2
我有一个web服务,我想从soap头认证用户。也就是说,我想检查肥皂标题中的标记ID(随机数),并根据数据库中的值验证它,如果数字匹配,我允许请求通过,否则我不想允许执行我的Web方法。Web服务soap头认证
是否有任何干净的方式使用SOAP标题做到这一点?
感谢,
Mrinal Jaiswal
A
回答
2
你有没有看着WS-Security?你尚未使用别的东西。假设,你可以随身携带在用户名元素的令牌等
<?xml version="1.0"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
<wsse:Username>yourusername</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yourpassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<yourbodygoeshere>
</soapenv:Body>
</soapenv:Envelope>
1
我使用JDK的API创建的Web服务,并通过SOAP头做一个简单的身份验证。 这个简单的项目提供两种服务:在SOAP主体服务器
- 登录 从服务器
- GET消息
客户端的帖子的用户名和密码,如果用户登录成功后,服务器会返回一个令牌在肥皂头上。 客户端通过在soap标头中包含此标记来调用getMessage服务,服务器检查标记,如果它是已登录的用户,则返回成功消息,否则返回失败的消息。
以下是代码:
package com.aug.ws;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import javax.jws.WebParam.Mode;
import javax.jws.soap.SOAPBinding;
import javax.jws.soap.SOAPBinding.Style;
import javax.xml.ws.Holder;
//Service Endpoint Interface
@WebService
@SOAPBinding(style = Style.RPC)
public interface HelloWorld {
@WebMethod
void login(String userName, String password, @WebParam(header = true, mode = Mode.OUT, name = "token") Holder<String> token);
String getMessage(String message);
}
package com.aug.ws;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Resource;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebParam.Mode;
import javax.jws.WebService;
import javax.xml.namespace.QName;
import javax.xml.ws.Holder;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
import com.sun.xml.internal.ws.api.message.Header;
import com.sun.xml.internal.ws.api.message.HeaderList;
import com.sun.xml.internal.ws.developer.JAXWSProperties;
@WebService(endpointInterface = "com.aug.ws.HelloWorld")
public class HelloWorldImpl implements HelloWorld {
private Map<String, String> authorizedUsers = new HashMap<String, String>();
@Resource
WebServiceContext wsctx;
@Override
@WebMethod
public void login(String userName, String password, @WebParam(header = true, mode = Mode.OUT, name = "token") Holder<String> token) {
if (("user1".equals(userName) && "pwd1".equals(password)) || ("user2".equals(userName) && "pwd2".equals(password))) {
String tokenValue = "authorizeduser1234" + userName;
token.value = tokenValue;
authorizedUsers.put(tokenValue, userName);
System.out.println("---------------- token: " + tokenValue);
}
}
@Override
@WebMethod
public String getMessage(String message) {
if (isLoggedInUser()) {
return "JAX-WS message: " + message;
}
return "Invalid access!";
}
/**
* Check token from SOAP Header
* @return
*/
private boolean isLoggedInUser() {
System.out.println("wsctx: " + wsctx);
MessageContext mctx = wsctx.getMessageContext();
HeaderList headerList = (HeaderList) mctx.get(JAXWSProperties.INBOUND_HEADER_LIST_PROPERTY);
String nameSpace = "http://ws.aug.com/";
QName token = new QName(nameSpace, "token");
try {
Header tokenHeader = headerList.get(token, true);
if (tokenHeader != null) {
String user = authorizedUsers.get(tokenHeader.getStringContent());
if (user != null) {
System.out.println(user + " has logged in.");
return true;
}
}
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
}
package com.aug.endpoint;
import javax.xml.ws.Endpoint;
import com.aug.ws.HelloWorldImpl;
public class HelloWorldPublisher {
/**
* @param args
*/
public static void main(String[] args) {
Endpoint.publish("http://localhost:9000/ws/hello", new HelloWorldImpl());
System.out.println("\nWeb service published @ http://localhost:9000/ws/hello");
System.out.println("You may call the web service now");
}
}
package com.aug.client;
import java.net.MalformedURLException;
import java.net.URL;
import javax.xml.namespace.QName;
import javax.xml.ws.Service;
import com.aug.ws.HelloWorld;
import com.sun.xml.internal.ws.api.message.HeaderList;
import com.sun.xml.internal.ws.api.message.Headers;
import com.sun.xml.internal.ws.developer.JAXWSProperties;
import com.sun.xml.internal.ws.developer.WSBindingProvider;
public class HelloWorldClient {
private static final String WS_URL = "http://localhost:9000/ws/hello?wsdl";
private static final String NAME_SPACE = "http://ws.aug.com/";
public static String login() throws Exception {
URL url = new URL(WS_URL);
QName qname = new QName(NAME_SPACE, "HelloWorldImplService");
Service service = Service.create(url, qname);
HelloWorld hello = service.getPort(HelloWorld.class);
hello.login("user1", "pwd1", null);
WSBindingProvider bp = (WSBindingProvider) hello;
HeaderList headerList = (HeaderList) bp.getResponseContext().get(JAXWSProperties.INBOUND_HEADER_LIST_PROPERTY);
bp.close();
return headerList.get(new QName(NAME_SPACE, "token"), true).getStringContent();
}
public static void getMessage() throws Exception {
String token = login();
System.out.println("token: " + token);
URL url = new URL(WS_URL);
QName qname = new QName(NAME_SPACE, "HelloWorldImplService");
Service service = Service.create(url, qname);
HelloWorld hello = service.getPort(HelloWorld.class);
WSBindingProvider bp = (WSBindingProvider) hello;
bp.setOutboundHeaders(
Headers.create(new QName(NAME_SPACE, "token"), token)
);
System.out.println(hello.getMessage("hello world"));
bp.close();
}
public static void main(String[] args) throws Exception {
getMessage();
}
}
相关问题
- 1. 带有安全头的SOAP web服务
- 2. SOAP-WS安全头认证
- 3. Web服务授权认证
- 4. redmine - web服务认证
- 5. Web服务认证丛林
- 6. Liferay认证web服务
- 7. Android web服务认证
- 8. 认证WCF Web服务
- 9. Alfresco的Web服务认证
- 10. 使用JavaScript调用需要认证的SOAP Web服务
- 11. 安全的Java SOAP Web服务 - Active Directory认证信任
- 12. 使用SOAP在Java中与API认证使用Web服务
- 13. SOAP Web服务身份验证
- 14. IIS验证的SOAP Web服务
- 15. Android Web服务SOAP
- 16. iPhone Soap Web服务
- 17. SOAP Web服务UI
- 18. SOAP Web服务URL
- 19. Jython SOAP Web服务
- 20. AFNetworking + SOAP Web服务
- 21. java web服务SOAP
- 22. Android SOAP Web服务
- 23. 从SOAP Web服务
- 24. 删除SOAP头WCF SOAP服务
- 25. php web服务的私人和公共web服务认证
- 26. 的NuSOAP:头认证服务器端
- 27. 带有证书认证的iPhone Web服务调用WCF服务
- 28. 使用证书认证的iPhone Web服务调用WCF服务
- 29. Web服务(基于SOAP/Restful)
- 30. http获取SOAP(Web服务)
现在在发送请求这些头,以后我们如何阅读服务实现一流的用户名和passwr = ORD作为WS制片方? – RaG 2014-02-18 21:14:07