1. 首頁
  2. 問答
  3. Web服務soap頭認證

Web服務soap頭認證

2010-06-08 282 views
2

我有一個web服務,我想從soap頭認證用戶。也就是說,我想檢查肥皂標題中的標記ID(隨機數),並根據數據庫中的值驗證它,如果數字匹配,我允許請求通過,否則我不想允許執行我的Web方法。Web服務soap頭認證

是否有任何干淨的方式使用SOAP標題做到這一點?

感謝,

Mrinal Jaiswal

來源

2010-06-08 mickey mouse

回答

2

你有沒有看着WS-Security?你尚未使用別的東西。假設,你可以隨身攜帶在用戶名元素的令牌等

<?xml version="1.0"?> 
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> 
    <soapenv:Header> 
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> 
     <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1"> 
     <wsse:Username>yourusername</wsse:Username> 
     <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yourpassword</wsse:Password> 
     </wsse:UsernameToken> 
    </wsse:Security> 
    </soapenv:Header> 
    <soapenv:Body> 
    <yourbodygoeshere> 
    </soapenv:Body> 
</soapenv:Envelope>

來源

2010-06-08 15:01:52

+0

現在在發送請求這些頭,以後我們如何閱讀服務實現一流的用戶名和passwr = ORD作爲WS製片方? – RaG 2014-02-18 21:14:07

1

我使用JDK的API創建的Web服務,並通過SOAP頭做一個簡單的身份驗證。 這個簡單的項目提供兩種服務:在SOAP主體服務器

  • 登錄
    • 從服務器
  • GET消息

客戶端的帖子的用戶名和密碼,如果用戶登錄成功後,服務器會返回一個令牌在肥皂頭上。 客戶端通過在soap標頭中包含此標記來調用getMessage服務,服務器檢查標記,如果它是已登錄的用戶,則返回成功消息,否則返回失敗的消息。

以下是代碼:

package com.aug.ws; 

import javax.jws.WebMethod; 
import javax.jws.WebParam; 
import javax.jws.WebService; 
import javax.jws.WebParam.Mode; 
import javax.jws.soap.SOAPBinding; 
import javax.jws.soap.SOAPBinding.Style; 
import javax.xml.ws.Holder; 

//Service Endpoint Interface 
@WebService 
@SOAPBinding(style = Style.RPC) 
public interface HelloWorld { 

    @WebMethod 
    void login(String userName, String password, @WebParam(header = true, mode = Mode.OUT, name = "token") Holder<String> token); 

    String getMessage(String message); 
} 


package com.aug.ws; 

import java.util.HashMap; 
import java.util.Map; 

import javax.annotation.Resource; 
import javax.jws.WebMethod; 
import javax.jws.WebParam; 
import javax.jws.WebParam.Mode; 
import javax.jws.WebService; 
import javax.xml.namespace.QName; 
import javax.xml.ws.Holder; 
import javax.xml.ws.WebServiceContext; 
import javax.xml.ws.handler.MessageContext; 

import com.sun.xml.internal.ws.api.message.Header; 
import com.sun.xml.internal.ws.api.message.HeaderList; 
import com.sun.xml.internal.ws.developer.JAXWSProperties; 

@WebService(endpointInterface = "com.aug.ws.HelloWorld") 
public class HelloWorldImpl implements HelloWorld { 

    private Map<String, String> authorizedUsers = new HashMap<String, String>(); 

    @Resource 
    WebServiceContext wsctx; 

    @Override 
    @WebMethod 
    public void login(String userName, String password, @WebParam(header = true, mode = Mode.OUT, name = "token") Holder<String> token) { 
     if (("user1".equals(userName) && "pwd1".equals(password)) || ("user2".equals(userName) && "pwd2".equals(password))) { 
      String tokenValue = "authorizeduser1234" + userName; 
      token.value = tokenValue; 
      authorizedUsers.put(tokenValue, userName); 

      System.out.println("---------------- token: " + tokenValue); 
     } 
    } 

    @Override 
    @WebMethod 
    public String getMessage(String message) { 
     if (isLoggedInUser()) { 
      return "JAX-WS message: " + message; 
     } 
    return "Invalid access!"; 
    } 

    /** 
    * Check token from SOAP Header 
    * @return 
    */ 
    private boolean isLoggedInUser() { 
     System.out.println("wsctx: " + wsctx); 

     MessageContext mctx = wsctx.getMessageContext(); 
     HeaderList headerList = (HeaderList)  mctx.get(JAXWSProperties.INBOUND_HEADER_LIST_PROPERTY); 

     String nameSpace = "http://ws.aug.com/"; 
     QName token = new QName(nameSpace, "token"); 

     try { 
      Header tokenHeader = headerList.get(token, true); 
      if (tokenHeader != null) { 
       String user = authorizedUsers.get(tokenHeader.getStringContent()); 
       if (user != null) { 
        System.out.println(user + " has logged in."); 
        return true; 
       } 
      } 
     } catch (Exception e) { 
      e.printStackTrace(); 
     } 

     return false; 
    } 
} 


package com.aug.endpoint; 
import javax.xml.ws.Endpoint; 

import com.aug.ws.HelloWorldImpl; 

public class HelloWorldPublisher { 

    /** 
    * @param args 
    */ 
    public static void main(String[] args) { 
     Endpoint.publish("http://localhost:9000/ws/hello", new HelloWorldImpl()); 

     System.out.println("\nWeb service published @ http://localhost:9000/ws/hello"); 
     System.out.println("You may call the web service now"); 
    } 

} 


package com.aug.client; 

import java.net.MalformedURLException; 
import java.net.URL; 

import javax.xml.namespace.QName; 
import javax.xml.ws.Service; 

import com.aug.ws.HelloWorld; 
import com.sun.xml.internal.ws.api.message.HeaderList; 
import com.sun.xml.internal.ws.api.message.Headers; 
import com.sun.xml.internal.ws.developer.JAXWSProperties; 
import com.sun.xml.internal.ws.developer.WSBindingProvider; 

public class HelloWorldClient { 

    private static final String WS_URL = "http://localhost:9000/ws/hello?wsdl"; 
    private static final String NAME_SPACE = "http://ws.aug.com/"; 

    public static String login() throws Exception { 

     URL url = new URL(WS_URL); 
     QName qname = new QName(NAME_SPACE, "HelloWorldImplService"); 

     Service service = Service.create(url, qname); 
     HelloWorld hello = service.getPort(HelloWorld.class); 

     hello.login("user1", "pwd1", null); 

     WSBindingProvider bp = (WSBindingProvider) hello; 
     HeaderList headerList = (HeaderList)  bp.getResponseContext().get(JAXWSProperties.INBOUND_HEADER_LIST_PROPERTY); 
     bp.close(); 

     return headerList.get(new QName(NAME_SPACE, "token"), true).getStringContent(); 
    } 

    public static void getMessage() throws Exception { 
     String token = login(); 
     System.out.println("token: " + token); 

     URL url = new URL(WS_URL); 
     QName qname = new QName(NAME_SPACE, "HelloWorldImplService"); 

     Service service = Service.create(url, qname); 
     HelloWorld hello = service.getPort(HelloWorld.class); 
     WSBindingProvider bp = (WSBindingProvider) hello; 

     bp.setOutboundHeaders(
       Headers.create(new QName(NAME_SPACE, "token"), token) 
     ); 

     System.out.println(hello.getMessage("hello world")); 

     bp.close(); 
    } 

    public static void main(String[] args) throws Exception { 
     getMessage(); 
    } 

}

來源

2014-05-08 09:24:37 dereck

相關問題

 相關問題