用户名和密码位于数据库中时的JAX-WS和BASIC身份验证 [英] JAX-WS and BASIC authentication, when user names and passwords are in a database
问题描述
我是JAX-WS的新手,有一件事我不明白。
I'm new to JAX-WS and there's a thing which I don't understand.
有很多关于如何设置JAX的教程 - WS安全性,但在几乎所有情况下BindingProvider.USERNAME_PROPERTY和BindingProvider.PASSWORD_PROPERTY都存储在某个.xml文件中(取决于我认为的容器) - 它们是硬编码的。这就是我没有得到的。如何通过将BindingProvider.USERNAME_PROPERTY和BindingProvider.PASSWORD_PROPERTY与数据库中的用户名和密码进行比较来验证Web服务客户端?我尝试在客户端设置BindingProvider.USERNAME_PROPERTY和BindingProvider.PASSWORD_PROPERTY,如下所示:
There's a ton of tutorials available on how to set up JAX-WS security, but in pretty much all cases BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY are stored in some .xml file(depending on the container I believe) - they are "hardcoded" that is. And that's what I don't get. How can I authenticate a web service client by comparing BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY with a user name and password that's in a database? I tried setting BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY on the client side like this:
ShopingCartService scs = new ShopingCartService(wsdlURL, name);
ShopingCart sc = scs.getShopingCartPort();
Map<String, Object> requestContext = ((BindingProvider)sc).getRequestContext();
requestContext.put(BindingProvider.USERNAME_PROPERTY, userName);
requestContext.put(BindingProvider.PASSWORD_PROPERTY, password);
sc.someFunctionCall();
然后,在服务器端检索如下:
And then, on the server side retrieving like this:
@Resource
WebServiceContext wsContext;
@WebMethod
public void someFunctionCall() {
MessageContext mc = wsContext.getMessageContext();
mc.get(BindingProvider.USERNAME_PROPERTY);
mc.get(BindingProvider.PASSWORD_PROPERTY);
}
但我总是得到null,我没有在xml中设置任何东西, Web服务工作得很好,除了我无法得到这些变量:(
But I always get null, I didn't set up anything in xml, web service works just fine, except I can't get those variables :(
我在java 1.6,tomcat 6和 JAX-WS 。
I'm running both on java 1.6, tomcat 6 and JAX-WS.
使用密码验证用户身份的任何帮助非常感谢数据库,
谢谢。
Any help with authenticating users with passwords from a database is greatly appreciated, Thanks.
推荐答案
我认为您正在寻找应用程序级别的JAX-WS身份验证,而不是服务器级别的HTTP基础。请参阅以下完整示例:
I think you are looking for JAX-WS authentication in application level, not HTTP basic in server level. See following complete example :
在Web服务客户端站点上,将用户名和密码放入请求标题中。
On the web service client site, just put your "username" and "password" into request header.
Map<String, Object> req_ctx = ((BindingProvider)port).getRequestContext();
req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, WS_URL);
Map<String, List<String>> headers = new HashMap<String, List<String>>();
headers.put("Username", Collections.singletonList("someUser"));
headers.put("Password", Collections.singletonList("somePass"));
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, headers);
在Web服务服务器站点上,通过WebServiceContext获取请求标头参数。
On the web service server site, get the request header parameters via WebServiceContext.
@Resource
WebServiceContext wsctx;
@WebMethod
public String method() {
MessageContext mctx = wsctx.getMessageContext();
Map http_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);
List userList = (List) http_headers.get("Username");
List passList = (List) http_headers.get("Password");
//...
这篇关于用户名和密码位于数据库中时的JAX-WS和BASIC身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!