[英]Security Header in Android ksoap
我正在开发要在安全标头中输入Web服务的用户名和密码的android应用程序。 我只是按照stackoverflow的帖子之一,在android端发出标头请求。 它工作正常,我可以发送带有安全标头的请求。 我在服务器端创建了示例代码,它将检查用户和密码。 在不使用安全头的情况下,我的请求仍然有效。 我想知道如何使用安全标头,就像没有安全标头一样,我不应该发送请求。 我的服务和Android代码如下:
public class MainActivity extends Activity {
private final String NAMESPACE = "http://test.android.com";
private final String URL = "http://192.168.1.107:8080/WebServiceProject/services/PrintTest?wsdl";//
private final String SOAP_ACTION = "http://test.android.com/login";
private final String METHOD_NAME = "login";//"CallWebServiceImpl";//
private static String cityNames ;
String userName;
String password;
EditText userText;
EditText passText;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
userText = (EditText) findViewById(R.id.editText1);
passText = (EditText) findViewById(R.id.password);
if (android.os.Build.VERSION.SDK_INT > 9) {
StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder().permitAll().build();
StrictMode.setThreadPolicy(policy);
}
if (getIntent().getBooleanExtra("EXIT", false)) {
finish();
}
Button signIn = (Button) findViewById(R.id.signInBtn);
signIn.setOnClickListener(new OnClickListener() {
public void onClick(View v) {
{
userName= userText.getText().toString();
password= passText.getText().toString();
getSignIn(userName,password);
}
}
});
}
public void getSignIn(String user, String Pass) {
//Create request
if(userName.length()==0&&password.length()==0){
Toast.makeText(getApplicationContext(),"Kindly fill the fields first", Toast.LENGTH_LONG).show();
}else{
SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
PropertyInfo celsiusPI = new PropertyInfo();
celsiusPI.setType(String.class);
request.addProperty("user",userName);
request.addProperty("pass",password);
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
// create header
Element[] header = new Element[1];
header[0] = new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security");
header[0].setAttribute(null, "mustUnderstand","1");
Element usernametoken = new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
usernametoken.setAttribute(null, "Id", "UsernameToken-1");
header[0].addChild(Node.ELEMENT,usernametoken);
Element username = new Element().createElement(null, "n0:Username");
username.addChild(Node.IGNORABLE_WHITESPACE,"CBROWN");
usernametoken.addChild(Node.ELEMENT,username);
Element pass = new Element().createElement(null,"n0:Password");
pass.setAttribute(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
pass.addChild(Node.TEXT, "welcome");
usernametoken.addChild(Node.ELEMENT, pass);
// add header to envelope
envelope.headerOut = header;
envelope.dotNet = false;
envelope.bodyOut = request;
envelope.setOutputSoapObject(request);
HttpTransportSE androidHttpTransport = new HttpTransportSE(URL);
androidHttpTransport.setXmlVersionTag("<?xml version=\"1.0\" encoding=\"utf-8\"?>");
try {
androidHttpTransport.call(SOAP_ACTION, envelope);
SoapPrimitive response = (SoapPrimitive) envelope.getResponse();
if(response.equals(null)){
Toast.makeText(getApplicationContext(),"Host Not Responding", Toast.LENGTH_LONG).show();
}else{
Toast.makeText(getApplicationContext(),response.toString(), Toast.LENGTH_LONG).show();
}
}
catch (Exception e) {
Toast.makeText(getApplicationContext(),"Invalid Pin Combination", Toast.LENGTH_LONG).show();
Toast.makeText(getApplicationContext(),e.getMessage(), Toast.LENGTH_LONG).show();
e.printStackTrace();
}
}
}
}
//对于Web服务
package com.android.test;
/* */
/* */ public class PrintTest
/* */ {
/* */ public String sayHello(String string)
/* */ {
/* 6 */ return "Hello " + string;
/* */ }
/* */
/* */ public String login(String userName, String userPassword)
/* */ {
/* */
/* */ if(userName.equals("abc") & userPassword.equals("def")){
return userName+" is a valid user";
}if(userName.equals("hij") & userPassword.equals("klm")){
return userName+" is a valid user";
}
else{
return userName+" is not a valid user";
}
/* */ }
}
这对我来说可以在Android的kSOAP库中提供安全请求标头
这是SOAP Envelop请求标头:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cif="http://www.mawarid.ae/linkedCardsSummary/CRM/CIF.xsd">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-14CBAE357AC169AFA614664925178422">
<wsse:Username>Mawarid</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">M@warid!23</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
这是JAVA Android代码:
public static Element buildAuthHeader() {
Element headers[] = new Element[1];
headers[0]= new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
headers[0].setAttribute(null, "mustUnderstand", "1");
Element security=headers[0];
//user token
Element usernametoken = new Element().createElement(security.getNamespace(), "UsernameToken");
usernametoken.setAttribute("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id", "UsernameToken-14CBAE357AC169AFA614664925178422");
//username
Element username = new Element().createElement(security.getNamespace(), "Username");
username.addChild(Node.TEXT, HttpConstant.REQ_HEADER_USERNAME);
usernametoken.addChild(Node.ELEMENT,username);
// password
Element password = new Element().createElement(security.getNamespace(), "Password");
password.setAttribute(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
password.addChild(Node.TEXT, HttpConstant.REQ_HEADER_PASSWORD);
usernametoken.addChild(Node.ELEMENT,password);
headers[0].addChild(Node.ELEMENT, usernametoken);
return headers[0];
}
SoapSerializationEnvelope sSerialaEnvelop = new SoapSerializationEnvelope(SoapEnvelope.VER11);
sSerialaEnvelop.dotNet = true;
sSerialaEnvelop.headerOut = new Element[1];
sSerialaEnvelop.headerOut[0] = buildAuthHeader(); //// add security request header
sSerialaEnvelop.bodyOut = sObject;
sSerialaEnvelop.setOutputSoapObject(sObject);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.