问题描述
当我在SOAPUI中查看原始请求时,在wsse:Security soapenv:mustUnderstand="1"部分中获得了{<soapenv:Header>。使用zeep和python进行处理时,我在发送到服务器的请求中看不到此消息-我在应用程序日志中遇到了安全问题
from zeep import Client
from zeep.transports import Transport
from zeep import xsd
from zeep.wsse.username import Usernametoken
from zeep.wsse.utils import get_security_header
from requests import Session
request_data = {
'idNumber': 'someID','encryptedPin': 'encPin0101='
}
header_value = {
"wsse":{
"mustUnderstand":'1'
}
}
wsdl = 'http://someURL/AuthenticationWS?WSDL'
# session = Session()
# session.verify = True
# transport = Transport(session=session,# operation_timeout=10)
cl = Client(wsdl=wsdl,wsse=Usernametoken('username','password',use_digest=True))
def send_request(client,data):
return client.service.authenticateCustomer(data)
node = cl.create_message(cl.service,'authenticateCustomer',idNumber='someID',encryptedPin='encPin=')
from lxml import etree
print('###########')
print(etree.tostring(node))
print('###########')
print(send_request(cl,request_data))
第一个打印输出有效,我看到了我需要的信息除了 mustunderstand = 1 第二个打印错误-我遇到了“发生错误”,并且应用程序日志中出现了与安全性相关的错误,使我认为这是必须理解的事情,并且我尝试了不同的事情
我尝试使用soapheader来完成此操作,如以下位置所述,但未成功:
How do I add attributes to header authentication in Zeep?
https://pydoc.net/zeep/2.5.0/zeep.wsse.signature/
来了解`get_security_header`的内容,但是我没有赢得这个:(其他资源我看过:
https://stackoverflow.com/questions/62924433/zeep-with-complex-header
https://docs.python-zeep.org/en/master/headers.html
https://stackoverflow.com/questions/44330748/how-to-comply-with-policy-defined-in-wsdl
解决方法
我改用https://github.com/suds-community/suds,它具有添加这些安全令牌的简单方法:
security = Security()
token = UsernameToken('username','password')
token.setnonce()
token.setcreated()
token.setnonceencoding(True)
token.setpassworddigest('digest')
security.tokens.append(token)
client = Client('http://someURL/AuthenticationWS?WSDL')
client.set_options(wsse=security)
client.service.logCustomerInNoAuth('id_number',id_number))
非常容易