1
如何访问由EJB实现这个安全皂Web服务:访问安全JAX-WS Web服务EJB
@Stateless
@DeclareRoles({"Boss"})
@WebService(name="SoapService", serviceName="SoapWS", portName="SoapWSPort")
public class SoapServiceImpl implements SoapService {
@RolesAllowed({"Boss"})
public SoapThing getSoapThing(String name, String prepend) throws SoapThingyException {
...
}
}
而且web.xml中有这样的:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
我创造了一种SOAPHandler为客户端,添加授权标头的请求,如下所示:
public boolean handleMessage(SOAPMessageContext context) {
try {
String credential = Base64.getEncoder().encodeToString((username+":"+password).getBytes("UTF-8"));
Map<String, Object> httpHeaders = null;
if (context.get(MessageContext.HTTP_REQUEST_HEADERS) != null) {
httpHeaders = (Map<String, Object>)context.get(MessageContext.HTTP_REQUEST_HEADERS);
} else {
httpHeaders = new HashMap<>();
}
httpHeaders.put("Authorization", Arrays.asList("Basic " + credential.substring(0, credential.length()-1)));
context.put(MessageContext.HTTP_REQUEST_HEADERS, httpHeaders);
return true;
} catch (UnsupportedEncodingException e) {
return false;
}
}
我的客户端是一个独立的Java应用程序,使用存根与wsimport的产生,并增加了处理器的BindingProvider:
SoapWS service = new SoapWS();
SoapService port = service.getSoapWSPort();
((BindingProvider)port).getBinding().setHandlerChain(Arrays.asList(new CredentialHandler("spike", "*****")));
SoapThing st = port.getSoapThingByNumber(1);
...它执行罚款,添加凭据授权头,但我还是从服务器获取未授权的响应:
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 401: Unauthorized
的Web服务部署在Wildfly和用户分配给ApplicationRealm,角色Administator,群狗与老板:
我错过了什么?
这样做的窍门,谢谢。我认为一个处理程序将是放置这些代码的正确位置,但是可以。 –
因为它是基本身份验证,所以服务器根本不查看消息负载。 –