CXF客户端安全 [英] CXF Client Security
问题描述
我正在创建Java soap Web服务的客户端,但是在弄清楚如何正确传递密码时遇到了麻烦。这是我的硬编码 密码示例:
I am creating a client to a Java soap web service, but am having trouble figuring out how to properly pass the password. Here is my "hardcoded" password example:
@Test
public void exploratorySecurityTest() {
String username = "user";
String password = "pwd";
UserStoryService service = new UserStoryService();
UserStoryServiceSoap port = service.getUserStoryServiceSoap();
//initialize security
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, username);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
int storyId = 33401;
UserStoryDTO userStoryDTO = port.getByID(storyId);
//success if no error
}
public class ClientPasswordCallback implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword("pwd");
}}
我真正想做的就是将密码传递给回调处理程序。我在CXF文档中看到的示例实现了硬编码回调(如我在此示例中所做的那样)或作为用户名的函数:
What I really want to do is to pass the password into the callback handler. The examples that I have seen in the CXF documentation implement the callback either "hardcoded" (as I did in this example) or as a function of the username:
if (pc.getIdentifier().equals("user"))
pc.setPassword("pwd");
这些都不满足我的需求。有什么办法可以做以下事情:
Neither of these meet my needs. Is there a way that I can do something like the following:
@Test
public void exploratorySecurityTest() {
String username = "user";
String password = "pwd";
UserStoryService service = new UserStoryService();
UserStoryServiceSoap port = service.getUserStoryServiceSoap();
//initialize security
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, username);
//pass the password here?
outProps.put("password", password);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
// ...
}
推荐答案
使用PW_CALLBACK_REF代替PW_CALLBACK_CLASS,并传递实例化的对象,而不是静态类。您可以在上述对象中插入密码。
Use PW_CALLBACK_REF instead PW_CALLBACK_CLASS, and pass an instantiated object, instead of the static class. You can inject the password in said object.
类似以下内容:
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
CXFClientPasswordHandler handler = new CXFClientPasswordHandler();
handler.setPassword(password);
outProps.put(WSHandlerConstants.PW_CALLBACK_REF, handler);
这篇关于CXF客户端安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!