消费SOAP WS返回错误401未授权

Question

我试图使用spring-ws来使用SOAP web服务。我能够从SOAP UI成功使用此Web服务。但是，我收到未经授权的例外：

org.springframework.ws.client.WebServiceTransportException: Unauthorized [401] 
    at org.springframework.ws.client.core.WebServiceTemplate.handleError(WebServiceTemplate.java:699) 

如何成功进行身份验证？

我的代码如下：

WebServiceTemplate配置：

@Bean 
    public WebServiceTemplate webServiceTemplate(Jaxb2Marshaller marshaller){ 
     WebServiceTemplate webServiceTemplate = new WebServiceTemplate(); 
     webServiceTemplate.setDefaultUri("http://ultron.illovo.net:9704/AdminService"); 
     webServiceTemplate.setMarshaller(marshaller); 
     webServiceTemplate.setUnmarshaller(marshaller); 

     Credentials credentials = new UsernamePasswordCredentials("biqa", "welcome1"); 

     HttpComponentsMessageSender messageSender = new HttpComponentsMessageSender(); 
     messageSender.setCredentials(credentials); 
     messageSender.setReadTimeout(5000); 
     messageSender.setConnectionTimeout(5000); 
     webServiceTemplate.setMessageSender(messageSender); 

     return webServiceTemplate; 
    } 

客户：

@Autowired 

WebServiceTemplate webServiceTemplate; 

public CallProcedureWithResultsResponse callProcedureWithResults(String procedureName){ 
    CallProcedureWithResults request = new CallProcedureWithResults(); 
    request.setProcedureName(procedureName); 
    log.info("Calling procedure " + procedureName); 

    CallProcedureWithResultsResponse response = (CallProcedureWithResultsResponse) webServiceTemplate.marshalSendAndReceive("http://ultron.illovo.net:9704/AdminService/AdminService", request); 

    return response; 
} 

JUnit测试

@Test 
    public void testWebService(){ 
     AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext(ObieeConfiguration.class); 
     ObieeClient client = context.getBean(ObieeClient.class); 
     CallProcedureWithResultsResponse response = client.callProcedureWithResults("GetOBISVersion()"); 
     client.printResponse(response); 
     context.close(); 
    } 

Answer 1

我设法通过做来解决这个问题如下：

创建HttpUrlConnectionMessageSender的一个子类，如下所示：

public class WebServiceMessageSenderWithAuth extends HttpUrlConnectionMessageSender { 

    String user; 
    String password; 

    public WebServiceMessageSenderWithAuth(String user, String password) { 
     this.user = user; 
     this.password = password; 
    } 

    @Override 
    protected void prepareConnection(HttpURLConnection connection) throws IOException { 
     BASE64Encoder enc = new BASE64Encoder(); 
     String userpassword = user+":"+password; 
     String encodedAuthorization = enc.encode(userpassword.getBytes()); 
     connection.setRequestProperty("Authorization", "Basic " + encodedAuthorization); 
     super.prepareConnection(connection); 
    } 

} 

我的客户是定义如下：

public class ObieeClient extends WebServiceGatewaySupport { 

    private static final Logger log = LoggerFactory.getLogger(ObieeClient.class); 

    public CallProcedureWithResultsResponse callProcedureWithResults(String procedureName, String webServiceURL){ 
     CallProcedureWithResults request = new CallProcedureWithResults(); 
     request.setProcedureName(procedureName); 
     log.info("Calling procedure " + procedureName); 

     CallProcedureWithResultsResponse response = (CallProcedureWithResultsResponse) ((JAXBElement) getWebServiceTemplate().marshalSendAndReceive(webServiceURL, request)).getValue(); 

     return response; 
    } 
} 

而且最后客户端被配置为通过设置消息发送者来使用凭证：

 Jaxb2Marshaller marshaller = new Jaxb2Marshaller();   marshaller.setContextPath("za.co.adaptit.smartdeployment.webservices.wsdl"); 

       //set up web service client 
       ObieeClient client = new ObieeClient(); 
       client.setDefaultUri(host); 
       client.setMarshaller(marshaller); 
       client.setUnmarshaller(marshaller); 
       client.setMessageSender(new WebServiceMessageSenderWithAuth("user", "password")); 

response = client.callProcedureWithResults("NQSModifyMetadata('" + obieeObjectsXML +"')", server.getHost()); 

希望这会有所帮助。

Answer 2

我遇到了同样的问题，并通过定义一个带有Credentials的MessageSender并设置到客户端来解决问题。我不必创建自定义MessageSender。

@Bean 
public WebServiceMessageSender messageSender(Credentials credentials) throws Exception{ 
    HttpComponentsMessageSender messageSender = new HttpComponentsMessageSender(); 
    messageSender.setCredentials(credentials); 
    return messageSender; 
} 

@Bean 
public Credentials credentials(){ 
    UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(USERNAME, PASSWORD); 
    return credentials; 

} 

Answer 3

使用HttpsUrlConnectionMessageSender进行安全的Https连接。这是spring-ws-support依赖的一部分。另外，您可以使用HttpsUrlConnectonMessageSender绕过各种证书问题，如证书通用名称不匹配。

不使用BASE64Encoder，它是sun.misc jar的类，它不是很安全。使用java util中的Base64和java中的java 1.8以及apache的Base64 for Java version 1.8以下的版本1.8

public class WebServiceMessageSenderWithAuth extends HttpsUrlConnectionMessageSender { 

String user; 
String password; 

public WebServiceMessageSenderWithAuth(String user, String password) { 
    this.user = user; 
    this.password = password; 
    } 

@Override 
protected void prepareConnection(HttpURLConnection connection) throws IOException { 

    String userpassword = user+":"+password; 
    String encodedAuthorization = Base64.encode(userpassword.getBytes()); 
    connection.setRequestProperty("Authorization", "Basic " + encodedAuthorization); 
    //set various properties by using reference of connection according to your requirement 
    } 
}