JAX-WS 密码类型 PasswordText [英] JAX-WS Password Type PasswordText
问题描述
我有一个简单的命令行 Java JAX-WS 应用程序来测试 SOAP 请求,但服务器期望密码类型为 PasswordText,我很困惑如何设置它...
I've got a simple command line Java JAX-WS app to test a SOAP request, but the server is expecting the Password Type to be PasswordText and I'm stumped on how to set this...
代码如下:
@WebServiceRef
private static final HelloService helloService = new HelloService(url, new QName(
URL, "HelloService"));
public static void main(final String... args) {
try {
final HelloPort helloPort = helloService.getHelloPort();
final BindingProvider hB = ((BindingProvider) helloPort);
hB.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
END_POINT_ADDRESS);
hB.getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
USERNAME);
hB.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
PASSWORD);
...
我已经使用 SOAP-UI 测试了请求,所以我知道它正在工作.任何有关设置密码类型的帮助将不胜感激.
I've tested the request using SOAP-UI so I know it's working. Any help on setting the password type would be appreciated.
谢谢.
推荐答案
这将设置基本 HTTP 身份验证的用户名和密码.如果您已经在 SoapUI 中对其进行了测试,我猜您所说的PasswordText"值是请求详细信息窗格中的WSS-Password Type".这设置了 WSS 安全性,而不是 HTTP 安全性.
That will set the username and password for Basic HTTP authentication. If you've tested it in SoapUI, I'm guessing the 'PasswordText' value you speak of is the 'WSS-Password Type' in the request details pane. That sets WSS security, not HTTP security.
使用 Java6 中的 JAX-WS,您需要附加一个 SOAPHandler 以将 WSS-Usertoken 注入到 SOAP 标头中.网上有很多关于这一轮的点点滴滴,但我找不到一个单独的链接来发布,所以这里有一些代码可以让你继续......
With JAX-WS in Java6 you need to attach a SOAPHandler to inject the WSS-Usertoken into the SOAP Header. There are plenty of bits and bobs about this round the net, but I couldn't find one single link to post, so here's some code instead to get you going...
要添加处理程序,您需要像这样:
To add a handler you need something like:
final Binding binding = ((BindingProvider) servicePort).getBinding();
List<Handler> handlerList = binding.getHandlerChain();
if (handlerList == null)
handlerList = new ArrayList<Handler>();
handlerList.add(new SecurityHandler());
binding.setHandlerChain(handlerList); // <- important!
然后 SecurityHandler 类将执行此操作.处理程序是通用的东西,在成功消息和错误消息时都会被调用,但也许更重要的是,它们在两个消息方向上都会被调用 - 用于传出请求,然后再次用于传入响应.您只想处理传出的消息.所以你需要这样的东西:
Then the SecurityHandler class will do the deed. Handlers are general things and get called for both successful messages and for faults, but perhaps more importantly they get called in both message directions - for the outgoing request and then again for the incoming response. You only want to handle outgoing messages. So you'll need something like:
public final class SecurityHandler implements SOAPHandler<SOAPMessageContext> {
...
@Override
public boolean handleMessage(final SOAPMessageContext msgCtx) {
// Indicator telling us which direction this message is going in
final Boolean outInd = (Boolean) msgCtx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
// Handler must only add security headers to outbound messages
if (outInd.booleanValue()) {
try {
// Get the SOAP Envelope
final SOAPEnvelope envelope = msgCtx.getMessage().getSOAPPart().getEnvelope();
// Header may or may not exist yet
SOAPHeader header = envelope.getHeader();
if (header == null)
header = envelope.addHeader();
// Add WSS Usertoken Element Tree
final SOAPElement security = header.addChildElement("Security", "wsse",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
final SOAPElement userToken = security.addChildElement("UsernameToken", "wsse");
userToken.addChildElement("Username", "wsse").addTextNode("MyWSSUsername");
userToken.addChildElement("Password", "wsse").addTextNode("MyWSSPassword");
} catch (final Exception e) {
LOG.error(e);
return false;
}
}
return true;
}
...
// Other required methods on interface need no guts
}
我在这里做了一些假设,但希望它能让你前进!
I've made a few assumptions here, but hopefully it'll get you going!
亲切的问候.
这篇关于JAX-WS 密码类型 PasswordText的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
