SSG*_*SSG 16 java soap web-services
我正在使用Java开发基于Soap的Web服务.任何人都可以让我知道如何验证使用Web服务的客户端?
谢谢.
可能最好但最复杂的是具有各种身份验证方法的WS-Security.但它最复杂,对企业环境有益.它允许您创建端到端身份验证,并有很多选项.您可以在简单的情况下使用Web Services Security UsernameToken Profile
<S12:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu= "...">
<S12:Header>
...
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>NNK</wsse:Username>
<wsse:Password Type="...#PasswordDigest">weYI3nXd8LjMNVksCKFV8t3rgHh3Rw==</wsse:Password>
<wsse:Nonce>WScqanjCEAC4mQoBE07sAQ==</wsse:Nonce>
<wsu:Created>2003-07-16T01:24:32</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
...
</S12:Header>
...
</S12:Envelope>
我不知道你使用的库,但这里有一篇很好的文章如何将Rampart安装到Axis2并实现UsernameToken处理.
但在某些简化案例中,您只需对Web服务器(通过SSL)进行HTTP基本身份验证即可.这可能是最糟糕的解决方案,但有时可能最容易实施.另一个与soap无关的解决方案可以是相互认证的SSL(使用客户端身份验证).
我们可以实现不同的方式和不同类型的安全性:消息级安全性
最常见的是我们将WS-Security用于SOAP Web服务.一个WS-安全配置文件决定了WS-Security是如何启用.
例:
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-6138db82-5a4c-4bf7-915f-af7a10d9ae96">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">CBb7a2itQDgxVkqYnFtggUxtuqk=</wsse:Password>
<wsse:Nonce>5ABcqPZWb6ImI2E6tob8MQ==</wsse:Nonce>
<wsu:Created>2010-06-08T07:26:50Z</wsu:Created>
</wsse:UsernameToken>
上面的元素包含在SOAP头中,如下所示:
SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope();
SOAPHeader header = envelope.addHeader();
SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
SOAPElement username = usernameToken.addChildElement("Username", "wsse");
username.addTextNode(user);
SOAPElement password = usernameToken.addChildElement("Password", "wsse");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
password.addTextNode(encodedPass); //encodedPass = Base64 ( SHA-1 ( nonce + created + password ) )
SOAPElement nonce =
usernameToken.addChildElement("Nonce", "wsse");
nonce.addTextNode(Base64.encodeBytes(nonceString.getBytes()));
SOAPElement created = usernameToken.addChildElement("Created", "wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
created.addTextNode(creatTime);
以下示例很简单,仅将用户和密码添加到HTTP标头.
使用WebServiceContext接口使用JAX-WS进行应用程序身份验证
WebServiceImpl.java
package com.javacodegeeks.enterprise.ws;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.jws.WebService;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
@WebService(endpointInterface = "com.javacodegeeks.enterprise.ws.WebServiceInterface")
public class WebServiceImpl implements WebServiceInterface {
@Resource
WebServiceContext webServiceContext;
@Override
public String getHelloWorldAsString(String str) {
MessageContext messageContext = webServiceContext.getMessageContext();
// get request headers
Map<?,?> requestHeaders = (Map<?,?>) messageContext.get(MessageContext.HTTP_REQUEST_HEADERS);
List<?> usernameList = (List<?>) requestHeaders.get("username");
List<?> passwordList = (List<?>) requestHeaders.get("password");
String username = "";
String password = "";
if (usernameList != null) {
username = usernameList.get(0).toString();
}
if (passwordList != null) {
password = passwordList.get(0).toString();
}
// of course this is not real validation
// you should validate your users from stored databases credentials
if (username.equals("nikos") && password.equals("superpassword")) {
return "Valid User :"+str;
} else {
return "Unknown User!";
}
}
}
WebServiceClient.java
package com.javacodegeeks.enterprise.ws.client;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.handler.MessageContext;
import com.javacodegeeks.enterprise.ws.WebServiceInterface;
public class WebServiceClient{
public static void main(String[] args) throws Exception {
URL wsdlUrl = new URL("http://localhost:8888/webservice/helloworld?wsdl");
//qualifier name ...
QName qname = new QName("http://ws.enterprise.javacodegeeks.com/", "WebServiceImplService");
Service service = Service.create(wsdlUrl, qname);
WebServiceInterface sayHello = service.getPort(WebServiceInterface.class);
Map<String, Object> requestContext = ((BindingProvider)sayHello).getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:8888/webservice/helloworld?wsdl");
Map<String, List<String>> requestHeaders = new HashMap<String, List<String>>();
requestHeaders.put("username", Collections.singletonList("nikos"));
requestHeaders.put("Password", Collections.singletonList("superpassword"));
requestContext.put(MessageContext.HTTP_REQUEST_HEADERS, requestHeaders);
System.out.println(sayHello.getHelloWorldAsString("- This is Java Code Geeks"));
}
}
| 归档时间: |
|
| 查看次数: |
70155 次 |
| 最近记录: |