爲什麼WSPasswordCallback.getPassword空當我嘗試我的SOAP請求

Question

我曾與古城牆的安全做出了Axis2 Web服務，但我在這行不斷接收NullPointerException：

if((pwcb.getIdentifier().equals("bob")) && pwcb.getPassword().equals("bobPW"))) 

所以我添加此代碼：

if (pwcb.getPassword()==null) { 
    throw new Exception ("passsssssssss is null:"+pwcb.getPassword()); 
} 

哪個引發異常;所以我知道問題是pwcb.getPassword爲空，但不明白爲什麼。

這是SOAP請求我送：

<?xml version="1.0" encoding="utf-8"?> 
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:nilo="http://nilo"> 
    <soapenv:Header> 
     <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> 
      <wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="123"> 
       <wsse:Username>bob</wsse:Username> 
       <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobPW</wsse:Password> 
      </wsse:UsernameToken> 
     </wsse:Security> 
    </soapenv:Header> 
    <soapenv:Body> 
     <nilo:getdataForChecking> 
      <nilo:data>tranXml</nilo:data> 
     </nilo:getdataForChecking> 
    </soapenv:Body> 
</soapenv:Envelope> 

這裏是handle方法，我使用：

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { 
    for (int i = 0; i < callbacks.length; i++) { 
     //When the server side need to authenticate the user 
     WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; 

     if (pwcb.getPassword()==null) { 
      try { 
       throw new Exception ("passsssssssss null:"+pwcb.getPassword()); 
      } catch (Exception e) { 
       // TODO Auto-generated catch block 
       e.printStackTrace(); 
      } 
     } 
     else { 
      try { 
       throw new Exception ("pass nooot null:"+pwcb.getPassword()); 
      } catch (Exception e) { 
       // TODO Auto-generated catch block 
       e.printStackTrace(); 
      } 
     } 

     if(pwcb.getIdentifier().equals("bob") && pwcb.getPassword().equals("bobPW")) { 
      return; 
     } 

     //When the client requests for the password to be added in to the 
     //UT element 

    } 
} 

Answer 1

無論WSPasswordCallback包含密碼取決於其使用場。例如，對於用法USERNAME_TOKEN_UNKNOWN，密碼被設置，並且回調處理程序應該拋出一個異常，如果它不匹配用戶名。另一方面，對於SIGNATURE，密碼字段爲空，並且回調需要對其進行設置，以便可以從密鑰庫中檢索密鑰。

您應該驗證在什麼情況下調用回調並作出適當的反應。例如：

// Rampart expects us to do authentication in this case 
if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { 
    String password = passwordFor(pwcb.getIdentifier()); 
    if (pwcb.getPassword().equals(password)) 
    return; 
    throw new UnsupportedCallbackException(callback, 
     "password check failed for user " + pwcb.getIdentifier()); 
} 
if (pwcb.getUsage() == WSPasswordCallback.SIGNATURE) { 
    pwcb.setPassword(passwordFor(pwcb.getIdentifier())); 

Answer 2

處理程序需要知道發起呼叫的用戶的密碼。你不必親自做比較。

修改此行從： if((pwcb.getIdentifier().equals("bob")) && pwcb.getPassword().equals("bobPW")))

到：

if (pwcb.getIdentifier().equals("bob")) { pwcb.setPassword("bobPW"); }