当我尝试SOAP请求时,为什么WSPasswordCallback.getPassword为null

时间:2013-05-09 09:05:21

标签: axis2 rampart

我已经使用Rampart安全性制作了Axis2 Web服务,但我一直在此行接收NullPointerException

if((pwcb.getIdentifier().equals("bob")) && pwcb.getPassword().equals("bobPW")) )

所以我添加了这段代码:

if ( pwcb.getPassword()==null) {  
    throw new Exception ("passsssssssss is null:"+pwcb.getPassword());
}

抛出异常;所以我知道问题是pwcb.getPassword为空,但不明白为什么。

这是我发送的SOAP请求:

<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:nilo="http://nilo">
    <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
            <wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="123">
                <wsse:Username>bob</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobPW</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body>
        <nilo:getdataForChecking>
            <nilo:data>tranXml</nilo:data>
        </nilo:getdataForChecking>
    </soapenv:Body>
</soapenv:Envelope>

以下是我正在使用的handle方法:

public void handle(Callback[] callbacks)   throws IOException,  UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        //When the server side need to authenticate the user
        WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];

        if ( pwcb.getPassword()==null) {
            try {
                throw new Exception ("passsssssssss null:"+pwcb.getPassword());
            } catch (Exception e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }
        else {
            try {
                throw new Exception ("pass nooot null:"+pwcb.getPassword());
            } catch (Exception e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }

        if(pwcb.getIdentifier().equals("bob") && pwcb.getPassword().equals("bobPW")) {
            return;
        } 

        //When the client requests for the password to be added in to the 
        //UT element

    }
}

2 个答案:

答案 0 :(得分:0)

WSPasswordCallback是否包含密码取决于其用法字段。例如,对于USERNAME_TOKEN_UNKNOWN的使用,设置了密码,并且如果回调处理程序与用户名不匹配,则应该抛出异常。另一方面,对于SIGNATURE,密码字段为空,回调需要设置它,以便可以从密钥库中检索密钥。

您应该验证调用回调的方式并做出适当的反应。例如:

// Rampart expects us to do authentication in this case
if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
  String password = passwordFor(pwcb.getIdentifier());
  if (pwcb.getPassword().equals(password))
    return;
  throw new UnsupportedCallbackException(callback,
      "password check failed for user " + pwcb.getIdentifier());
}
if (pwcb.getUsage() == WSPasswordCallback.SIGNATURE) {
  pwcb.setPassword(passwordFor(pwcb.getIdentifier()));

答案 1 :(得分:0)

处理程序需要知道发起呼叫的用户的密码。您不必自己进行比较。

修改此行:     if((pwcb.getIdentifier().equals("bob")) && pwcb.getPassword().equals("bobPW")) )

到:

if (pwcb.getIdentifier().equals("bob")) { pwcb.setPassword("bobPW"); }

相关问题
最新问题