如何验证基于soap的java web服务?
我正在使用Java开发基于Soap的web服务。有人能告诉我如何验证使用web服务的客户机吗如何验证基于soap的java web服务?,java,web-services,soap,Java,Web Services,Soap,我正在使用Java开发基于Soap的web服务。有人能告诉我如何验证使用web服务的客户机吗 谢谢。可能最好但最复杂的是具有各种身份验证方法的WS-Security。但它是最复杂的,对企业环境有好处。它允许您创建端到端的身份验证,并且有很多选项。您可以在简单的情况下使用 ... NNK weYI3nXd8LjMNVksCKFV8t3rgHh3Rw== WScqanjCEAC4mQoBE07sAQ== 2003-07-16T01:24:32 ... ... 我不知道你们用的是什么图书馆,但这里
谢谢。可能最好但最复杂的是具有各种身份验证方法的WS-Security。但它是最复杂的,对企业环境有好处。它允许您创建端到端的身份验证,并且有很多选项。您可以在简单的情况下使用
...
NNK
weYI3nXd8LjMNVksCKFV8t3rgHh3Rw==
WScqanjCEAC4mQoBE07sAQ==
2003-07-16T01:24:32
...
...
我不知道你们用的是什么图书馆,但这里有一篇很好的文章
但在某些简化的情况下,您可以简单地对web服务器进行HTTP基本身份验证(通过SSL)。这可能是最糟糕的解决方案,但有时可能最容易实现。另一个未与soap连接的解决方案可以是相互身份验证SSL(使用客户端身份验证) 是通过JAX-WS进行身份验证的web服务的一个很好的例子WS-Security提供了保护基于SOAP的web服务的标准方法,WS-Security策略说明了如何将这些安全需求传达给外部世界 可以使用用户名/密码进行身份验证-使用UsernameToken或基于证书的身份验证 因为您是基于Java的,所以您可以使用开放源代码来部署您的服务,只需单击几下,您就可以保护您的服务 进一步解释如何做
感谢……我们可以采用不同的方式和不同类型的安全措施: 消息级安全性
- 传输级安全性:如HTTP Basic/Digest和SSL
- 消息级安全性:如WS-security、XML数字签名、XML加密、XKMS(XMLKeyM管理S规范)、XACML(eXtensibleAccessCControlMarkupL语言),SAML(SecureAssertionMarkupL语言),ebXML消息服务,自由联盟项目李>
- 访问控制安全性:安全角色是根据特定条件授予用户或组的权限
最常见的是,我们对soapweb服务使用WS-Security。确定如何启用WS-security
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-6138db82-5a4c-4bf7-915f-af7a10d9ae96">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">CBb7a2itQDgxVkqYnFtggUxtuqk=</wsse:Password>
<wsse:Nonce>5ABcqPZWb6ImI2E6tob8MQ==</wsse:Nonce>
<wsu:Created>2010-06-08T07:26:50Z</wsu:Created>
</wsse:UsernameToken>
下面的示例很简单,只向HTTP头添加用户和密码
- 下面是一个详细示例,向您展示如何使用JAX-WS处理应用程序级身份验证
- 下面是一个详细示例,向您展示如何在Tomcat下使用JAX-WS实现容器身份验证李>
package com.javacodegeeks.enterprise.ws;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.jws.WebService;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
@WebService(endpointInterface = "com.javacodegeeks.enterprise.ws.WebServiceInterface")
public class WebServiceImpl implements WebServiceInterface {
@Resource
WebServiceContext webServiceContext;
@Override
public String getHelloWorldAsString(String str) {
MessageContext messageContext = webServiceContext.getMessageContext();
// get request headers
Map<?,?> requestHeaders = (Map<?,?>) messageContext.get(MessageContext.HTTP_REQUEST_HEADERS);
List<?> usernameList = (List<?>) requestHeaders.get("username");
List<?> passwordList = (List<?>) requestHeaders.get("password");
String username = "";
String password = "";
if (usernameList != null) {
username = usernameList.get(0).toString();
}
if (passwordList != null) {
password = passwordList.get(0).toString();
}
// of course this is not real validation
// you should validate your users from stored databases credentials
if (username.equals("nikos") && password.equals("superpassword")) {
return "Valid User :"+str;
} else {
return "Unknown User!";
}
}
}
package com.javacodegeeks.enterprise.ws;
导入java.util.List;
导入java.util.Map;
导入javax.annotation.Resource;
导入javax.jws.WebService;
导入javax.xml.ws.WebServiceContext;
导入javax.xml.ws.handler.MessageContext;
@WebService(endpointInterface=“com.javacodegeeks.enterprise.ws.WebServiceInterface”)
公共类WebServiceImpl实现WebServiceInterface{
@资源
WebServiceContext WebServiceContext;
@凌驾
公共字符串getHelloWorldAsString(字符串str){
MessageContext=webServiceContext.getMessageContext();
//获取请求头
Map requestHeaders=(Map)messageContext.get(messageContext.HTTP\u REQUEST\u HEADERS);
List usernameList=(List)requestHeaders.get(“用户名”);
List passwordList=(List)requestHeaders.get(“密码”);
字符串username=“”;
字符串密码=”;
if(usernameList!=null){
username=usernameList.get(0.toString();
}
if(密码列表!=null){
password=passwordList.get(0).toString();
}
//当然,这不是真正的验证
//您应该从存储的数据库凭据验证用户
if(username.equals(“nikos”)&password.equals(“超级密码”)){
返回“有效用户:”+str;
}否则{
返回“未知用户!”;
}
}
}
WebServiceClient.java
package com.javacodegeeks.enterprise.ws.client;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.handler.MessageContext;
import com.javacodegeeks.enterprise.ws.WebServiceInterface;
public class WebServiceClient{
public static void main(String[] args) throws Exception {
URL wsdlUrl = new URL("http://localhost:8888/webservice/helloworld?wsdl");
//qualifier name ...
QName qname = new QName("http://ws.enterprise.javacodegeeks.com/", "WebServiceImplService");
Service service = Service.create(wsdlUrl, qname);
WebServiceInterface sayHello = service.getPort(WebServiceInterface.class);
Map<String, Object> requestContext = ((BindingProvider)sayHello).getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:8888/webservice/helloworld?wsdl");
Map<String, List<String>> requestHeaders = new HashMap<String, List<String>>();
requestHeaders.put("username", Collections.singletonList("nikos"));
requestHeaders.put("Password", Collections.singletonList("superpassword"));
requestContext.put(MessageContext.HTTP_REQUEST_HEADERS, requestHeaders);
System.out.println(sayHello.getHelloWorldAsString("- This is Java Code Geeks"));
}
}
package com.javacodegeks.enterprise.ws.client;
导入java.net.URL;
导入java.util.Collections;
导入java.util.HashMap;
导入java.util.List;
导入java.util.Map;
导入javax.xml.namespace.QName;
导入javax.xml.ws.BindingProvider;
导入javax.xml.ws.Service;
导入javax.xml.ws.handler.MessageContext;
导入com.javacodegeeks.enterprise.ws.WebServiceInterface;
公共类WebServiceClient{
公共静态void main(字符串[]args)引发异常{
URL wsdlUrl=新URL(“http://localhost:8888/webservice/helloworld?wsdl");
//限定符名称。。。
QName QName=新的QName(“http://ws.enterprise.javacodegeeks.com/“,“WebServiceImplService”);
Service=Service.create(wsdlUrl,qname);
WebServiceInterface sayHello=service.getPort(WebServiceInterface.class);
Map requestContext=((BindingProvider)sayHello).getRequestContext();
requestContext.put(BindingProvider.ENDPOINT\地址\属性,“http://localhost:8888/webservice/helloworld?wsdl");
Map requestHeaders=new HashMap();
requestHeaders.put(“用户名”,Collections.singletonList(“nikos”);
requestHeaders.put(“密码”,Collections.singletonList(“超级密码”);
put(MessageContext.HTTP_REQUEST_头,requestHead
package com.javacodegeeks.enterprise.ws;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.jws.WebService;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
@WebService(endpointInterface = "com.javacodegeeks.enterprise.ws.WebServiceInterface")
public class WebServiceImpl implements WebServiceInterface {
@Resource
WebServiceContext webServiceContext;
@Override
public String getHelloWorldAsString(String str) {
MessageContext messageContext = webServiceContext.getMessageContext();
// get request headers
Map<?,?> requestHeaders = (Map<?,?>) messageContext.get(MessageContext.HTTP_REQUEST_HEADERS);
List<?> usernameList = (List<?>) requestHeaders.get("username");
List<?> passwordList = (List<?>) requestHeaders.get("password");
String username = "";
String password = "";
if (usernameList != null) {
username = usernameList.get(0).toString();
}
if (passwordList != null) {
password = passwordList.get(0).toString();
}
// of course this is not real validation
// you should validate your users from stored databases credentials
if (username.equals("nikos") && password.equals("superpassword")) {
return "Valid User :"+str;
} else {
return "Unknown User!";
}
}
}
package com.javacodegeeks.enterprise.ws.client;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.handler.MessageContext;
import com.javacodegeeks.enterprise.ws.WebServiceInterface;
public class WebServiceClient{
public static void main(String[] args) throws Exception {
URL wsdlUrl = new URL("http://localhost:8888/webservice/helloworld?wsdl");
//qualifier name ...
QName qname = new QName("http://ws.enterprise.javacodegeeks.com/", "WebServiceImplService");
Service service = Service.create(wsdlUrl, qname);
WebServiceInterface sayHello = service.getPort(WebServiceInterface.class);
Map<String, Object> requestContext = ((BindingProvider)sayHello).getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:8888/webservice/helloworld?wsdl");
Map<String, List<String>> requestHeaders = new HashMap<String, List<String>>();
requestHeaders.put("username", Collections.singletonList("nikos"));
requestHeaders.put("Password", Collections.singletonList("superpassword"));
requestContext.put(MessageContext.HTTP_REQUEST_HEADERS, requestHeaders);
System.out.println(sayHello.getHelloWorldAsString("- This is Java Code Geeks"));
}
}