Android ksoap中的安全標頭
[英]Security Header in Android ksoap
問題描述
我正在開發要在安全標頭中輸入Web服務的用戶名和密碼的android應用程序。 我只是按照stackoverflow的帖子之一,在android端發出標頭請求。 它工作正常,我可以發送帶有安全標頭的請求。 我在服務器端創建了示例代碼,它將檢查用戶和密碼。 在不使用安全頭的情況下,我的請求仍然有效。 我想知道如何使用安全標頭,就像沒有安全標頭一樣,我不應該發送請求。 我的服務和Android代碼如下:
public class MainActivity extends Activity {
private final String NAMESPACE = "http://test.android.com";
private final String URL = "http://192.168.1.107:8080/WebServiceProject/services/PrintTest?wsdl";//
private final String SOAP_ACTION = "http://test.android.com/login";
private final String METHOD_NAME = "login";//"CallWebServiceImpl";//
private static String cityNames ;
String userName;
String password;
EditText userText;
EditText passText;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
userText = (EditText) findViewById(R.id.editText1);
passText = (EditText) findViewById(R.id.password);
if (android.os.Build.VERSION.SDK_INT > 9) {
StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder().permitAll().build();
StrictMode.setThreadPolicy(policy);
}
if (getIntent().getBooleanExtra("EXIT", false)) {
finish();
}
Button signIn = (Button) findViewById(R.id.signInBtn);
signIn.setOnClickListener(new OnClickListener() {
public void onClick(View v) {
{
userName= userText.getText().toString();
password= passText.getText().toString();
getSignIn(userName,password);
}
}
});
}
public void getSignIn(String user, String Pass) {
//Create request
if(userName.length()==0&&password.length()==0){
Toast.makeText(getApplicationContext(),"Kindly fill the fields first", Toast.LENGTH_LONG).show();
}else{
SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
PropertyInfo celsiusPI = new PropertyInfo();
celsiusPI.setType(String.class);
request.addProperty("user",userName);
request.addProperty("pass",password);
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
// create header
Element[] header = new Element[1];
header[0] = new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security");
header[0].setAttribute(null, "mustUnderstand","1");
Element usernametoken = new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
usernametoken.setAttribute(null, "Id", "UsernameToken-1");
header[0].addChild(Node.ELEMENT,usernametoken);
Element username = new Element().createElement(null, "n0:Username");
username.addChild(Node.IGNORABLE_WHITESPACE,"CBROWN");
usernametoken.addChild(Node.ELEMENT,username);
Element pass = new Element().createElement(null,"n0:Password");
pass.setAttribute(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
pass.addChild(Node.TEXT, "welcome");
usernametoken.addChild(Node.ELEMENT, pass);
// add header to envelope
envelope.headerOut = header;
envelope.dotNet = false;
envelope.bodyOut = request;
envelope.setOutputSoapObject(request);
HttpTransportSE androidHttpTransport = new HttpTransportSE(URL);
androidHttpTransport.setXmlVersionTag("<?xml version=\"1.0\" encoding=\"utf-8\"?>");
try {
androidHttpTransport.call(SOAP_ACTION, envelope);
SoapPrimitive response = (SoapPrimitive) envelope.getResponse();
if(response.equals(null)){
Toast.makeText(getApplicationContext(),"Host Not Responding", Toast.LENGTH_LONG).show();
}else{
Toast.makeText(getApplicationContext(),response.toString(), Toast.LENGTH_LONG).show();
}
}
catch (Exception e) {
Toast.makeText(getApplicationContext(),"Invalid Pin Combination", Toast.LENGTH_LONG).show();
Toast.makeText(getApplicationContext(),e.getMessage(), Toast.LENGTH_LONG).show();
e.printStackTrace();
}
}
}
}
//對於Web服務
package com.android.test;
/* */
/* */ public class PrintTest
/* */ {
/* */ public String sayHello(String string)
/* */ {
/* 6 */ return "Hello " + string;
/* */ }
/* */
/* */ public String login(String userName, String userPassword)
/* */ {
/* */
/* */ if(userName.equals("abc") & userPassword.equals("def")){
return userName+" is a valid user";
}if(userName.equals("hij") & userPassword.equals("klm")){
return userName+" is a valid user";
}
else{
return userName+" is not a valid user";
}
/* */ }
}
1 個解決方案
解決方案1
0 2017-01-09 09:47:28
這對我來說可以在Android的kSOAP庫中提供安全請求標頭
這是SOAP Envelop請求標頭:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cif="http://www.mawarid.ae/linkedCardsSummary/CRM/CIF.xsd">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-14CBAE357AC169AFA614664925178422">
<wsse:Username>Mawarid</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">M@warid!23</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
這是JAVA Android代碼:
public static Element buildAuthHeader() {
Element headers[] = new Element[1];
headers[0]= new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
headers[0].setAttribute(null, "mustUnderstand", "1");
Element security=headers[0];
//user token
Element usernametoken = new Element().createElement(security.getNamespace(), "UsernameToken");
usernametoken.setAttribute("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id", "UsernameToken-14CBAE357AC169AFA614664925178422");
//username
Element username = new Element().createElement(security.getNamespace(), "Username");
username.addChild(Node.TEXT, HttpConstant.REQ_HEADER_USERNAME);
usernametoken.addChild(Node.ELEMENT,username);
// password
Element password = new Element().createElement(security.getNamespace(), "Password");
password.setAttribute(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
password.addChild(Node.TEXT, HttpConstant.REQ_HEADER_PASSWORD);
usernametoken.addChild(Node.ELEMENT,password);
headers[0].addChild(Node.ELEMENT, usernametoken);
return headers[0];
}
SoapSerializationEnvelope sSerialaEnvelop = new SoapSerializationEnvelope(SoapEnvelope.VER11);
sSerialaEnvelop.dotNet = true;
sSerialaEnvelop.headerOut = new Element[1];
sSerialaEnvelop.headerOut[0] = buildAuthHeader(); //// add security request header
sSerialaEnvelop.bodyOut = sObject;
sSerialaEnvelop.setOutputSoapObject(sObject);
使用Ksoap2從android中的webservice獲取Respose Header
[英]getting Respose Header from webservice in android using Ksoap2
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.