Apache CXF - 不从WSS4JOutInterceptor发送凭据？ [英] Apache CXF - credentials not being sent from WSS4JOutInterceptor?

问题描述

我正在尝试使用apache cxf 2.4.0使用WS-Security UsernameToken规范1.0，
连接到Web服务。

I am trying to connect to a web service using WS-Security UsernameToken spec 1.0, using apache cxf 2.4.0.

我已复制以下代码来自CXF文档，但我得到：org.apache.cxf.ws.policy.PolicyException：没有用户名

I've copied the code below from the CXF docs, but am getting: org.apache.cxf.ws.policy.PolicyException: No username available

    MyService_Service ss = new MyService_Service(wsdlURL, SERVICE_NAME);
    MyService port = ss.getBasicHttpBindingMyService ();  


    Client client = ClientProxy.getClient(port);
    Endpoint cxfEndpoint = client.getEndpoint();

    Map<String,Object> outProps = new HashMap<String,Object>();
    outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    outProps.put(WSHandlerConstants.USER, "USERNAME");
    outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, 
    ClientPasswordHandler.class.getName());

    WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    cxfEndpoint.getOutInterceptors().add(wssOut);

我还从文档中实现了ClientPasswordHandler类，但似乎用户名是从未发送过（根据错误）。
这是密码处理程序：

I've also implemented a ClientPasswordHandler class, again from the docs, but it seems like the username is never sent (according to the error). Here is the password handler:

public class ClientPasswordHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
    pc.setPassword("Password");     
    }
}

有没有办法看看WSS4Jinterceptor是否正在应用，并发送UsernameToken？

Is there any way to see if the WSS4Jinterceptor is being applied, and the UsernameToken is sent?

推荐答案

您是否在客户端获得PolicyException？如果是这样，那可能意味着您使用的WSDL中包含一个WS-SecucurityPolicy片段，该片段描述了它想要和期望的UsernameToken策略。如果是这种情况，则根本不应配置WSS4JOutInterceptor。 WS-Policy运行时将处理它，您只需要提供它可能需要的一些属性。

Are you getting the PolicyException on the client side? If so, that likely means the WSDL you are using has a WS-SecucurityPolicy fragment in it that describes the UsernameToken policy that it wants and is expecting. If that's the case, then you shouldn't configure the WSS4JOutInterceptor at all. The WS-Policy runtime will handle it and you just need to provide some properties that it may need.

SecurityPolicy内容的文档位于： http://cxf.apache.org/docs/ws-securitypolicy.html

The docs for the SecurityPolicy stuff are at: http://cxf.apache.org/docs/ws-securitypolicy.html

你可能只需要使用：

Map ctx = ((BindingProvider)port).getRequestContext();
ctx.put("ws-security.username", "USERNAME");
ctx.put("ws-security.password", "Password");

这篇关于Apache CXF - 不从WSS4JOutInterceptor发送凭据？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！