cxf用户令牌 WSPasswordCallback

来源：互联网发布：java 多个文件打包zip 编辑：程序博客网时间：2024/05/20 15:58

客户端

java

public class ClientAuthCallback implements CallbackHandler{public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {// TODO Auto-generated method stubfor(int i=0;i<callbacks.length;i++) {WSPasswordCallback pcb = (WSPasswordCallback)callbacks[i];  pcb.setPassword("123");   pcb.setIdentifier("1234");   }}}

spring

<jaxws:client id="service" address="http://localhost:8080/webservice/services/userService"serviceClass="com.test.cxf.IUserService"><jaxws:outInterceptors>               <bean                   class="org.apache.cxf.interceptor.LoggingOutInterceptor" />               <bean                   class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />               <bean                   class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">                   <constructor-arg>                       <map>                           <entry key="action" value="UsernameToken" />                           <entry key="passwordType"                              value="PasswordText" />                           <entry key="user" value="cxfClient" />                           <entry key="password" value="admin" />                           <entry key="passwordCallbackRef">                               <ref bean="clientAuthCallback" />                           </entry>                       </map>                   </constructor-arg>               </bean>           </jaxws:outInterceptors></jaxws:client><bean id="clientAuthCallback" class="com.test.cxf.ws.ClientAuthCallback" />

服务端

java

public class ServerCheckAuthCallback implements CallbackHandler{public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {WSPasswordCallback pcb = (WSPasswordCallback)callbacks[0];String pwd = pcb.getPassword();String idf = pcb.getIdentifier();pcb.setPassword("123");System.out.println("pwd:"+pwd+"  idf:"+idf);}}

spring

<jaxws:endpoint id="service" implementor="#userSer" address="/userService"><jaxws:inInterceptors>                <bean                    class="org.apache.cxf.interceptor.LoggingInInterceptor" />                <bean                   class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />               <bean                    class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">                    <constructor-arg>                        <map>                            <entry key="action" value="UsernameToken" />                           <entry key="passwordType"                              value="PasswordText" />                           <entry key="user" value="cxfClie2nt" />                          <entry key="checkAuthCallbackRef">                              <ref bean="serverCheckAuthCallback" />                           </entry>                        </map>                    </constructor-arg>                </bean>            </jaxws:inInterceptors> </jaxws:endpoint><bean id="serverCheckAuthCallback" class="com.test.cxf.ws.ServerCheckAuthCallback"></bean>

这里主要注意的是,在服务器校验的时候, 需要你根据传入的用户名从数据库中查出密码然后通过WSPasswordCallback 的setpassword() 方法set进入,这样由WSPasswordCallback 自己去匹配,而不是在客户端用getpassword获取密码,用if判断。

在服务端用getpassword() 是获取不到任何东西的。

0 0