用户名和密码位于数据库中时的JAX-WS和BASIC身份验证 [英] JAX-WS and BASIC authentication, when user names and passwords are in a database

问题描述

我是JAX-WS的新手，有一件事我不明白。

I'm new to JAX-WS and there's a thing which I don't understand.

有很多关于如何设置JAX的教程 - WS安全性，但在几乎所有情况下BindingProvider.USERNAME_PROPERTY和BindingProvider.PASSWORD_PROPERTY都存储在某个.xml文件中（取决于我认为的容器） - 它们是硬编码的。这就是我没有得到的。如何通过将BindingProvider.USERNAME_PROPERTY和BindingProvider.PASSWORD_PROPERTY与数据库中的用户名和密码进行比较来验证Web服务客户端？我尝试在客户端设置BindingProvider.USERNAME_PROPERTY和BindingProvider.PASSWORD_PROPERTY，如下所示：

There's a ton of tutorials available on how to set up JAX-WS security, but in pretty much all cases BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY are stored in some .xml file(depending on the container I believe) - they are "hardcoded" that is. And that's what I don't get. How can I authenticate a web service client by comparing BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY with a user name and password that's in a database? I tried setting BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY on the client side like this:

    ShopingCartService scs = new ShopingCartService(wsdlURL, name);
    ShopingCart sc = scs.getShopingCartPort();
    Map<String, Object> requestContext = ((BindingProvider)sc).getRequestContext();
    requestContext.put(BindingProvider.USERNAME_PROPERTY, userName);
    requestContext.put(BindingProvider.PASSWORD_PROPERTY, password);
    sc.someFunctionCall();

然后，在服务器端检索如下：

And then, on the server side retrieving like this:

@Resource
WebServiceContext wsContext;

@WebMethod
public void someFunctionCall() {
    MessageContext mc = wsContext.getMessageContext();
    mc.get(BindingProvider.USERNAME_PROPERTY);
    mc.get(BindingProvider.PASSWORD_PROPERTY);
}

但我总是得到null，我没有在xml中设置任何东西， Web服务工作得很好，除了我无法得到这些变量：（

But I always get null, I didn't set up anything in xml, web service works just fine, except I can't get those variables :(

我在java 1.6，tomcat 6和 JAX-WS 。

I'm running both on java 1.6, tomcat 6 and JAX-WS.

使用密码验证用户身份的任何帮助非常感谢数据库，
谢谢。

Any help with authenticating users with passwords from a database is greatly appreciated, Thanks.

推荐答案

我认为您正在寻找应用程序级别的JAX-WS身份验证，而不是服务器级别的HTTP基础。请参阅以下完整示例：

I think you are looking for JAX-WS authentication in application level, not HTTP basic in server level. See following complete example :

使用JAX-WS进行应用程序身份验证

在Web服务客户端站点上，将用户名和密码放入请求标题中。

On the web service client site, just put your "username" and "password" into request header.

Map<String, Object> req_ctx = ((BindingProvider)port).getRequestContext();
req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, WS_URL);

Map<String, List<String>> headers = new HashMap<String, List<String>>();
headers.put("Username", Collections.singletonList("someUser"));
headers.put("Password", Collections.singletonList("somePass"));
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, headers);

在Web服务服务器站点上，通过WebServiceContext获取请求标头参数。

On the web service server site, get the request header parameters via WebServiceContext.

@Resource
WebServiceContext wsctx;

@WebMethod
public String method() {
    MessageContext mctx = wsctx.getMessageContext();

    Map http_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);
    List userList = (List) http_headers.get("Username");
    List passList = (List) http_headers.get("Password");
    //...

这篇关于用户名和密码位于数据库中时的JAX-WS和BASIC身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！