我跟隨了一對夫婦教程的混搭,並且都不是太成功!Apache CXF和WS-Security - 密碼回撥
我試圖讓Apache CXF和WS-Security回撥給我的Spring Security身份驗證器。所有的工作都接近工作,但是一旦遇到問題,我們就會遇到一個問題,即讓Spring的安全性脫離WS回調。
下面的處理程序獲取了galled,但pc.getPassword()爲null。我想這是肥皂發送的密碼,所以我可以將它傳遞給春天
public class ServerPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword(pc.getPassword());
}
我的攔截器被設置爲使
<bean id="wsAuthenticationInterceptor" class="com.olympus.viewtheworld.server.security.auth.WSAuthenticationInInterceptor">
<constructor-arg index="0">
<map key-type="java.lang.String" value-type="java.lang.Object">
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass" value="com.olympus.viewtheworld.server.security.auth.ServerPasswordCallback" />
</map>
</constructor-arg>
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<jaxws:endpoint id="secureHelloService"
implementor="#secureHelloServiceImpl"
implementorClass="com.olympus.viewtheworld.server.service.Impl.SecureHelloServiceImpl"
address="/SoapService/secure/hello">
<jaxws:serviceFactory>
<ref bean="jaxws-and-aegis-service-factory" />
</jaxws:serviceFactory>
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
<ref bean="wsAuthenticationInterceptor" />
</jaxws:inInterceptors>
</jaxws:endpoint>
和SOAP請求,我發出了SoapUI的是
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://test/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>rob2</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">passwordxx</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<test:hello>
<!--Optional:-->
<hello>asdf</hello>
</test:hello>
</soapenv:Body>
</soapenv:Envelope>
版本明智的是春3.1和2.7.0 CXF
什麼我需要做的,看到「passwordxx 「在ServerPasswordCallback類中?它是肥皂請求,配置還是錯誤?!
乾杯, 羅布