使用UsernameToken保护WS客户端(SOAP安全标头)
[英]Secure WS client with UsernameToken(SOAP security header)
问题描述
I'm trying to secure my WS client to be able to call the WS. 
我正在努力保护我的WS客户端能够调用WS。
My code looks like this: 我的代码看起来像这样:
SendSmsService smsService = new SendSmsService();
SendSms sendSMS = smsService.getSendSms();
BindingProvider stub = (BindingProvider)sendSMS;
//Override endpoint with local copy of wsdl.
String URL ="";//here is the wsdl url
Map<String,Object> requestContext = stub.getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, URL);
//Set usernametoken
URL fileURL = loader.getResource("client-config.xml");
File file = new File(fileURL.getFile());
FileInputStream clientConfig = null;
try {
clientConfig = new FileInputStream(file);
} catch (FileNotFoundException e) {
e.printStackTrace();
}
XWSSecurityConfiguration config = null;
try {
config = SecurityConfigurationFactory.newXWSSecurityConfiguration(clientConfig);
} catch (Exception e) {
e.printStackTrace();
log.warn("Exception: "+e.getMessage());
}
requestContext.put(XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config);
//Invoke the web service
String requestId = null;
try {
requestId = sendSMS.sendSms(addresses, senderName, charging, message, receiptRequest);
} catch (PolicyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ServiceException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
and the config file looks like this: 并且配置文件如下所示:
<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" optimize="true">
<xwss:Service>
<xwss:SecurityConfiguration dumpMessages="true"
xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:UsernameToken name="username" password="password>
</xwss:SecurityConfiguration>
</xwss:Service>
<xwss:SecurityEnvironmentHandler>
util.SecurityEnvironmentHandler
</xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>
The SecurityEnviromentHandler is a dummy class that implements javax.security.auth.callback.CallbackHandler. SecurityEnviromentHandler是一个实现javax.security.auth.callback.CallbackHandler的虚拟类。
Authentication must be in compliance with Oasis Web Services Security Username Token Profile 1.0. 身份验证必须符合Oasis Web Services安全性用户名令牌配置文件1.0。
But I'm constantly getting "Security header not valid" error. 但我经常收到“安全标头无效”错误。
Where am I going wrong, can anyone tell me. 我哪里错了,谁能告诉我。
I used wsimport(JAX_WS 2.1 to generate classes for my client) 我用wsimport(JAX_WS 2.1为我的客户端生成类)
Note:Only thing I know about this WS is WSDL URL and user&pass for authentication 注意:我只知道关于这个WS的事情是WSDL URL和用户&pass验证
1 个解决方案
解决方案1
4 已采纳 2011-01-17 11:21:59
SOLUTION 解
I solved the problem. 我解决了这个问题。 The thing that was going wrong is that client-config.xml file cause I didn't know how to set it properly. 出错的是client-config.xml文件导致我不知道如何正确设置它。 I ran into this example and used it: 我遇到了这个例子并使用它:
http://www.javadb.com/using-a-message-handler-to-alter-the-soap-header-in-a-web-service-client http://www.javadb.com/using-a-message-handler-to-alter-the-soap-header-in-a-web-service-client
Just copied those 2 classes on the link into my projects structure and called them, something like this: 只需将链接上的这两个类复制到我的项目结构中并调用它们,如下所示:
SendSmsService smsService = new SendSmsService();
HeaderHandlerResolver handlerResolver = new HeaderHandlerResolver();
smsService.setHandlerResolver(handlerResolver);
SendSms sendSMS = smsService.getSendSms();
Now it works perfectly! 现在它完美无缺!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.