SOAP客户端基本身份验证:HTTP响应'401:未授权'

时间:2013-07-18 11:31:45

标签: java xml authentication soap

我正在尝试创建一个必须调用使用http基本身份验证的服务器的SOAP客户端。 我收到以下错误:

    org.apache.cxf.interceptor.Fault: Could not send Message.
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)
...
Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '401: Unauthorized' when communicating with http://localhost:8080/SpringMVCTest/services/ContractService?wsdl=ContractService.wsdl

我的app-config.xml是:

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"  
    xmlns:security="http://www.springframework.org/schema/security"  
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security  
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">  

    <security:http auto-config="true">  
        <security:intercept-url pattern="/services/*"/>  
        <security:http-basic/>  
    </security:http>  

    <security:authentication-manager>
       <security:authentication-provider>
           <security:user-service>
           <security:user name="wsuser1" password="pw123" authorities="wsuser" />
           </security:user-service>
       </security:authentication-provider>
    </security:authentication-manager>

    <bean id="client" class="hu.bz.ikti.insurance.service.insurer.ContractService"
        factory-bean="clientFactory" factory-method="create"/>

    <bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
        <property name="serviceClass" value="hu.bz.ikti.insurance.service.insurer.ContractService"/>
        <property name="address" value="http://localhost:8080/SpringMVCTest/services/ContractService?wsdl=ContractService.wsdl"/>
    </bean>

</beans>

http基本身份验证在服务器web.xml中配置:

   <security-constraint>  
    <web-resource-collection>  
      <url-pattern>/services/*</url-pattern>  
    </web-resource-collection>  
    <auth-constraint>  
      <role-name>wsuser</role-name>  
    </auth-constraint>  
  </security-constraint>  
  <login-config>  
    <auth-method>BASIC</auth-method>  
  </login-config>  
  <security-role>  
    <role-name>webservice</role-name>  
  </security-role>

在tomcat-users.xml中添加了用户:

<user username="wsuser1" password="pw123" roles="wsuser"/>

我可以在浏览器中打开wsdl,输入用户名/密码。 什么可能导致这个401:客户端中的未经授权的错误?

1 个答案:

答案 0 :(得分:5)

根据CXF文件:

https://cxf.apache.org/docs/jax-ws-configuration.html(请参阅配置Spring客户端(选项2))

设置用户名和密码的正确方法是使用username bean配置中的passwordclientFactory属性。

所以在你的clientFactory bean中添加这些:

<property name="username" value="yourUsername"/>
<property name="password" value="yourPassword"/>