mar*_*cks 21 java soap jax-ws wsse
我有一个简单的命令行Java JAX-WS应用程序来测试SOAP请求,但是服务器期望密码类型是PasswordText,我对如何设置它感到难过......
代码如下:
@WebServiceRef
private static final HelloService helloService = new HelloService(url, new QName(
URL, "HelloService"));
public static void main(final String... args) {
try {
final HelloPort helloPort = helloService.getHelloPort();
final BindingProvider hB = ((BindingProvider) helloPort);
hB.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
END_POINT_ADDRESS);
hB.getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
USERNAME);
hB.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
PASSWORD);
...
我已经使用SOAP-UI测试了请求,所以我知道它正在运行.任何有关设置密码类型的帮助将不胜感激.
谢谢.
Sim*_*onB 34
这将设置基本HTTP身份验证的用户名和密码.如果你在SoapUI中测试过它,我猜你所说的'PasswordText'值是请求详细信息窗格中的'WSS-Password Type'.这设置了WSS安全性,而不是HTTP安全性.
使用Java6中的JAX-WS,您需要附加SOAPHandler以将WSS-Usertoken注入SOAP Header.关于这一轮的网络有很多位和bob,但我找不到一个单独的链接发布,所以这里有一些代码让你去...
要添加处理程序,您需要以下内容:
final Binding binding = ((BindingProvider) servicePort).getBinding();
List<Handler> handlerList = binding.getHandlerChain();
if (handlerList == null)
handlerList = new ArrayList<Handler>();
handlerList.add(new SecurityHandler());
binding.setHandlerChain(handlerList); // <- important!
然后SecurityHandler类将执行该操作.处理程序是一般事物,并且对于成功消息和故障都会被调用,但更重要的是,它们可以在两个消息方向上调用- 对于传出请求,然后再对传入响应进行调用.您只想处理外发邮件.所以你需要这样的东西:
public final class SecurityHandler implements SOAPHandler<SOAPMessageContext> {
...
@Override
public boolean handleMessage(final SOAPMessageContext msgCtx) {
// Indicator telling us which direction this message is going in
final Boolean outInd = (Boolean) msgCtx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
// Handler must only add security headers to outbound messages
if (outInd.booleanValue()) {
try {
// Get the SOAP Envelope
final SOAPEnvelope envelope = msgCtx.getMessage().getSOAPPart().getEnvelope();
// Header may or may not exist yet
SOAPHeader header = envelope.getHeader();
if (header == null)
header = envelope.addHeader();
// Add WSS Usertoken Element Tree
final SOAPElement security = header.addChildElement("Security", "wsse",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
final SOAPElement userToken = security.addChildElement("UsernameToken", "wsse");
userToken.addChildElement("Username", "wsse").addTextNode("MyWSSUsername");
userToken.addChildElement("Password", "wsse").addTextNode("MyWSSPassword");
} catch (final Exception e) {
LOG.error(e);
return false;
}
}
return true;
}
...
// Other required methods on interface need no guts
}
我在这里做了一些假设,但希望它会让你前进!
亲切的问候.
如果实现SOAPHandler接口,则msgCtx.getMessage()方法将呈现整个XML,如果使用大文件,则会出现Out of Memory错误.我在JAX-WS客户端上使用UsernameToken身份验证进行了测试,它可以正常工作:
String SECURITY_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
String PASSWORD_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
String AUTH_PREFIX = "wss";
MyService service = new MyService();
MyServicePort port = service.getMyServicePort();
try {
SOAPFactory soapFactory = SOAPFactory.newInstance();
SOAPElement security = soapFactory.createElement("Security", AUTH_PREFIX, SECURITY_NS);
SOAPElement uToken = soapFactory.createElement("UsernameToken", AUTH_PREFIX, SECURITY_NS);
SOAPElement username = soapFactory.createElement("Username", AUTH_PREFIX, SECURITY_NS);
username.addTextNode("username");
SOAPElement pass = soapFactory.createElement("Password", AUTH_PREFIX, SECURITY_NS);
pass.addAttribute(new QName("Type"), PASSWORD_TYPE);
pass.addTextNode("password");
uToken.addChildElement(username);
uToken.addChildElement(pass);
security.addChildElement(uToken);
Header header = Headers.create(security);
((WSBindingProvider) port).setOutboundHeaders(header);
// now, call webservice
} catch (SOAPException ex) {
ex.printStackTrace();
}
编辑:您应该将"rt.jar"从jre添加到classpath.
| 归档时间: |
|
| 查看次数: |
29905 次 |
| 最近记录: |