如何验证基于soap的java Web服务？ [英] How to authenticate soap based java web services?

问题描述

我正在使用Java开发基于Soap的Web服务。谁能告诉我如何验证使用网络服务的客户？

I am developing Soap based web services using Java. Can anyone please let me know how to authenticate the client who is consuming the web services?

谢谢。

推荐答案

可能最好但最复杂的是使用各种身份验证方法的WS-Security。但它最复杂，对企业环境也有好处。它允许您创建端到端的身份验证，并且有很多选项。你可以在简单的情况下例如使用 Web Services Security UsernameToken Profile

Probably the best but most complex is WS-Security with various authentication method. But it is most complex and its good for enterprise enviroment. It allows you to create end-to-end auth and there are lots of options. You can in simple case e.g. use Web Services Security UsernameToken Profile

    <S12:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu= "...">
  <S12:Header>
  ...
    <wsse:Security>
      <wsse:UsernameToken>
        <wsse:Username>NNK</wsse:Username>
        <wsse:Password Type="...#PasswordDigest">weYI3nXd8LjMNVksCKFV8t3rgHh3Rw==</wsse:Password>
        <wsse:Nonce>WScqanjCEAC4mQoBE07sAQ==</wsse:Nonce>
        <wsu:Created>2003-07-16T01:24:32</wsu:Created>
      </wsse:UsernameToken>
    </wsse:Security>
  ...
  </S12:Header>
...
</S12:Envelope>

我不知道你使用的是什么库，但这里有一篇很好的文章如何将Rampart安装到Axis2并实现UsernameToken处理。

I don't know what library you use, but here is a nice article how to install Rampart into Axis2 and implement UsernameToken handling.

但在某些简化案例中，您只需对Web服务器（通过SSL）进行HTTP基本身份验证即可。这可能是最糟糕的解决方案，但有时可能最容易实现。另一个与soap无关的解决方案可以是相互认证的SSL（使用客户端身份验证）。

But in some, simplified cases you can simply make HTTP Basic Authentication to web server (through SSL). This may be worst solution but sometimes could be easiest to implement. Another solution, not connected with soap can be mutual authenticated SSL (with client auth).

这篇关于如何验证基于soap的java Web服务？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！