0
如果我發送頭與當前的結構:如何驗證wss4j 1.6中沒有密碼的UsernameToken?
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soapenv:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-E9505BCB2A7771EF1F14710742072404">
<wsse:Username>Not_correct_username</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
驗證執行經由processSecurityHeader方法是正確的。但我想通過用戶名來驗證用戶身份。
現在我的CallbackHandler代碼:
public class PWCallback implements CallbackHandler {
private String user;
private String password;
private String alias;
private String privateKeyPassword;
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
if (!StringUtils.equals(user, pc.getIdentifier())) {
throw new IOException("unknown user: " + pc.getIdentifier());
}
pc.setPassword(password);
} else {
if (pc.getUsage() == WSPasswordCallback.SIGNATURE || pc.getUsage() == WSPasswordCallback.DECRYPT) {
if (StringUtils.equals(pc.getIdentifier(), alias)) {
pc.setPassword(privateKeyPassword);
} else throw new IOException("unknown user: " + pc.getIdentifier());
}
}
}
}
}
我有什麼可以添加或刪除?