationCallbackHandler
Decryption
service fault<xwss:RequireEncryption />
<bean id="keyStoreHandler" class="org.*.KeyStoreCallbackHandler">
<property name="keyStore" ref="keyStore"/>
<property name="privateKeyPassword" value="changeit"/>
</bean>
Encryption
<xwss:Encrypt />
<bean id="keyStoreHandler" class="org.*.KeyStoreCallbackHandler">
<property name="trustStore" ref="trustStore"/>
</bean>
Wss4jSecurityInterceptor
The Wss4jSecurityInterceptor is an Endpoint Interceptor that is based on Apache's WSS4J.
WSS4J implements:
•OASIS Web Services Security: SOAP Message Security 1.0
•Username Token Profile 1.0
•X509 Token Profile 1.0
A. Annex: WSDL
WSDL
•<types>: defines the data types used by the WS
•<message>: defines the data element of the operation
•<portType>: describes a WS, the operations it can perform, and the messages involved; cor-responds to a class; operations have input/output nodes.
•<binding>: defines the message format and protocol details for each port
Example:
<portType name="glossaryTerms">
<operation name="getTerm">
<input message="getTermRequest"/>
<output message="getTermResponse"/>
</operation>
</portType>
<binding type="glossaryTerms" name="b1">
<soap:binding transport="..." />
<operation>
<soap:operation soapAction="example/getTerm"/>
<input><soap:body use="literal"/></input>
<output><soap:body use="literal"/></output>
</operation>
</binding>
<service name=”...”>
<port binding=”...” name=”...”>
<soap:address location=”...” />
</port>
</service>
B. Annex: SOAP
Skeleton SOAP Message:
<?xml version="1.0"?>
<soap:Envelope
xmlns:soap="/2001/12/soap-envelope"
soap:encodingStyle="/2001/12/soap-encoding">
<soap:Header>
[metadata; must be namespace-qualified]
...
</soap:Header>

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。