我需要在我的新的Web服务以引入认证头(即作为SOAP头请求的一部分)。 该认证报头将验证用户名和密码信息。 我要验证我的Web服务的请求头信息进行身份验证的内容。 如果通过身份验证,则请求的SOAP体将被处理,否则无效的认证信息会由Web服务客户端应用程序调用该服务被发回。
我无法理解如何创建一个Web服务在SOAP头将包含一些元素(在我的情况下,认证元素如用户名和密码)。
通常情况下,在服务中公开的任何方法都将作为SOAP体的一部分。 因此混淆如何与添加在SOAP报头认证元素进行。
请帮忙
问候,
最近我写了一个类,它增加了用户凭据SOAP头。 要做到这一点,你需要创建一个实现类SOAPHandler<SOAPMessageContext>接口。 对于例如:
public class MyHandler implements SOAPHandler<SOAPMessageContext> {
private static final Logger LOGGER = LoggerFactory.getLogger(MyHandler.class);
private String username;
private String password;
/**
* Handles SOAP message. If SOAP header does not already exist, then method will created new SOAP header. The
* username and password is added to the header as the credentials to authenticate user. If no user credentials is
* specified every call to web service will fail.
*
* @param context SOAP message context to get SOAP message from
* @return true
*/
@Override
public boolean handleMessage(SOAPMessageContext context) {
try {
SOAPMessage message = context.getMessage();
SOAPHeader header = message.getSOAPHeader();
SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
if (header == null) {
header = envelope.addHeader();
}
QName qNameUserCredentials = new QName("https://your.target.namespace/", "UserCredentials");
SOAPHeaderElement userCredentials = header.addHeaderElement(qNameUserCredentials);
QName qNameUsername = new QName("https://your.target.namespace/", "Username");
SOAPHeaderElement username = header.addHeaderElement(qNameUsername );
username.addTextNode(this.username);
QName qNamePassword = new QName("https://your.target.namespace/", "Password");
SOAPHeaderElement password = header.addHeaderElement(qNamePassword);
password.addTextNode(this.password);
userCredentials.addChildElement(username);
userCredentials.addChildElement(password);
message.saveChanges();
//TODO: remove this writer when the testing is finished
StringWriter writer = new StringWriter();
message.writeTo(new StringOutputStream(writer));
LOGGER.debug("SOAP message: \n" + writer.toString());
} catch (SOAPException e) {
LOGGER.error("Error occurred while adding credentials to SOAP header.", e);
} catch (IOException e) {
LOGGER.error("Error occurred while writing message to output stream.", e);
}
return true;
}
//TODO: remove this class after testing is finished
private static class StringOutputStream extends OutputStream {
private StringWriter writer;
public StringOutputStream(StringWriter writer) {
this.writer = writer;
}
@Override
public void write(int b) throws IOException {
writer.write(b);
}
}
@Override
public boolean handleFault(SOAPMessageContext context) {
LOGGER.debug("handleFault has been invoked.");
return true;
}
@Override
public void close(MessageContext context) {
LOGGER.debug("close has been invoked.");
}
@Override
public Set<QName> getHeaders() {
LOGGER.debug("getHeaders has been invoked.");
return null;
}
public void setUsername(String username) {
this.username = username;
}
public void setPassword(String password) {
this.password = password;
}
}
请注意,我只是添加凭据头和返回true 。 你做任何你想要的东西与全信息并返回false ,如果事情,预计将失败。
我已经实现这一个客户端:
<bean id="soapHandler" class="your.package.MyHandler">
<property name="username" value="testUser"/>
<property name="password" value="testPassword"/>
</bean>
<jaxws:client "...">
<jaxws:handlers>
<ref bean="soapHandler"/>
</jaxws:handlers>
</jaxws:client>
但它也可以在执行endpoint 。
我们可以从SOAP消息得到从信封头不仅没有。
