Rob*_*Rob 5 java ws-security cxf spring-security
我已经完成了几个教程的混搭,也没有太成功!
我试图让Apache CXF和WS-Security回调我的Spring Security身份验证器.一切都接近工作但是在某个时刻,我在获取密码以使Spring安全性退出WS-call时遇到问题.
下面的处理程序变得很难,但pc.getPassword()为空.我希望这是在Soap中发送的密码,所以我可以把它传递给spring
public class ServerPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword( pc.getPassword() );
}
我的拦截器设置如此
<bean id="wsAuthenticationInterceptor" class="com.olympus.viewtheworld.server.security.auth.WSAuthenticationInInterceptor">
<constructor-arg index="0">
<map key-type="java.lang.String" value-type="java.lang.Object">
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass" value="com.olympus.viewtheworld.server.security.auth.ServerPasswordCallback" />
</map>
</constructor-arg>
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<jaxws:endpoint id="secureHelloService"
implementor="#secureHelloServiceImpl"
implementorClass="com.olympus.viewtheworld.server.service.Impl.SecureHelloServiceImpl"
address="/SoapService/secure/hello">
<jaxws:serviceFactory>
<ref bean="jaxws-and-aegis-service-factory" />
</jaxws:serviceFactory>
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
<ref bean="wsAuthenticationInterceptor" />
</jaxws:inInterceptors>
</jaxws:endpoint>
我从SoapUI发出的soap请求是
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://test/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>rob2</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">passwordxx</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<test:hello>
<!--Optional:-->
<hello>asdf</hello>
</test:hello>
</soapenv:Body>
</soapenv:Envelope>
版本明智的是Spring 3.1和CXF 2.7.0
在ServerPasswordCallback类中查看"passwordxx"需要做什么?是Soap请求,配置还是错误?!
干杯,罗布
好吧,这不是理想的解决方案,希望稍后会出现更好的答案,很可能是当我有更多时间来查看这个问题时。
我使用正则表达式来检查完整的数据包并提取密码字段。代码如下。当我找到正确的方法来做到这一点时,稍后会更新,因为这绝对不是它!
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
String mydata= pc.getRequestData().getMsgContext().toString();
Pattern pattern = Pattern.compile("<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">(.*?)<");
Matcher matcher = pattern.matcher(mydata);
if (matcher.find())
{
pc.setPassword( matcher.group(1) );
}
| 归档时间: |
|
| 查看次数: |
5237 次 |
| 最近记录: |