Java JAX-WS 和 BASIC 身份验证,当用户名和密码在数据库中时
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1613212/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
JAX-WS and BASIC authentication, when user names and passwords are in a database
提问by ahoge
I'm new to JAX-WS and there's a thing which I don't understand.
我是 JAX-WS 的新手,有一点我不明白。
There's a ton of tutorials available on how to set up JAX-WS security, but in pretty much all cases BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY are stored in some .xml file(depending on the container I believe) - they are "hardcoded" that is. And that's what I don't get. How can I authenticate a web service client by comparing BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY with a user name and password that's in a database? I tried setting BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY on the client side like this:
有大量关于如何设置 JAX-WS 安全性的教程,但在几乎所有情况下,BindingProvider.USERNAME_PROPERTY 和 BindingProvider.PASSWORD_PROPERTY 都存储在一些 .xml 文件中(取决于我相信的容器)——它们是“硬编码的”那是。这就是我不明白的。如何通过将 BindingProvider.USERNAME_PROPERTY 和 BindingProvider.PASSWORD_PROPERTY 与数据库中的用户名和密码进行比较来验证 Web 服务客户端?我尝试在客户端设置 BindingProvider.USERNAME_PROPERTY 和 BindingProvider.PASSWORD_PROPERTY,如下所示:
ShopingCartService scs = new ShopingCartService(wsdlURL, name);
ShopingCart sc = scs.getShopingCartPort();
Map<String, Object> requestContext = ((BindingProvider)sc).getRequestContext();
requestContext.put(BindingProvider.USERNAME_PROPERTY, userName);
requestContext.put(BindingProvider.PASSWORD_PROPERTY, password);
sc.someFunctionCall();
And then, on the server side retrieving like this:
然后,在服务器端像这样检索:
@Resource
WebServiceContext wsContext;
@WebMethod
public void someFunctionCall() {
MessageContext mc = wsContext.getMessageContext();
mc.get(BindingProvider.USERNAME_PROPERTY);
mc.get(BindingProvider.PASSWORD_PROPERTY);
}
But I always get null, I didn't set up anything in xml, web service works just fine, except I can't get those variables :(
但我总是得到空值,我没有在 xml 中设置任何东西,Web 服务工作得很好,除了我无法获取这些变量:(
I'm running both on java 1.6, tomcat 6 and JAX-WS.
我同时在 java 1.6、tomcat 6 和JAX-WS 上运行。
Any help with authenticating users with passwords from a database is greatly appreciated, Thanks.
非常感谢使用数据库中的密码对用户进行身份验证的任何帮助,谢谢。
回答by snowflake
BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY are matching HTTP Basic Authentication mechanism that enable authentication process at the HTTP level and not at the application nor servlet level.
BindingProvider.USERNAME_PROPERTY 和 BindingProvider.PASSWORD_PROPERTY 匹配 HTTP 基本身份验证机制,可在 HTTP 级别而不是在应用程序或 servlet 级别启用身份验证过程。
Basically, only the HTTP server will know the username and the password (and eventually application according to HTTP/application server specification, such with Apache/PHP). With Tomcat/Java, add a login config BASIC in your web.xml and appropriate security-constraint/security-roles (roles that will be later associated to users/groups of real users).
基本上,只有 HTTP 服务器知道用户名和密码(最终应用程序根据 HTTP/应用程序服务器规范,例如 Apache/PHP)。使用 Tomcat/Java,在 web.xml 和适当的 security-constraint/security-roles(稍后将与用户/真实用户组关联的角色)中添加登录配置 BASIC。
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>YourRealm</realm-name>
</login-config>
Then, connect the realm at the HTTP server (or application server) level with the appropriate user repository. For tomcat you may look at JAASRealm, JDBCRealm or DataSourceRealm that may suit your needs.
然后,将 HTTP 服务器(或应用程序服务器)级别的领域与适当的用户存储库连接。对于 tomcat,您可以查看可能适合您需求的 JAASRealm、JDBCRealm 或 DataSourceRealm。
回答by mkyong
I think you are looking for JAX-WS authentication in application level, not HTTP basic in server level. See following complete example :
我认为您正在寻找应用程序级别的 JAX-WS 身份验证,而不是服务器级别的基本 HTTP。请参阅以下完整示例:
Application Authentication with JAX-WS
On the web service client site, just put your “username” and “password” into request header.
在 Web 服务客户端站点上,只需将您的“用户名”和“密码”放入请求标头中。
Map<String, Object> req_ctx = ((BindingProvider)port).getRequestContext();
req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, WS_URL);
Map<String, List<String>> headers = new HashMap<String, List<String>>();
headers.put("Username", Collections.singletonList("someUser"));
headers.put("Password", Collections.singletonList("somePass"));
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, headers);
On the web service server site, get the request header parameters via WebServiceContext.
在 Web 服务服务器站点上,通过 WebServiceContext 获取请求头参数。
@Resource
WebServiceContext wsctx;
@WebMethod
public String method() {
MessageContext mctx = wsctx.getMessageContext();
Map http_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);
List userList = (List) http_headers.get("Username");
List passList = (List) http_headers.get("Password");
//...
回答by Muath Badawi
I had the same problem, and found the solution here :
我遇到了同样的问题,并在这里找到了解决方案:
http://www.mastertheboss.com/web-interfaces/336-jax-ws-basic-authentication.html?start=1
http://www.mastertheboss.com/web-interfaces/336-jax-ws-basic-authentication.html?start=1
good luck
祝你好运
回答by Philipp
For an example using both, authentication on application level and HTTP Basic Authentication see one of my previous posts.
有关同时使用应用程序级别的身份验证和 HTTP 基本身份验证的示例,请参阅我之前的一篇文章。
回答by Vielinko
I was face-off a similar situation, I need to provide to my WS: Username, Password and WSS Password Type.
我正面临类似的情况,我需要向我的 WS 提供:用户名、密码和 WSS 密码类型。
I was initially using the "Http Basic Auth" (as @ahoge), I tried to use the @Philipp-Dev 's ref. too. I didn't get a success solution.
我最初使用“Http Basic Auth”(作为@ahoge),我尝试使用@Philipp-Dev 的参考。也。我没有得到成功的解决方案。
After a little deep search at google, I found this post:
在谷歌深入搜索后,我找到了这篇文章:
https://stackoverflow.com/a/3117841/1223901
https://stackoverflow.com/a/3117841/1223901
And there was my problem solution
还有我的问题解决方案
I hope this can help to anyone else, like helps to me.
我希望这可以对其他人有所帮助,就像对我有所帮助一样。
Rgds, iVieL
Rgds, iVieL
回答by MWayush
In your client SOAP handler you need to set javax.xml.ws.security.auth.username and javax.xml.ws.security.auth.password property as follow:
在您的客户端 SOAP 处理程序中,您需要如下设置 javax.xml.ws.security.auth.username 和 javax.xml.ws.security.auth.password 属性:
public class ClientHandler implements SOAPHandler<SOAPMessageContext>{
public boolean handleMessage(final SOAPMessageContext soapMessageContext)
{
final Boolean outInd = (Boolean)soapMessageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (outInd.booleanValue())
{
try
{
soapMessageContext.put("javax.xml.ws.security.auth.username", <ClientUserName>);
soapMessageContext.put("javax.xml.ws.security.auth.password", <ClientPassword>);
}
catch (Exception e)
{
e.printStackTrace();
return false;
}
}
return true;
}
}
