Web services Web服务soap头身份验证
我有一个web服务,我想从soap头对用户进行身份验证。也就是说,我想检查soap头中的令牌id(随机数),并根据数据库中的值验证它,如果数字匹配,我允许请求通过,否则我不想允许执行我的web方法 有没有任何干净的方法可以使用SOAP头来完成 谢谢 最后的监狱看守你调查过了吗?假设您还没有将其用于其他用途,您可以在Username元素中携带您的令牌,等等Web services Web服务soap头身份验证,web-services,soap,header,Web Services,Soap,Header,我有一个web服务,我想从soap头对用户进行身份验证。也就是说,我想检查soap头中的令牌id(随机数),并根据数据库中的值验证它,如果数字匹配,我允许请求通过,否则我不想允许执行我的web方法 有没有任何干净的方法可以使用SOAP头来完成 谢谢 最后的监狱看守你调查过了吗?假设您还没有将其用于其他用途,您可以在Username元素中携带您的令牌,等等 <?xml version="1.0"?> <soapenv:Envelope xmlns:soapenv="http://
<?xml version="1.0"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
<wsse:Username>yourusername</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yourpassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<yourbodygoeshere>
</soapenv:Body>
</soapenv:Envelope>
你的用户名
你的密码
我使用JDKAPI创建了一个web服务,并通过soap头进行了简单的身份验证。
这个简单的项目提供两项服务:
- 登录
- 从服务器获取消息
package com.aug.ws;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import javax.jws.WebParam.Mode;
import javax.jws.soap.SOAPBinding;
import javax.jws.soap.SOAPBinding.Style;
import javax.xml.ws.Holder;
//Service Endpoint Interface
@WebService
@SOAPBinding(style = Style.RPC)
public interface HelloWorld {
@WebMethod
void login(String userName, String password, @WebParam(header = true, mode = Mode.OUT, name = "token") Holder<String> token);
String getMessage(String message);
}
package com.aug.ws;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Resource;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebParam.Mode;
import javax.jws.WebService;
import javax.xml.namespace.QName;
import javax.xml.ws.Holder;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
import com.sun.xml.internal.ws.api.message.Header;
import com.sun.xml.internal.ws.api.message.HeaderList;
import com.sun.xml.internal.ws.developer.JAXWSProperties;
@WebService(endpointInterface = "com.aug.ws.HelloWorld")
public class HelloWorldImpl implements HelloWorld {
private Map<String, String> authorizedUsers = new HashMap<String, String>();
@Resource
WebServiceContext wsctx;
@Override
@WebMethod
public void login(String userName, String password, @WebParam(header = true, mode = Mode.OUT, name = "token") Holder<String> token) {
if (("user1".equals(userName) && "pwd1".equals(password)) || ("user2".equals(userName) && "pwd2".equals(password))) {
String tokenValue = "authorizeduser1234" + userName;
token.value = tokenValue;
authorizedUsers.put(tokenValue, userName);
System.out.println("---------------- token: " + tokenValue);
}
}
@Override
@WebMethod
public String getMessage(String message) {
if (isLoggedInUser()) {
return "JAX-WS message: " + message;
}
return "Invalid access!";
}
/**
* Check token from SOAP Header
* @return
*/
private boolean isLoggedInUser() {
System.out.println("wsctx: " + wsctx);
MessageContext mctx = wsctx.getMessageContext();
HeaderList headerList = (HeaderList) mctx.get(JAXWSProperties.INBOUND_HEADER_LIST_PROPERTY);
String nameSpace = "http://ws.aug.com/";
QName token = new QName(nameSpace, "token");
try {
Header tokenHeader = headerList.get(token, true);
if (tokenHeader != null) {
String user = authorizedUsers.get(tokenHeader.getStringContent());
if (user != null) {
System.out.println(user + " has logged in.");
return true;
}
}
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
}
package com.aug.endpoint;
import javax.xml.ws.Endpoint;
import com.aug.ws.HelloWorldImpl;
public class HelloWorldPublisher {
/**
* @param args
*/
public static void main(String[] args) {
Endpoint.publish("http://localhost:9000/ws/hello", new HelloWorldImpl());
System.out.println("\nWeb service published @ http://localhost:9000/ws/hello");
System.out.println("You may call the web service now");
}
}
package com.aug.client;
import java.net.MalformedURLException;
import java.net.URL;
import javax.xml.namespace.QName;
import javax.xml.ws.Service;
import com.aug.ws.HelloWorld;
import com.sun.xml.internal.ws.api.message.HeaderList;
import com.sun.xml.internal.ws.api.message.Headers;
import com.sun.xml.internal.ws.developer.JAXWSProperties;
import com.sun.xml.internal.ws.developer.WSBindingProvider;
public class HelloWorldClient {
private static final String WS_URL = "http://localhost:9000/ws/hello?wsdl";
private static final String NAME_SPACE = "http://ws.aug.com/";
public static String login() throws Exception {
URL url = new URL(WS_URL);
QName qname = new QName(NAME_SPACE, "HelloWorldImplService");
Service service = Service.create(url, qname);
HelloWorld hello = service.getPort(HelloWorld.class);
hello.login("user1", "pwd1", null);
WSBindingProvider bp = (WSBindingProvider) hello;
HeaderList headerList = (HeaderList) bp.getResponseContext().get(JAXWSProperties.INBOUND_HEADER_LIST_PROPERTY);
bp.close();
return headerList.get(new QName(NAME_SPACE, "token"), true).getStringContent();
}
public static void getMessage() throws Exception {
String token = login();
System.out.println("token: " + token);
URL url = new URL(WS_URL);
QName qname = new QName(NAME_SPACE, "HelloWorldImplService");
Service service = Service.create(url, qname);
HelloWorld hello = service.getPort(HelloWorld.class);
WSBindingProvider bp = (WSBindingProvider) hello;
bp.setOutboundHeaders(
Headers.create(new QName(NAME_SPACE, "token"), token)
);
System.out.println(hello.getMessage("hello world"));
bp.close();
}
public static void main(String[] args) throws Exception {
getMessage();
}
}
package com.aug.ws;
导入javax.jws.WebMethod;
导入javax.jws.WebParam;
导入javax.jws.WebService;
导入javax.jws.WebParam.Mode;
导入javax.jws.soap.SOAPBinding;
导入javax.jws.soap.SOAPBinding.Style;
导入javax.xml.ws.Holder;
//服务端点接口
@网络服务
@SOAPBinding(style=style.RPC)
公共接口HelloWorld{
@网络方法
无效登录(字符串用户名,字符串密码,@WebParam(header=true,mode=mode.OUT,name=“token”)持有者令牌);
字符串消息(字符串消息);
}
包com.aug.ws;
导入java.util.HashMap;
导入java.util.Map;
导入javax.annotation.Resource;
导入javax.jws.WebMethod;
导入javax.jws.WebParam;
导入javax.jws.WebParam.Mode;
导入javax.jws.WebService;
导入javax.xml.namespace.QName;
导入javax.xml.ws.Holder;
导入javax.xml.ws.WebServiceContext;
导入javax.xml.ws.handler.MessageContext;
导入com.sun.xml.internal.ws.api.message.Header;
导入com.sun.xml.internal.ws.api.message.HeaderList;
导入com.sun.xml.internal.ws.developer.JAXWSProperties;
@WebService(endpointInterface=“com.aug.ws.HelloWorld”)
公共类HelloWorldImpl实现HelloWorld{
私有映射authorizedUsers=newHashMap();
@资源
WebServiceContext wsctx;
@凌驾
@网络方法
公共无效登录(字符串用户名、字符串密码、@WebParam(header=true、mode=mode.OUT、name=“token”)持有者令牌){
如果((“user1.equals(userName)&&“pwd1.equals(password))| |((“user2.equals(userName)&&“pwd2.equals(password))){
字符串tokenValue=“authorizeduser1234”+用户名;
token.value=tokenValue;
authorizedUsers.put(令牌值、用户名);
System.out.println(“--------------标记:+tokenValue”);
}
}
@凌驾
@网络方法
公共字符串getMessage(字符串消息){
if(isLoggedInUser()){
返回“JAX-WS消息:”+消息;
}
返回“无效访问!”;
}
/**
*检查SOAP头中的令牌
*@返回
*/
私有布尔值isLoggedInUser(){
System.out.println(“wsctx:+wsctx”);
MessageContext mctx=wsctx.getMessageContext();
HeaderList HeaderList=(HeaderList)mctx.get(JAXWSProperties.INBOUND\u HEADER\u LIST\u PROPERTY);
字符串命名空间=”http://ws.aug.com/";
QName令牌=新的QName(名称空间,“令牌”);
试一试{
Header-tokenHeader=headerList.get(token,true);
if(tokenHeader!=null){
String user=authorizedUsers.get(tokenHeader.getStringContent());
如果(用户!=null){
System.out.println(用户+“已登录”);
返回true;
}
}
}捕获(例外e){
e、 printStackTrace();
}
返回false;
}
}
包com.aug.endpoint;
导入javax.xml.ws.Endpoint;
导入com.aug.ws.HelloWorldImpl;
公共类HelloWorldPublisher{
/**
*@param args
*/
公共静态void main(字符串[]args){
Endpoint.publish(“http://localhost:9000/ws/hello“,新HelloWorldImpl());
System.out.println(“\nWeb服务已发布@http://localhost:9000/ws/hello");
System.out.println(“您现在可以调用web服务”);
}
}
包com.aug.client;
导入java.net.MalformedURLException;
导入java.net.URL;
导入javax.xml.namespace.QName;
导入javax.xml.ws.Service;
导入com.aug.ws.HelloWorld;
导入com.sun.xml.internal.ws.api.message.HeaderList;
导入com.sun.xml.internal.ws.api.message.Headers;
导入com.sun.xml.internal.ws.developer.JAXWSProperties;
导入com.sun.xml.internal.ws.developer.WSBindingProvider;
公共类HelloWorldClient{
私有静态最终字符串WS_URL=”http://localhost:9000/ws/hello?wsdl";
私有静态最终字符串名称\u空格=”http://ws.aug.com/";
公共静态字符串login()引发异常{
URL=新URL(WS_URL);
QName QName=新的QName(名称空间,“HelloWorldImplService”);
Service=Service.create(url,qname);
HelloWorld hello=service.getPort(HelloWorld.class);
hello.login(“user1”,“pwd1”,null);
WSBindingProvider bp=(WSBindingProvider)您好;
HeaderList HeaderList=(HeaderList)bp.getResponseContext().get(JAXWSProperties.INBOUND\u HEADER\u LIST\u PROPERTY);
bp.close();
return headerList.get(新的QName(NAME_空格,“token”),true.getStringContent();
}
公共静态void getMessage()引发异常{
字符串标记=login();
System.out.println(“令牌:+token”);
URL=新URL(WS_URL);
QName QName=新的QName(名称+空格,“HelloW