Java Spring Webservices SOAP认证
[英]Java Spring Webservices SOAP Authentication
问题描述
I am using java spring webservice to send soap requests to a server. 
我正在使用java spring webservice将soap请求发送到服务器。 However I get an error from the server saying 但是我从服务器收到错误消息说
The security context token is expired or is not valid
So then I added authentication to the SOAP headers, resulting in request xml something like this: 因此,然后我向SOAP标头添加了身份验证,从而导致请求xml如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<env:Header>
<Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<UsernameToken>
<Username>XXXXXXXX</Username>
<Password>XXXXXXXX</Password>
</UsernameToken>
</Security>
</env:Header>
<env:Body>
The body is in the correct format here
</env:Body>
</env:Envelope>
But I still get that error. 但我仍然会收到该错误。 From what I understand, the client sends authentication credentials to the server, the server sends back requestToken which is used to keep connection alive between client and server and then client using the token received from the server can make any other API calls such as login, buy, sell (or whatever mentioned in API) 据我了解,客户端向服务器发送身份验证凭据,服务器向后发送requestToken,该令牌用于保持客户端与服务器之间的连接保持活动状态,然后客户端使用从服务器接收到的令牌可以进行任何其他API调用,例如登录,买卖(或API中提及的任何内容)
Am I right in this assumption? 我在这个假设中正确吗? If yes, how can this be implemented using Java Spring WebServices. 如果是,那么如何使用Java Spring WebServices来实现。 Do I need to generate fields on client side like BinarySecret and package that under RequestSecurityContext? 我是否需要在客户端生成诸如BinarySecret之类的字段并将其打包在RequestSecurityContext下?
For adding the SOAP headers, I wrote a class which implements WebServiceMessageCallback and overrides doWithMessage method and writes headers in that for username and password (ie security) 为了添加SOAP头,我编写了一个类,该类实现WebServiceMessageCallback并重写doWithMessage方法,并在其中为用户名和密码(即安全性)写头。
Any help would be appreciated! 任何帮助,将不胜感激! Thank You! 谢谢!
1 个解决方案
解决方案1
0 已采纳 2018-02-16 20:53:30
So after 2 days of finding out, I was able to figure out the solution! 因此,经过2天的查找,我能够找出解决方案!
1) Generate the classes from wsdl using CXF wsdl2java 1)使用CXF wsdl2java从wsdl生成类
2) Make sure in the pom file, you point to the correct wsdlLocation 2)确保在pom文件中,您指向正确的wsdlLocation
3) Get the stub from the service class generated and inject username and password provided and then it should work. 3)从生成的服务类中获取存根,并注入提供的用户名和密码,然后它应该可以工作。 Something like this: 像这样:
final YourService service = new YourService();
final YourStub stub = service.getService();
final Map ctx = ((BindingProvider)stub).getRequestContext();
ctx.put("ws-security.username", userName);
ctx.put("ws-security.password", password);
stub.callYourMethod();
PS: Please make sure you have the right libraries, I just used cxf-bundle and nothing else from cxf and it worked! PS:请确保您具有正确的库,我只是使用了cxf-bundle,而没有使用cxf的其他东西,它起作用了! Earlier it was not working as I had individually included libraries from cxf. 之前它不起作用,因为我单独包含了cxf的库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.