消費SOAP WS返回錯誤401未授權

Question

我試圖使用spring-ws來使用SOAP web服務。我能夠從SOAP UI成功使用此Web服務。但是，我收到未經授權的例外：

org.springframework.ws.client.WebServiceTransportException: Unauthorized [401] 
    at org.springframework.ws.client.core.WebServiceTemplate.handleError(WebServiceTemplate.java:699) 

如何成功進行身份驗證？

我的代碼如下：

WebServiceTemplate配置：

@Bean 
    public WebServiceTemplate webServiceTemplate(Jaxb2Marshaller marshaller){ 
     WebServiceTemplate webServiceTemplate = new WebServiceTemplate(); 
     webServiceTemplate.setDefaultUri("http://ultron.illovo.net:9704/AdminService"); 
     webServiceTemplate.setMarshaller(marshaller); 
     webServiceTemplate.setUnmarshaller(marshaller); 

     Credentials credentials = new UsernamePasswordCredentials("biqa", "welcome1"); 

     HttpComponentsMessageSender messageSender = new HttpComponentsMessageSender(); 
     messageSender.setCredentials(credentials); 
     messageSender.setReadTimeout(5000); 
     messageSender.setConnectionTimeout(5000); 
     webServiceTemplate.setMessageSender(messageSender); 

     return webServiceTemplate; 
    } 

客戶：

@Autowired 

WebServiceTemplate webServiceTemplate; 

public CallProcedureWithResultsResponse callProcedureWithResults(String procedureName){ 
    CallProcedureWithResults request = new CallProcedureWithResults(); 
    request.setProcedureName(procedureName); 
    log.info("Calling procedure " + procedureName); 

    CallProcedureWithResultsResponse response = (CallProcedureWithResultsResponse) webServiceTemplate.marshalSendAndReceive("http://ultron.illovo.net:9704/AdminService/AdminService", request); 

    return response; 
} 

JUnit測試

@Test 
    public void testWebService(){ 
     AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext(ObieeConfiguration.class); 
     ObieeClient client = context.getBean(ObieeClient.class); 
     CallProcedureWithResultsResponse response = client.callProcedureWithResults("GetOBISVersion()"); 
     client.printResponse(response); 
     context.close(); 
    } 

Answer 1

我設法通過做來解決這個問題如下：

創建HttpUrlConnectionMessageSender的一個子類，如下所示：

public class WebServiceMessageSenderWithAuth extends HttpUrlConnectionMessageSender { 

    String user; 
    String password; 

    public WebServiceMessageSenderWithAuth(String user, String password) { 
     this.user = user; 
     this.password = password; 
    } 

    @Override 
    protected void prepareConnection(HttpURLConnection connection) throws IOException { 
     BASE64Encoder enc = new BASE64Encoder(); 
     String userpassword = user+":"+password; 
     String encodedAuthorization = enc.encode(userpassword.getBytes()); 
     connection.setRequestProperty("Authorization", "Basic " + encodedAuthorization); 
     super.prepareConnection(connection); 
    } 

} 

我的客戶是定義如下：

public class ObieeClient extends WebServiceGatewaySupport { 

    private static final Logger log = LoggerFactory.getLogger(ObieeClient.class); 

    public CallProcedureWithResultsResponse callProcedureWithResults(String procedureName, String webServiceURL){ 
     CallProcedureWithResults request = new CallProcedureWithResults(); 
     request.setProcedureName(procedureName); 
     log.info("Calling procedure " + procedureName); 

     CallProcedureWithResultsResponse response = (CallProcedureWithResultsResponse) ((JAXBElement) getWebServiceTemplate().marshalSendAndReceive(webServiceURL, request)).getValue(); 

     return response; 
    } 
} 

而且最後客戶端被配置爲通過設置消息發送者來使用憑證：

 Jaxb2Marshaller marshaller = new Jaxb2Marshaller();   marshaller.setContextPath("za.co.adaptit.smartdeployment.webservices.wsdl"); 

       //set up web service client 
       ObieeClient client = new ObieeClient(); 
       client.setDefaultUri(host); 
       client.setMarshaller(marshaller); 
       client.setUnmarshaller(marshaller); 
       client.setMessageSender(new WebServiceMessageSenderWithAuth("user", "password")); 

response = client.callProcedureWithResults("NQSModifyMetadata('" + obieeObjectsXML +"')", server.getHost()); 

希望這會有所幫助。

Answer 2

我遇到了同樣的問題，並通過定義一個帶有Credentials的MessageSender並設置到客戶端來解決問題。我不必創建自定義MessageSender。

@Bean 
public WebServiceMessageSender messageSender(Credentials credentials) throws Exception{ 
    HttpComponentsMessageSender messageSender = new HttpComponentsMessageSender(); 
    messageSender.setCredentials(credentials); 
    return messageSender; 
} 

@Bean 
public Credentials credentials(){ 
    UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(USERNAME, PASSWORD); 
    return credentials; 

} 

Answer 3

使用HttpsUrlConnectionMessageSender進行安全的Https連接。這是spring-ws-support依賴的一部分。另外，您可以使用HttpsUrlConnectonMessageSender繞過各種證書問題，如證書通用名稱不匹配。

不使用BASE64Encoder，它是sun.misc jar的類，它不是很安全。使用java util中的Base64和java中的java 1.8以及apache的Base64 for Java version 1.8以下的版本1.8

public class WebServiceMessageSenderWithAuth extends HttpsUrlConnectionMessageSender { 

String user; 
String password; 

public WebServiceMessageSenderWithAuth(String user, String password) { 
    this.user = user; 
    this.password = password; 
    } 

@Override 
protected void prepareConnection(HttpURLConnection connection) throws IOException { 

    String userpassword = user+":"+password; 
    String encodedAuthorization = Base64.encode(userpassword.getBytes()); 
    connection.setRequestProperty("Authorization", "Basic " + encodedAuthorization); 
    //set various properties by using reference of connection according to your requirement 
    } 
}