到目前为止,我正在尝试使用WS-Security创建一个Web服务,我已经配置了以下内容:
cxf.xml :
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<bean class="com.palominocia.capa_datos_nodo.servicios.NodoCentralImpl"
id="NodoCentralImpl" />
<jaxws:endpoint address="/NodoCentralImplWS" id="NodoCentralImplWS"
implementor="#NodoCentralImpl">
<jaxws:properties>
<entry key="schema-validation-enabled" value="true" />
</jaxws:properties>
</jaxws:endpoint>
<bean class="com.palominocia.capa_datos_nodo.servicios.HelloWorldImpl"
id="HelloWorldImpl" />
<jaxws:endpoint address="/HelloWorldImplWS" id="HelloWorldImplWS"
implementor="#HelloWorldImpl">
<jaxws:properties>
<entry key="schema-validation-enabled" value="true" />
</jaxws:properties>
<!-- ?? -->
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass" value="com.palominocia.capa_datos_nodo.servicios.ClientPasswordCallback" />
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
</beans>
控制用户和密码的CallBack类是:
这个想法是控制BD和执行授予或拒绝。
ClientPasswordCallback.java
package com.palominocia.capa_datos_nodo.servicios;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ClientPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
System.out.println("pc.getPassword() " + pc.getPassword());
System.out.println("pc.getIdentifier() " + pc.getIdentifier());
if ("joe".equals(pc.getIdentifier())) {
pc.setPassword("joespassword");
} // else {...} - can add more users, access DB, etc.
}
}
web.xml 文件配置如下:
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>capa_datos_nodo</display-name>
<description>Roo generated capa_datos_nodo application</description>
<!-- Enable escaping of form submission contents -->
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
</context-param>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>HttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Handles Spring requests -->
<servlet>
<servlet-name>capa_datos_nodo</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring/webmvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>capa_datos_nodo</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/uncaughtException</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/resourceNotFound</location>
</error-page>
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<init-param>
<param-name>config-location</param-name>
<param-value>WEB-INF/conf_cxf_context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/servicios/datos/*</url-pattern>
</servlet-mapping>
</web-app>
这个类对于web服务只有一个返回方法,仅用于测试
HelloWorldImpl.java
package com.palominocia.capa_datos_nodo.servicios;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.jws.WebService;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
import org.apache.cxf.interceptor.InInterceptors;
import org.apache.cxf.interceptor.OutInterceptors;
//Service Implementation Bean
@WebService(endpointInterface = "com.palominocia.capa_datos_nodo.servicios.HelloWorld")
@InInterceptors(interceptors = "org.apache.cxf.interceptor.LoggingInInterceptor")
@OutInterceptors(interceptors = "org.apache.cxf.interceptor.LoggingOutInterceptor")
public class HelloWorldImpl implements HelloWorld{
@Resource
WebServiceContext wsctx;
@Override
public String getHelloWorldAsString() {
MessageContext mctx = wsctx.getMessageContext();
System.out.println("header "+mctx);
//get detail from request headers
Map http_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);
List userList = (List) http_headers.get("Username");
List passList = (List) http_headers.get("Password");
String username = "";
String password = "";
if(userList!=null){
//get username
username = userList.get(0).toString();
}
if(passList!=null){
//get password
password = passList.get(0).toString();
}
System.out.println("userList "+userList);
System.out.println("passList "+passList);
//Should validate username and password with database
if (username.equals("mkyong") && password.equals("password")){
return "Hello World JAX-WS - Valid User!";
}else{
return "Unknown User!";
}
}
}
以前用于头部认证,但我证明了库ws-security。
如果我使用netbeans创建Web客户端并运行它,只会向我跳转以下错误:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An Error was discovered processing the <wsse: Security> header.
客户编写如下:
HelloWorldImplService serv = new HelloWorldImplService();
HelloWorld port = serv.getHelloWorldImplPort();
System.out.println(" *** " + port.getHelloWorldAsString());
我根据在线找到的资源构建了程序,然后正确运行ws-security并且我可能会丢失。
对不起英语,但我不擅长写作
答案 0 :(得分:0)
您需要提供的信息不仅仅是一条错误消息。打开DEBUG日志+它可能会告诉你问题是什么。如果没有,请在此处附上日志。
科尔姆。