1
如何訪問由EJB實現這個安全皁Web服務:訪問安全JAX-WS Web服務EJB
@Stateless
@DeclareRoles({"Boss"})
@WebService(name="SoapService", serviceName="SoapWS", portName="SoapWSPort")
public class SoapServiceImpl implements SoapService {
@RolesAllowed({"Boss"})
public SoapThing getSoapThing(String name, String prepend) throws SoapThingyException {
...
}
}
而且web.xml中有這樣的:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
我創造了一種SOAPHandler爲客戶端,添加授權標頭的請求,如下所示:
public boolean handleMessage(SOAPMessageContext context) {
try {
String credential = Base64.getEncoder().encodeToString((username+":"+password).getBytes("UTF-8"));
Map<String, Object> httpHeaders = null;
if (context.get(MessageContext.HTTP_REQUEST_HEADERS) != null) {
httpHeaders = (Map<String, Object>)context.get(MessageContext.HTTP_REQUEST_HEADERS);
} else {
httpHeaders = new HashMap<>();
}
httpHeaders.put("Authorization", Arrays.asList("Basic " + credential.substring(0, credential.length()-1)));
context.put(MessageContext.HTTP_REQUEST_HEADERS, httpHeaders);
return true;
} catch (UnsupportedEncodingException e) {
return false;
}
}
我的客戶端是一個獨立的Java應用程序,使用存根與wsimport的產生,並增加了處理器的BindingProvider:
SoapWS service = new SoapWS();
SoapService port = service.getSoapWSPort();
((BindingProvider)port).getBinding().setHandlerChain(Arrays.asList(new CredentialHandler("spike", "*****")));
SoapThing st = port.getSoapThingByNumber(1);
...它執行罰款,添加憑據授權頭,但我還是從服務器獲取未授權的響應:
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 401: Unauthorized
的Web服務部署在Wildfly和用戶分配給ApplicationRealm,角色Administator,羣狗與老闆:
我錯過了什麼?
這樣做的竅門,謝謝。我認爲一個處理程序將是放置這些代碼的正確位置,但是可以。 –
因爲它是基本身份驗證,所以服務器根本不查看消息負載。 –