在JAX-WS中处理身份验证的常用方法之一是客户端提供“用户名”和“密码”,将其附加在SOAP请求标头中并发送到服务器,服务器解析SOAP文档并检索提供的“用户名”和“密码”从请求标头中进行,并从数据库中进行验证,或者使用其他任何方法。
在本文中,我们向您展示如何实现上述“ JAX-WS中的应用程序级别认证 ”。
想法...
在Web服务客户端站点上,只需将“用户名”和“密码”放入请求标头即可。
Map<String, Object> req_ctx = ((BindingProvider)port).getRequestContext();
req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, WS_URL);
Map<String, List<String>> headers = new HashMap<String, List<String>>();
headers.put("Username", Collections.singletonList("mkyong"));
headers.put("Password", Collections.singletonList("password"));
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, headers);
在Web服务服务器站点上,通过WebServiceContext
获取请求标头参数。
@Resource
WebServiceContext wsctx;
@Override
public String method() {
MessageContext mctx = wsctx.getMessageContext();
//get detail from request headers
Map http_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);
List userList = (List) http_headers.get("Username");
List passList = (List) http_headers.get("Password");
//...
仅此而已,已部署的JAX-WS受支持的应用程序级别身份验证。
使用JAX-WS认证示例
查看完整示例。
1. WebService服务器
创建一个简单的JAX-WS hello world示例,以处理应用程序级别的身份验证。
文件:HelloWorld.java
package com.mkyong.ws;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.jws.soap.SOAPBinding;
import javax.jws.soap.SOAPBinding.Style;
//Service Endpoint Interface
@WebService
@SOAPBinding(style = Style.RPC)
public interface HelloWorld{
@WebMethod String getHelloWorldAsString();
}
HelloWorldImpl.java
package com.mkyong.ws;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.jws.WebService;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
//Service Implementation Bean
@WebService(endpointInterface = "com.mkyong.ws.HelloWorld")
public class HelloWorldImpl implements HelloWorld{
@Resource
WebServiceContext wsctx;
@Override
public String getHelloWorldAsString() {
MessageContext mctx = wsctx.getMessageContext();
//get detail from request headers
Map http_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);
List userList = (List) http_headers.get("Username");
List passList = (List) http_headers.get("Password");
String username = "";
String password = "";
if(userList!=null){
//get username
username = userList.get(0).toString();
}
if(passList!=null){
//get password
password = passList.get(0).toString();
}
//Should validate username and password with database
if (username.equals("mkyong") && password.equals("password")){
return "Hello World JAX-WS - Valid User!";
}else{
return "Unknown User!";
}
}
}
2. EndPoint Publisher
创建一个端点发布程序以通过以下URL在Web服务之上进行部署:“ http:// localhost:9999 / ws / hello ”
文件:HelloWorldPublisher.java
package com.mkyong.endpoint;
import javax.xml.ws.Endpoint;
import com.mkyong.ws.HelloWorldImpl;
//Endpoint publisher
public class HelloWorldPublisher{
public static void main(String[] args) {
Endpoint.publish("http://localhost:9999/ws/hello", new HelloWorldImpl());
}
}
3. WebService客户端
创建一个Web服务客户端,以发送“用户名”和“密码”进行身份验证。
文件:HelloWorldClient.java
package com.mkyong.client;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.handler.MessageContext;
import com.mkyong.ws.HelloWorld;
public class HelloWorldClient{
private static final String WS_URL = "http://localhost:9999/ws/hello?wsdl";
public static void main(String[] args) throws Exception {
URL url = new URL(WS_URL);
QName qname = new QName("http://ws.mkyong.com/", "HelloWorldImplService");
Service service = Service.create(url, qname);
HelloWorld hello = service.getPort(HelloWorld.class);
/*******************UserName & Password ******************************/
Map<String, Object> req_ctx = ((BindingProvider)hello).getRequestContext();
req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, WS_URL);
Map<String, List<String>> headers = new HashMap<String, List<String>>();
headers.put("Username", Collections.singletonList("mkyong"));
headers.put("Password", Collections.singletonList("password"));
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, headers);
/**********************************************************************/
System.out.println(hello.getHelloWorldAsString());
}
}
输出量
Hello World JAX-WS - Valid User!
4.跟踪SOAP流量
从上到下,显示SOAP信封如何在客户端和服务器之间流动。
1.客户端发送请求,用户名“ mkyong ”和密码“ password ”包含在SOAP信封中。
POST /ws/hello?wsdl HTTP/1.1
Password: password
Username: mkyong
SOAPAction: ""
Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-Type: text/xml; charset=utf-8
User-Agent: Java/1.6.0_13
Host: localhost:8888
Connection: keep-alive
Content-Length: 178
<?xml version="1.0" ?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<ns2:getHelloWorldAsString xmlns:ns2="http://ws.mkyong.com/"/>
</S:Body>
</S:Envelope>
2.服务器发回正常响应。
HTTP/1.1 200 OK
Transfer-encoding: chunked
Content-type: text/xml; charset=utf-8
<?xml version="1.0" ?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<ns2:getHelloWorldAsStringResponse xmlns:ns2="http://ws.mkyong.com/">
<return>Hello World JAX-WS - Valid User!</return>
</ns2:getHelloWorldAsStringResponse>
</S:Body>
</S:Envelope>
做完了
下载源代码
下载它– JAX-WS-Application-Authentication-Example.zip (10KB)
翻译自: https://mkyong.com/webservices/jax-ws/application-authentication-with-jax-ws/