我正在开发android应用程序,我想在安全头中创建Webservices的用户和密码。我只是关注stackoverflow中的一个帖子并在android端发出一个头请求。它运行正常,我能够发送带有安全标头的reuqest。我在服务器端创建了示例代码,用于检查用户和密码。没有使用secuirty头我的请求仍然有效。我想知道如何使用安全标头,如没有安全标头我不应该发送请求。我的服务和android的代码如下:
public class MainActivity extends Activity {
private final String NAMESPACE = "http://test.android.com";
private final String URL = "http://192.168.1.107:8080/WebServiceProject/services/PrintTest?wsdl";//
private final String SOAP_ACTION = "http://test.android.com/login";
private final String METHOD_NAME = "login";//"CallWebServiceImpl";//
private static String cityNames ;
String userName;
String password;
EditText userText;
EditText passText;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
userText = (EditText) findViewById(R.id.editText1);
passText = (EditText) findViewById(R.id.password);
if (android.os.Build.VERSION.SDK_INT > 9) {
StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder().permitAll().build();
StrictMode.setThreadPolicy(policy);
}
if (getIntent().getBooleanExtra("EXIT", false)) {
finish();
}
Button signIn = (Button) findViewById(R.id.signInBtn);
signIn.setOnClickListener(new OnClickListener() {
public void onClick(View v) {
{
userName= userText.getText().toString();
password= passText.getText().toString();
getSignIn(userName,password);
}
}
});
}
public void getSignIn(String user, String Pass) {
//Create request
if(userName.length()==0&&password.length()==0){
Toast.makeText(getApplicationContext(),"Kindly fill the fields first", Toast.LENGTH_LONG).show();
}else{
SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
PropertyInfo celsiusPI = new PropertyInfo();
celsiusPI.setType(String.class);
request.addProperty("user",userName);
request.addProperty("pass",password);
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
// create header
Element[] header = new Element[1];
header[0] = new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security");
header[0].setAttribute(null, "mustUnderstand","1");
Element usernametoken = new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
usernametoken.setAttribute(null, "Id", "UsernameToken-1");
header[0].addChild(Node.ELEMENT,usernametoken);
Element username = new Element().createElement(null, "n0:Username");
username.addChild(Node.IGNORABLE_WHITESPACE,"CBROWN");
usernametoken.addChild(Node.ELEMENT,username);
Element pass = new Element().createElement(null,"n0:Password");
pass.setAttribute(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
pass.addChild(Node.TEXT, "welcome");
usernametoken.addChild(Node.ELEMENT, pass);
// add header to envelope
envelope.headerOut = header;
envelope.dotNet = false;
envelope.bodyOut = request;
envelope.setOutputSoapObject(request);
HttpTransportSE androidHttpTransport = new HttpTransportSE(URL);
androidHttpTransport.setXmlVersionTag("<?xml version=\"1.0\" encoding=\"utf-8\"?>");
try {
androidHttpTransport.call(SOAP_ACTION, envelope);
SoapPrimitive response = (SoapPrimitive) envelope.getResponse();
if(response.equals(null)){
Toast.makeText(getApplicationContext(),"Host Not Responding", Toast.LENGTH_LONG).show();
}else{
Toast.makeText(getApplicationContext(),response.toString(), Toast.LENGTH_LONG).show();
}
}
catch (Exception e) {
Toast.makeText(getApplicationContext(),"Invalid Pin Combination", Toast.LENGTH_LONG).show();
Toast.makeText(getApplicationContext(),e.getMessage(), Toast.LENGTH_LONG).show();
e.printStackTrace();
}
}
}
}
//对于Web服务
package com.android.test;
/* */
/* */ public class PrintTest
/* */ {
/* */ public String sayHello(String string)
/* */ {
/* 6 */ return "Hello " + string;
/* */ }
/* */
/* */ public String login(String userName, String userPassword)
/* */ {
/* */
/* */ if(userName.equals("abc") & userPassword.equals("def")){
return userName+" is a valid user";
}if(userName.equals("hij") & userPassword.equals("klm")){
return userName+" is a valid user";
}
else{
return userName+" is not a valid user";
}
/* */ }
}
答案 0 :(得分:0)
这对我来说是在Android中的kSOAP库中提供安全请求标头
这是SOAP Envelop Request Header:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cif="http://www.mawarid.ae/linkedCardsSummary/CRM/CIF.xsd">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-14CBAE357AC169AFA614664925178422">
<wsse:Username>Mawarid</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">M@warid!23</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
这是JAVA Android代码:
public static Element buildAuthHeader() {
Element headers[] = new Element[1];
headers[0]= new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
headers[0].setAttribute(null, "mustUnderstand", "1");
Element security=headers[0];
//user token
Element usernametoken = new Element().createElement(security.getNamespace(), "UsernameToken");
usernametoken.setAttribute("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id", "UsernameToken-14CBAE357AC169AFA614664925178422");
//username
Element username = new Element().createElement(security.getNamespace(), "Username");
username.addChild(Node.TEXT, HttpConstant.REQ_HEADER_USERNAME);
usernametoken.addChild(Node.ELEMENT,username);
// password
Element password = new Element().createElement(security.getNamespace(), "Password");
password.setAttribute(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
password.addChild(Node.TEXT, HttpConstant.REQ_HEADER_PASSWORD);
usernametoken.addChild(Node.ELEMENT,password);
headers[0].addChild(Node.ELEMENT, usernametoken);
return headers[0];
}
SoapSerializationEnvelope sSerialaEnvelop = new SoapSerializationEnvelope(SoapEnvelope.VER11);
sSerialaEnvelop.dotNet = true;
sSerialaEnvelop.headerOut = new Element[1];
sSerialaEnvelop.headerOut[0] = buildAuthHeader(); //// add security request header
sSerialaEnvelop.bodyOut = sObject;
sSerialaEnvelop.setOutputSoapObject(sObject);