java 使用 UsernameToken(SOAP 安全标头)保护 WS 客户端
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4593674/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Secure WS client with UsernameToken(SOAP security header)
提问by trivunm
I'm trying to secure my WS client to be able to call the WS.
My code looks like this:
我试图保护我的 WS 客户端能够调用 WS。
我的代码如下所示:
SendSmsService smsService = new SendSmsService();
SendSms sendSMS = smsService.getSendSms();
BindingProvider stub = (BindingProvider)sendSMS;
//Override endpoint with local copy of wsdl.
String URL ="";//here is the wsdl url
Map<String,Object> requestContext = stub.getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, URL);
//Set usernametoken
URL fileURL = loader.getResource("client-config.xml");
File file = new File(fileURL.getFile());
FileInputStream clientConfig = null;
try {
clientConfig = new FileInputStream(file);
} catch (FileNotFoundException e) {
e.printStackTrace();
}
XWSSecurityConfiguration config = null;
try {
config = SecurityConfigurationFactory.newXWSSecurityConfiguration(clientConfig);
} catch (Exception e) {
e.printStackTrace();
log.warn("Exception: "+e.getMessage());
}
requestContext.put(XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config);
//Invoke the web service
String requestId = null;
try {
requestId = sendSMS.sendSms(addresses, senderName, charging, message, receiptRequest);
} catch (PolicyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ServiceException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
and the config file looks like this:
配置文件如下所示:
<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" optimize="true">
<xwss:Service>
<xwss:SecurityConfiguration dumpMessages="true"
xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:UsernameToken name="username" password="password>
</xwss:SecurityConfiguration>
</xwss:Service>
<xwss:SecurityEnvironmentHandler>
util.SecurityEnvironmentHandler
</xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>
The SecurityEnviromentHandler is a dummy class that implements javax.security.auth.callback.CallbackHandler.
SecurityEnviromentHandler 是一个实现 javax.security.auth.callback.CallbackHandler 的虚拟类。
Authentication must be in compliance with Oasis Web Services Security Username Token Profile 1.0.
But I'm constantly getting "Security header not valid" error.
Where am I going wrong, can anyone tell me.
I used wsimport(JAX_WS 2.1 to generate classes for my client)
Note:Only thing I know about this WS is WSDL URL and user&pass for authentication
身份验证必须符合 Oasis Web 服务安全用户名令牌配置文件 1.0。
但我不断收到“安全标头无效”错误。
我哪里错了,谁能告诉我。
我使用 wsimport(JAX_WS 2.1 为我的客户端生成类)
注意:我只知道这个 WS 是 WSDL URL 和 user&pass 用于身份验证
回答by trivunm
SOLUTION
I solved the problem. The thing that was going wrong is that client-config.xml file cause I didn't know how to set it properly. I ran into this example and used it:
http://www.javadb.com/using-a-message-handler-to-alter-the-soap-header-in-a-web-service-client
Just copied those 2 classes on the link into my projects structure and called them, something like this:
解决方案
我解决了这个问题。出错的是 client-config.xml 文件,因为我不知道如何正确设置它。我遇到了这个例子并使用了它:
http://www.javadb.com/using-a-message-handler-to-alter-the-soap-header-in-a-web-service-client
刚刚复制了那些 2链接上的类到我的项目结构中并调用它们,如下所示:
SendSmsService smsService = new SendSmsService();
HeaderHandlerResolver handlerResolver = new HeaderHandlerResolver();
smsService.setHandlerResolver(handlerResolver);
SendSms sendSMS = smsService.getSendSms();
Now it works perfectly!
现在它完美运行!
