gpt4 book ai didi

java - 如何验证基于 soap 的 Java Web 服务?

转载 作者:太空狗 更新时间:2023-10-29 22:45:59 25 4
gpt4 key购买 nike

我正在使用 Java 开发基于 Soap 的 Web 服务。谁能告诉我如何验证使用 Web 服务的客户端?

谢谢。

最佳答案

我们可以实现不同的方式和不同类型的安全措施:消息级安全

  • 传输级安全:例如 HTTP Basic/Digest 和 SSL
  • 消息级安全:如WS-Security、XML数字签名、XML加密、XKMS(XML Key 管理S规范),XACML(eX可扩展A访问C控制 Mma​​rkup L语言)、SAML(安全安全A断言Markup L 语言),ebXML 消息服务,自由联盟项目。 for more detals
  • 访问控制安全:安全角色是根据特定条件授予用户或组的特权。

最常见的是,我们将 WS-Security 用于 SOAP Web 服务。 WS-security profile 确定如何启用 WS-security。

  1. WSS X.509 token 配置文件:将 X.509 框架用于 WSS X.509 安全配置文件。
  2. WSS UsernameToken Profile:指定 X.509 token 配置文件时,您还可以在 SOAP 请求中提供 UsernameToken。

例子:

<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-6138db82-5a4c-4bf7-915f-af7a10d9ae96">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">CBb7a2itQDgxVkqYnFtggUxtuqk=</wsse:Password>
<wsse:Nonce>5ABcqPZWb6ImI2E6tob8MQ==</wsse:Nonce>
<wsu:Created>2010-06-08T07:26:50Z</wsu:Created>
</wsse:UsernameToken>

上述元素包含在 SOAP header 中,如下所示:

SOAPEnvelope envelope = smc.getMessage().getSOAPPart().getEnvelope();
SOAPHeader header = envelope.addHeader();
SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
SOAPElement username = usernameToken.addChildElement("Username", "wsse");
username.addTextNode(user);

SOAPElement password = usernameToken.addChildElement("Password", "wsse");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
password.addTextNode(encodedPass); //encodedPass = Base64 ( SHA-1 ( nonce + created + password ) )

SOAPElement nonce =
usernameToken.addChildElement("Nonce", "wsse");
nonce.addTextNode(Base64.encodeBytes(nonceString.getBytes()));

SOAPElement created = usernameToken.addChildElement("Created", "wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

created.addTextNode(creatTime);

以下示例只是简单地将用户名和密码添加到 HTTP header 。

使用 JAX-WS 的应用程序身份验证 WebServiceContext界面

WebServiceImpl.java

package com.javacodegeeks.enterprise.ws;

import java.util.List;
import java.util.Map;

import javax.annotation.Resource;
import javax.jws.WebService;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;

@WebService(endpointInterface = "com.javacodegeeks.enterprise.ws.WebServiceInterface")
public class WebServiceImpl implements WebServiceInterface {

@Resource
WebServiceContext webServiceContext;

@Override
public String getHelloWorldAsString(String str) {

MessageContext messageContext = webServiceContext.getMessageContext();

// get request headers
Map<?,?> requestHeaders = (Map<?,?>) messageContext.get(MessageContext.HTTP_REQUEST_HEADERS);
List<?> usernameList = (List<?>) requestHeaders.get("username");
List<?> passwordList = (List<?>) requestHeaders.get("password");

String username = "";
String password = "";

if (usernameList != null) {
username = usernameList.get(0).toString();
}

if (passwordList != null) {
password = passwordList.get(0).toString();
}

// of course this is not real validation
// you should validate your users from stored databases credentials
if (username.equals("nikos") && password.equals("superpassword")) {

return "Valid User :"+str;

} else {

return "Unknown User!";
}
}
}

网络服务客户端.java

package com.javacodegeeks.enterprise.ws.client;

import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.handler.MessageContext;
import com.javacodegeeks.enterprise.ws.WebServiceInterface;

public class WebServiceClient{

public static void main(String[] args) throws Exception {

URL wsdlUrl = new URL("http://localhost:8888/webservice/helloworld?wsdl");
//qualifier name ...
QName qname = new QName("http://ws.enterprise.javacodegeeks.com/", "WebServiceImplService");
Service service = Service.create(wsdlUrl, qname);

WebServiceInterface sayHello = service.getPort(WebServiceInterface.class);
Map<String, Object> requestContext = ((BindingProvider)sayHello).getRequestContext();

requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:8888/webservice/helloworld?wsdl");

Map<String, List<String>> requestHeaders = new HashMap<String, List<String>>();
requestHeaders.put("username", Collections.singletonList("nikos"));
requestHeaders.put("Password", Collections.singletonList("superpassword"));
requestContext.put(MessageContext.HTTP_REQUEST_HEADERS, requestHeaders);

System.out.println(sayHello.getHelloWorldAsString("- This is Java Code Geeks"));

}
}

关于java - 如何验证基于 soap 的 Java Web 服务?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6799921/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com