如果我发送当前结构的标题:
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soapenv:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-E9505BCB2A7771EF1F14710742072404">
<wsse:Username>Not_correct_username</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
通过processSecurityHeader方法执行的验证是正确的。但我想通过用户名验证用户。
现在我的CallbackHandler代码是:
public class PWCallback implements CallbackHandler {
private String user;
private String password;
private String alias;
private String privateKeyPassword;
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
if (!StringUtils.equals(user, pc.getIdentifier())) {
throw new IOException("unknown user: " + pc.getIdentifier());
}
pc.setPassword(password);
} else {
if (pc.getUsage() == WSPasswordCallback.SIGNATURE || pc.getUsage() == WSPasswordCallback.DECRYPT) {
if (StringUtils.equals(pc.getIdentifier(), alias)) {
pc.setPassword(privateKeyPassword);
} else throw new IOException("unknown user: " + pc.getIdentifier());
}
}
}
}
}
我必须添加或删除哪些内容?