1. 首页
  2. 问答
  3. 为什么WSPasswordCallback.getPassword空当我尝试我的SOAP请求

为什么WSPasswordCallback.getPassword空当我尝试我的SOAP请求

2013-05-09 50 views
1

我曾与古城墙的安全做出了Axis2 Web服务,但我在这行不断接收NullPointerException为什么WSPasswordCallback.getPassword空当我尝试我的SOAP请求

if((pwcb.getIdentifier().equals("bob")) && pwcb.getPassword().equals("bobPW")))

所以我添加此代码:

if (pwcb.getPassword()==null) { 
    throw new Exception ("passsssssssss is null:"+pwcb.getPassword()); 
}

哪个引发异常;所以我知道问题是pwcb.getPassword为空,但不明白为什么。

这是SOAP请求我送:

<?xml version="1.0" encoding="utf-8"?> 
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:nilo="http://nilo"> 
    <soapenv:Header> 
     <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> 
      <wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="123"> 
       <wsse:Username>bob</wsse:Username> 
       <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobPW</wsse:Password> 
      </wsse:UsernameToken> 
     </wsse:Security> 
    </soapenv:Header> 
    <soapenv:Body> 
     <nilo:getdataForChecking> 
      <nilo:data>tranXml</nilo:data> 
     </nilo:getdataForChecking> 
    </soapenv:Body> 
</soapenv:Envelope>

这里是handle方法,我使用:

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { 
    for (int i = 0; i < callbacks.length; i++) { 
     //When the server side need to authenticate the user 
     WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; 

     if (pwcb.getPassword()==null) { 
      try { 
       throw new Exception ("passsssssssss null:"+pwcb.getPassword()); 
      } catch (Exception e) { 
       // TODO Auto-generated catch block 
       e.printStackTrace(); 
      } 
     } 
     else { 
      try { 
       throw new Exception ("pass nooot null:"+pwcb.getPassword()); 
      } catch (Exception e) { 
       // TODO Auto-generated catch block 
       e.printStackTrace(); 
      } 
     } 

     if(pwcb.getIdentifier().equals("bob") && pwcb.getPassword().equals("bobPW")) { 
      return; 
     } 

     //When the client requests for the password to be added in to the 
     //UT element 

    } 
}

来源

2013-05-09 Milka Salkova

回答

0

无论WSPasswordCallback包含密码取决于其使用场。例如,对于用法USERNAME_TOKEN_UNKNOWN,密码被设置,并且回调处理程序应该抛出一个异常,如果它不匹配用户名。另一方面,对于SIGNATURE,密码字段为空,并且回调需要对其进行设置,以便可以从密钥库中检索密钥。

您应该验证在什么情况下调用回调并作出适当的反应。例如:

// Rampart expects us to do authentication in this case 
if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { 
    String password = passwordFor(pwcb.getIdentifier()); 
    if (pwcb.getPassword().equals(password)) 
    return; 
    throw new UnsupportedCallbackException(callback, 
     "password check failed for user " + pwcb.getIdentifier()); 
} 
if (pwcb.getUsage() == WSPasswordCallback.SIGNATURE) { 
    pwcb.setPassword(passwordFor(pwcb.getIdentifier()));

来源

2013-06-15 09:34:45

0

处理程序需要知道发起呼叫的用户的密码。你不必亲自做比较。

修改此行从: if((pwcb.getIdentifier().equals("bob")) && pwcb.getPassword().equals("bobPW")))

到:

if (pwcb.getIdentifier().equals("bob")) { pwcb.setPassword("bobPW"); }

来源

2014-11-06 13:43:21 zyked

+0

所以...的CXF开发者假设我们正在某处储存干净的文字密码....我错过了什么? – 2018-02-09 10:31:56

相关问题

 相关问题