最近在开发webservice接口,使用ws-security规范。 有一些心得,
1)服务端获取客户端的身份信息可以通过 WebServiceContext 获得
@Resource
private WebServiceContext wsContext;
public void confirmReceive(String actionID, isDeleteMsg) {
wsContext.getUserPrincipal()
}
2)客户端的头信息可以通过addheader方法来实现
public static SOAPHeaderElement getAuthenInfo(String name, String userToken) {
SOAPHeaderElement wsseSecurity = new SOAPHeaderElement(
new PrefixedQName(
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
"Security", "wsse"));
try {
wsseSecurity.setMustUnderstand(true);
wsseSecurity.setActor(null);
SOAPElement token = wsseSecurity
.addChildElement("wsse:UsernameToken");
SOAPElement userName = token.addChildElement("wsse:Username",
"wsse");
userName.setValue(name);
SOAPElement usernameToken = token.addChildElement("wsse:Password",
"wsse");
usernameToken.setValue(userToken);
} catch (Exception err) {
err.printStackTrace();
}
return wsseSecurity;
}
3)使用cxf方法 增加对WS的身份验证,具体示例网上很多
1)服务端获取客户端的身份信息可以通过 WebServiceContext 获得
@Resource
private WebServiceContext wsContext;
public void confirmReceive(String actionID, isDeleteMsg) {
wsContext.getUserPrincipal()
}
2)客户端的头信息可以通过addheader方法来实现
public static SOAPHeaderElement getAuthenInfo(String name, String userToken) {
SOAPHeaderElement wsseSecurity = new SOAPHeaderElement(
new PrefixedQName(
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
"Security", "wsse"));
try {
wsseSecurity.setMustUnderstand(true);
wsseSecurity.setActor(null);
SOAPElement token = wsseSecurity
.addChildElement("wsse:UsernameToken");
SOAPElement userName = token.addChildElement("wsse:Username",
"wsse");
userName.setValue(name);
SOAPElement usernameToken = token.addChildElement("wsse:Password",
"wsse");
usernameToken.setValue(userToken);
} catch (Exception err) {
err.printStackTrace();
}
return wsseSecurity;
}
3)使用cxf方法 增加对WS的身份验证,具体示例网上很多