CXF 客户端安全
我正在创建 Java Soap Web 服务的客户端,但无法弄清楚如何正确传递密码。这是我的“硬编码”密码示例:
@Test
public void exploratorySecurityTest() {
String username = "user";
String password = "pwd";
UserStoryService service = new UserStoryService();
UserStoryServiceSoap port = service.getUserStoryServiceSoap();
//initialize security
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, username);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
int storyId = 33401;
UserStoryDTO userStoryDTO = port.getByID(storyId);
//success if no error
}
public class ClientPasswordCallback implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword("pwd");
}}
我真正想做的是将密码传递到回调处理程序中。我在 CXF 文档中看到的示例实现了“硬编码”回调(正如我在本例中所做的那样)或作为用户名的函数:
if (pc.getIdentifier().equals("user"))
pc.setPassword("pwd");
这些都不能满足我的需求。有没有一种方法可以让我做类似以下的事情:
@Test
public void exploratorySecurityTest() {
String username = "user";
String password = "pwd";
UserStoryService service = new UserStoryService();
UserStoryServiceSoap port = service.getUserStoryServiceSoap();
//initialize security
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, username);
//pass the password here?
outProps.put("password", password);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
// ...
}
I am creating a client to a Java soap web service, but am having trouble figuring out how to properly pass the password. Here is my "hardcoded" password example:
@Test
public void exploratorySecurityTest() {
String username = "user";
String password = "pwd";
UserStoryService service = new UserStoryService();
UserStoryServiceSoap port = service.getUserStoryServiceSoap();
//initialize security
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, username);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
int storyId = 33401;
UserStoryDTO userStoryDTO = port.getByID(storyId);
//success if no error
}
public class ClientPasswordCallback implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword("pwd");
}}
What I really want to do is to pass the password into the callback handler. The examples that I have seen in the CXF documentation implement the callback either "hardcoded" (as I did in this example) or as a function of the username:
if (pc.getIdentifier().equals("user"))
pc.setPassword("pwd");
Neither of these meet my needs. Is there a way that I can do something like the following:
@Test
public void exploratorySecurityTest() {
String username = "user";
String password = "pwd";
UserStoryService service = new UserStoryService();
UserStoryServiceSoap port = service.getUserStoryServiceSoap();
//initialize security
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, username);
//pass the password here?
outProps.put("password", password);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
// ...
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
使用 PW_CALLBACK_REF 而不是 PW_CALLBACK_CLASS,并传递实例化对象,而不是静态类。您可以将密码注入到所述对象中。
像这样的东西:
Use PW_CALLBACK_REF instead PW_CALLBACK_CLASS, and pass an instantiated object, instead of the static class. You can inject the password in said object.
Something like:
我还能够执行以下操作:
I was also able to do the following:
您的 ClientPasswordCallback 类可能是这样的,有自己的 pwd 字段和关联的设置器:
然后您可以在测试中实例化它,设置其密码并使用 PW_CALLBACK_REF 键将其添加到
outProps映射中:Your
ClientPasswordCallbackclass may be like that, with his own pwd field and the associated setter:Then you can instanciate it in your test, set its password and use
PW_CALLBACK_REFkey to add it to theoutPropsmap:我一直使用以下方法添加属性来请求上下文以进行 http 级别身份验证,并使用 CallbackHandler 添加消息级别用户名令牌。
I have always used following way of adding properties to request context for http level authentication and CallbackHandler for adding message level username token.