我正在为.net soap web服务创建一个客户端,但我无法弄清楚如何正确传递密码.这是我的"硬编码"密码示例:
@Test
public void exploratorySecurityTest() {
String username = "user";
String password = "pwd";
UserStoryService service = new UserStoryService();
UserStoryServiceSoap port = service.getUserStoryServiceSoap();
//initialize security
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, username);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
int storyId = 33401;
UserStoryDTO userStoryDTO = port.getByID(storyId);
//success if no error
}
public class ClientPasswordCallback implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword("pwd");
}
}
我真正想要做的是将密码传递给回调处理程序.我在CXF文档中看到的示例实现了回调"硬编码"(就像我在本例中所做的那样)或作为用户名的函数:
if (pc.getIdentifier().equals("user")) {
pc.setPassword("pwd");
}
这些都不符合我的需求.有没有办法可以做以下事情:
@Test
public void exploratorySecurityTest() {
String username = "user";
String password = "pwd";
UserStoryService service = new UserStoryService();
UserStoryServiceSoap port = service.getUserStoryServiceSoap();
//initialize security
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, username);
//pass the password here?
outProps.put("password", password);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
...
}
San*_*aga 11
使用PW_CALLBACK_REF代替PW_CALLBACK_CLASS,并传递实例化对象,而不是静态类.您可以在所述对象中注入密码.
就像是:
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
CXFClientPasswordHandler handler = new CXFClientPasswordHandler();
handler.setPassword(password);
outProps.put(WSHandlerConstants.PW_CALLBACK_REF, handler);