Java Web 服务客户端基本身份验证 [英] Java Web Service client basic authentication

问题描述

我在 Glassfish 之上创建了一个 JAX-WS Web 服务，它需要基本的 HTTP 身份验证.

I have created a JAX-WS Web Service on top of Glassfish which requires basic HTTP authentication.

现在我想为该 Web 服务创建一个独立的 Java 应用程序客户端，但我不知道如何传递用户名和密码.

Now I want to create a standalone java application client for that Web Service but I don't have a clue of how to pass the username and password.

它适用于 Eclipse 的 Web 服务资源管理器，并检查了我发现的线路:

It works with Eclipse's Web Service explorer, and examining the wire I found this:

POST /SnaProvisioning/SnaProvisioningV1_0 HTTP/1.1
Host: localhost:8080
Content-Type: text/xml; charset=utf-8
Content-Length: 311
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: IBM Web Services Explorer
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: ""
Authorization: Basic Z2VybWFuOmdlcm1hbg==
Connection: close

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:q0="http://ngin.ericsson.com/sna/types/v1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <soapenv:Body>
    <q0:listServiceScripts/>
  </soapenv:Body>
</soapenv:Envelope>

如何使用 java 代码在此授权"标头中传递用户名和密码?它是散列还是类似的东西?算法是什么?

How do I pass the username and password in this "Authorization" header using java code? Is it hashed or something like that? What is the algorithm?

在不涉及安全的情况下，我有一个独立的 Java 客户端:

Without security involved I have a working standalone java client:

SnaProvisioning myPort = new SnaProvisioning_Service().getSnaProvisioningV10Port();
myPort.listServiceScripts();

推荐答案

事实证明，有一种简单、标准的方法可以实现我想要的:

It turned out that there's a simple, standard way to achieve what I wanted:

import java.net.Authenticator;
import java.net.PasswordAuthentication;

Authenticator myAuth = new Authenticator() 
{
    @Override
    protected PasswordAuthentication getPasswordAuthentication()
    {
        return new PasswordAuthentication("german", "german".toCharArray());
    }
};

Authenticator.setDefault(myAuth);

没有自定义的sun"类或外部依赖项，也没有手动编码任何东西.

No custom "sun" classes or external dependencies, and no manually encode anything.

我知道 BASIC 安全性并不安全，但我们也在使用 HTTPS.

I'm aware that BASIC security is not, well, secure, but we are also using HTTPS.

这篇关于Java Web 服务客户端基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！