CXF Web服务服务器委托向内部Web服务调用的请求凭据
[英]CXF Webservice Server delegate Request Credentials to inner Webservice Call
问题描述
How can I pass through the credentials (basic auth) from a getting request to a new request to another Webservice ? 
如何将凭证(基本身份验证)从获取请求传递到另一个Web服务的新请求?
I didn't find any property bag which can share data between the interceptors in a single request. 我没有找到任何可以在单个请求中在拦截器之间共享数据的属性包。
for clarification: 为了澄清:
- client [with basic auth cred] --> request --> WS-1 客户端[具有基本身份验证凭据]->请求-> WS-1
- ** WS-1 --> request --> WS-2 and pass thru the credentials from the original client ** WS-1->请求-> WS-2,并通过原始客户端的凭据传递
- ** WS-1 --> request --> WS-3 (with no creds) ** WS-1->请求-> WS-3(无信用)
- WS-1 --> response --> client WS-1->响应->客户端
1 个解决方案
解决方案1
2 已采纳 2014-02-28 15:57:39
Hope with this solution, i dont run in sec. 希望有了这个解决方案,我不会在几秒钟内运行。 trouble ? 有麻烦吗?
What i have done: 我做了什么:
Adding a inInterceptor the read out credentials and remote ip 添加一个inInterceptor读取的凭据和远程IP
AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
if (policy == null) {
sendErrorResponse(message, HttpURLConnection.HTTP_UNAUTHORIZED);
return;
}
message.put("request_usr", policy.getUserName());
message.put("request_pwd", policy.getPassword());
Manipulate the CXF generated WebServiceClient to change the contructors return value like 操纵CXF生成的WebServiceClient来更改构造函数的返回值,例如
/**
*
* @return returns WebServiceClass
*/
@WebEndpoint(name = "WebServiceClassSoap")
public WebServiceClassSoap getWebServiceClassSoap() {
return dynamicAuthorisation(super.getPort(WebServiceClassSoap,
WebServiceClassSoap.class));
}
private WebServiceClassSoap dynamicAuthorisation (WebServiceClassSoap service) {
return dynamicAuthorisation(service,
PhaseInterceptorChain.getCurrentMessage().get("request_usr").toString(),
PhaseInterceptorChain.getCurrentMessage().get("request_pwd").toString());
}
private WebServiceClassSoap dynamicAuthorisation (WebServiceClassSoap service, String username, String password) {
Client client = ClientProxy.getClient(service);
HTTPConduit http = (HTTPConduit) client.getConduit();
AuthorizationPolicy auth = http.getAuthorization();
auth.setUserName(username);
auth.setPassword(password);
http.setAuthorization(auth);
return service;
}
Leaving the http-conf:conduit in beans.xml 将http-conf:conduit留在beans.xml中
<http-conf:conduit name="{http://schemas.foobar.com/websvc/WebServiceClass/}WebServiceClassSoap.http-conduit">
<http-conf:authorization>
<!--
<sec:UserName>${webservices.username}@${webservices.domain}</sec:UserName>
<sec:Password>${webservices.password}</sec:Password>
-->
<sec:AuthorizationType>Basic</sec:AuthorizationType>
</http-conf:authorization>
<http-conf:client AllowChunking="false" ConnectionTimeout="30000" />
</http-conf:conduit>
Thanks to Apache CXF: Forwarding an information from an interceptor to the actual webservice implementation =) 感谢Apache CXF:将信息从拦截器转发到实际的Web服务实现 =)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.