Java Webservice Client UsernameToken等效于PHP
[英]Java Webservice Client UsernameToken equivalent to PHP
问题描述
我有一个PHP的Web服务构建,它使用UsernameToken作为身份验证机制。 我有PHP客户端代码可以访问此Web服务。 现在我需要用Java做到这一点。 也许你可以帮助我!
可以使用以下php代码访问此服务:
$password="super_secure_pass";
$timestamp=gmdate('Y-m-d\TH:i:s\Z');
$nonce=mt_rand();
$passdigest=base64_encode(pack('H*',sha1(pack('H*',$nonce).pack('a*',$timestamp).pack('a*',$password))));
$nonce=base64_encode(pack('H*',$nonce))
这些值被解析为此Soap头。
<wsse:Security SOAP-ENV:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>'.$username.'</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">'.$passdigest.'</wsse:Password>
<wsse:Nonce>'.$nonce.'</wsse:Nonce>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">'.$timestamp.'</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
使用此代码,我可以毫无问题地访问Web服务。 现在我需要用Java做到这一点。
我创建了必要的文件,实现了一个处理程序来添加一个带有UsernameToken的soap标头。 但是当我尝试访问WS时,我总是收到“Not Authorized”错误。 我认为在创建passdigest或nonce条目时我遗漏了一些东西。
以下是我如何计算它们:
Random generator = new Random();
String nonceString = String.valueOf(generator.nextInt(999999999));
String createTime=localToGmtTimestamp();//Returns a date with format (SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"))
String pass="super_secure_pass";
String tmp = AeSimpleSHA1.SHA1(nonce + createTime + pass);
encodedPass = Base64.encodeBytes(tmp.getBytes());
创建soap标头时将使用这些值:
SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope();
SOAPHeader header = envelope.addHeader();
SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
SOAPElement username = usernameToken.addChildElement("Username", "wsse");
username.addTextNode(user);
SOAPElement password = usernameToken.addChildElement("Password", "wsse");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
password.addTextNode(encodedPass);
SOAPElement nonce =
usernameToken.addChildElement("Nonce", "wsse");
nonce.addTextNode(Base64.encodeBytes(nonceString.getBytes()));
SOAPElement created = usernameToken.addChildElement("Created", "wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
created.addTextNode(creatTime);
这就是生成的soap标头的样子:
<S:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>myusername</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">ZDM4MjkwNzNlNTc3MjNmMTY4MjgyYWQ1ZjllN2JlZmJmNGY2NDE4MA==</wsse:Password>
<wsse:Nonce>NTU5NzA2Mjkw</wsse:Nonce>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2011-07-24T11:41:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</S:Header>
有人看到我做错了吗?
1 个解决方案
解决方案1
8 已采纳 2011-07-25 14:04:29
我找到了解决方案。 我的问题是我忘了将十六进制编码添加到NONCE值和连接的字符串。 这是我的解决方案,也许有些人需要这个。
创建传递的功能等:
private String calculatePasswordDigest(String nonce, String created, String password) {
String encoded = null;
try {
String pass = hexEncode(nonce) + created + password;
MessageDigest md = MessageDigest.getInstance( "SHA1" );
md.update( pass.getBytes() );
byte[] encodedPassword = md.digest();
encoded = Base64.encodeBytes(encodedPassword);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(HeaderHandler.class.getName()).log(Level.SEVERE, null, ex);
}
return encoded;
}
private String hexEncode(String in) {
StringBuilder sb = new StringBuilder("");
for (int i = 0; i < (in.length() - 2) + 1; i = i + 2) {
int c = Integer.parseInt(in.substring(i, i + 2), 16);
char chr = (char) c;
sb.append(chr);
}
return sb.toString();
}
用于构建soap消息的代码:
String timestamp = HeaderHandler.localToGmtTimestamp();
String pass = "password";
String user = "username";
String nonceString = getNonce();
String dig=calculatePasswordDigest(nonceString, timestamp, pass);
SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope();
SOAPHeader header = envelope.addHeader();
SOAPElement security =
header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
SOAPElement usernameToken =
security.addChildElement("UsernameToken", "wsse");
SOAPElement username =
usernameToken.addChildElement("Username", "wsse");
username.addTextNode(user);
SOAPElement password =
usernameToken.addChildElement("Password", "wsse");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
password.addTextNode(dig);
SOAPElement nonce =
usernameToken.addChildElement("Nonce", "wsse");
nonce.addTextNode(Base64.encodeBytes(hexEncode(nonceString).getBytes()));
SOAPElement created = usernameToken.addChildElement("Created", "wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
created.addTextNode(timestamp);
php webservice返回数组,但无法从Java客户端获取数组
[英]php webservice return array,but can't get the array from java client
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.