时间戳

首页 > 解决方案 > Apache CXF 密码类型始终设置为摘要

apache - Apache CXF 密码类型始终设置为摘要

问题描述

我正在开发一个 Web 服务客户端项目并使用 Apache CXF 向 Web 服务发送请求。我需要将密码类型设置为密码文本。但即使我在 OutInterceptor 属性中设置它,它总是将密码类型设置为摘要。我该如何解决这个问题?

我的代码是这样的:

        JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
        factory.setServiceClass(Test.class);
        factory.setAddress(url);
        factory.getInInterceptors().add(new SoapActionInInterceptor(action));
        factory.getOutInterceptors().add(new SoapActionOutInterceptor());
        Map<String, Object> outProps = new HashMap<String, Object>();
        outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
        outProps.put(WSHandlerConstants.USER, username);
        outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT);

        ClientPasswordHandler handler = new ClientPasswordHandler();
        handler.setPassword(password);
        outProps.put(WSHandlerConstants.PW_CALLBACK_REF, handler);

        WSS4JStaxOutInterceptor wssOut = new WSS4JStaxOutInterceptor(outProps);
        factory.getOutInterceptors().add(wssOut);
        T serviceClient = (T) factory.create();
        Client client = ClientProxy.getClient(serviceClient);

        setClientPolicy(client);

而clientPolicy就是这个

   protected synchronized void setClientPolicy(Client client) {
    if (client != null) {
        HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
        httpConduit.setAuthSupplier(null);
        httpConduit.setAuthorization(null);
        HTTPClientPolicy clientPolicy = new HTTPClientPolicy();
        clientPolicy.setConnectionTimeout(60000L);
        clientPolicy.setReceiveTimeout(60000L);
        httpConduit.setClient(clientPolicy);
    }
   }

org.apache.cxf -> 版本 3.1.6

org.apache.wss4j -> 版本 2.1.7

标签: apacheweb-servicessoapcxf

解决方案

我找到了解决方案。WSS4JStaxOutInterceptor 扩展了 AbstractWSS4JStaxInterceptor 并且它具有设置我们发送的传入属性的功能。当它尝试设置密码属性时,它会使用“PasswordText”字符串检查传入属性,而当我们使用 WSConstants 时,它的值是不同的。这就是为什么当我们使用“PasswordText”字符串设置属性值时它可以正常工作。拦截器的最终代码是:

private WSS4JStaxOutInterceptor createSecurityInterceptor() {
    Map<String, Object> outProps = new HashMap<>();
    outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    outProps.put(WSHandlerConstants.USER, username);
    // AbstractWSS4JStaxInterceptor class parseNonBooleanProperties require "PasswordText" check this function before changing this line
    outProps.put(WSHandlerConstants.PASSWORD_TYPE, "PasswordText");
    // AbstractWSS4JStaxInterceptor class parseNonBooleanProperties require "PasswordText" check this function before changing this line

    ClientPasswordHandler handler = new ClientPasswordHandler();
    handler.setPassword(password);
    outProps.put(WSHandlerConstants.PW_CALLBACK_REF, handler);
    return new WSS4JStaxOutInterceptor(outProps);
}

这解决了这个问题。

推荐阅读