我正在使用CXF和Spring开发一个基本的WebService示例。 这是我的课程:
public interface AuthService {
@WebMethod
Person getPerson(@WebParam(name="user_id") Long userId);
}
WS实现如下:
public class AuthServiceImpl implements AuthService{
public Person getPerson(Long gid) {
Person p = new Person();
p.setUserId(gid);
p.setEmail("test"+gid+"@test.de");
p.setName("test"+gid);
return p;
}
}
我的web.xml如下:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/cxf-beans.xml</param-value>
</context-param>
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>
org.apache.cxf.transport.servlet.CXFServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
我的cxf-beans.xml是:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/>
<bean id="logInBound" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOutBound" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
</beans>
这是我的cxf-servlet.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:soap="http://cxf.apache.org/bindings/soap"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<jaxws:server id="jaxwsService" serviceClass="com.iptech.cxfws.service.AuthService" address="/auth_user">
<jaxws:serviceBean>
<bean class="com.iptech.cxfws.service.impl.AuthServiceImpl" />
</jaxws:serviceBean>
<jaxws:inInterceptors>
<ref bean="interceptor"/>
</jaxws:inInterceptors>
</jaxws:server>
<bean id="interceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackRef">
<ref bean="passwordCallback" />
</entry>
</map>
</constructor-arg>
</bean>
<bean id="passwordCallback" class="com.iptech.cxfws.service.callback.ServerPasswordCallback"/>
</beans>
最后是我的ServerPasswordCallback类:
public class ServerPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
String username = pc.getIdentifier();
String password = //get it from a business class
pc.setPassword(password);
}
}
正如您所看到的,这是一个非常简单的示例,您可以在每个CXF基础教程中找到它。 现在,我有两个问题: 1)当我打电话时
http://localhost:8080/cxf-ws/auth_user/getPerson?user_id=11
来自互联网浏览器(Chrome)我收到回复,没有进行用户名/密码验证。但是,从Java客户端调用WS时,如果不在SOAP消息头中包含用户名/密码,则无法获得响应。这是正常的吗? 2)第二个问题与WS-Security无关。在将我的WS部署/发布到Tomcat时,一切都按预期工作(除了上面提到的安全问题)。但是,我有以下例外:
javax.xml.bind.UnmarshalException: unexpected element
(URI : "http://schemas.xmlsoap.org/ws/2005/04/discovery", local : "Probe").
Expected elements are <{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}AppSequence>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Bye>,
<{http://www.w3.org/2005/08/addressing}EndpointReference>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Hello>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}MetadataVersion>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Probe>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}ProbeMatches>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Resolve>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}ResolveMatches>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Scopes>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Security>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Sig>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}SupportedMatchingRules>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Types>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}XAddrs>
非常感谢任何帮助。
答案 0 :(得分:1)
升级到CXF 2.7.1或更改为使用WS-SecurityPolicy。