使用JAX-WS(服务器端)的SOAP标头 [英] SOAP Header using JAX-WS(Server Side)

问题描述

要求是在每个WebService请求的Soap Message标头中包括安全属性.一种包含方式是:

The requirement is to include security attributes in header of Soap Message in every WebService request. One way to include is:

@WebService
@SOAPBinding
(   
    style = javax.jws.soap.SOAPBinding.Style.DOCUMENT,
    use = javax.jws.soap.SOAPBinding.Use.LITERAL
)
public interface UserService
{

    @WebMethod
    public AuthenticateResponse authenticateUser(AuthenticateRequest request, @webParam(header=true) ApplicationCredential appcredential);


@WebMethod
    public UserDetailResponse getUserDetail(UserDetailRequest request, @webParam(header=true) ApplicationCredential appcredential);

}

但是，使用上述方法，我需要在每个操作中都包含ApplicationCredential.看起来不太好.我正在寻找是否可以在BaseRequest类中包含这个ApplicationCredential类，并在那儿提到它将成为Soap Header的一部分(通过一些注释)，这真的很有帮助.例如:

But, with the above mentioned approach, I need to include ApplicationCredential at every operation. It doesn't look good. I am looking for if we can include this ApplicationCredential class in BaseRequest Class and mention there that it is going to be a part of Soap Header(through some annotaion), that would be really helpful. For ex:

public class BaseRequest
{

@SomeAnnotation which states that Appcedential is a part of Soap Header
ApplicationCredential appcredential;

}

到目前为止，我无法找到任何方法来执行此操作.任何帮助将不胜感激.

So far, I am unable to find any way to do this. Any help would be highly appreciated.

推荐答案

我知道是不久前您问了这个问题，您可能已经发现自己了，但是我还是要回答这个问题:尽量避免创建您的问题自己的Web服务身份验证握手-如果您的服务器和客户端提供了Web服务消息级别的安全性，请使用Web服务消息级别的安全性，或者仅使用传输级别的安全性，例如基本身份验证和/或SPNEGO.

I know it's a while ago you asked that question, and you may have found out yourself already, but I answer to it anyway: Try to avoid to create your own authentication handshake for Web Services - instead use either Web Service message level security if your server and client provide it, or just use transport level security, e.g. Basic Authentication and/or SPNEGO.

身份验证机制的选择主要取决于您的上下文:如果您在公司网络内提供服务，请使用那里提供的任何服务；如果没有中央身份验证基础结构，则使用基本身份验证.如果将Web服务提供给Internet，则最简单的身份验证方法还是基本身份验证(通过SSL)，但这又取决于您所设想的服务使用者的类型.

The selection of the authentication mechanism depends mainly on your context: If you provide the service within a company network, use whatever is provided there, or Basic Authentication if no central authentication infrastructure is in place. If you provide your Web Service to the Internet, the easiest way to do authentication is again Basic Authentication (via SSL), but that again depends on the kind of service consumers you envision.

我想很抱歉，这个答案提出了更多问题.我的主要观点是，您不应尝试重新发明轮子=:-)

This answer creates more questions, I guess, sorry about that. My main point is that you should not try to reinvent the wheel again =:-)

这篇关于使用JAX-WS(服务器端)的SOAP标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！