如何使用 WSS4J 拦截器在 Web 服务方法中获取经过身份验证的用户
How to get authenticated user in web service methods using WSS4J interceptors
我在 Spring 中托管了一个 Apache CXF 服务。我正在使用 WSS4J 拦截器来验证 username/password 访问服务器的安全性。身份验证工作正常,如果我从 SoapUI 发送错误的凭据,我将无法按预期使用该服务。如果我发送正确的凭据,服务就没有问题。这是我在 spring 上下文文件中的配置。
<bean id="myPasswordCallback" class="cu.datys.sias.custom.ServerPasswordCallback"/>
<jaxws:endpoint id="siasEndpoint"
implementor="#siasImpl"
address="/sias">
<jaxws:features>
<!-- Soporte WS-Addressing -->
<!--<wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing" addressingRequired="true" usingAddressingAdvisory="true" allowDuplicates="true"/>-->
</jaxws:features>
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackRef"
value-ref="myPasswordCallback" />
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
现在我需要能够在我的服务方法中访问经过身份验证的用户,如下所示:
@WebResult(name = "UpdatePatternResponse", targetNamespace = "http://test.com/schemas/xsd/myservice/", partName = "UpdatePatternResponse")
@WebMethod(operationName = "UpdatePattern", action = "UpdatePattern")
@Generated(value = "org.apache.cxf.tools.wsdlto.WSDLToJava", date = "2015-02-19T12:49:59.491-05:00")
public test.com.schemas.xsd.myservice.UpdatePatternResponse updatePattern(
@WebParam(partName = "UpdatePatternRequest", name = "UpdatePatternRequest", targetNamespace = "http://test.com/schemas/xsd/myservice/")
test.com.schemas.xsd.myservice.UpdatePatternRequest updatePatternRequest
) throws SIASFaultMessage{
.
.
User myAuthenticatedUser = //HOW TO GET THE USER???
.....
.
.
.
}
如何在我的 Apache CXF 服务方法中获取经过身份验证的用户?
我终于弄明白了,多亏了这个link:
Is there a way to access the CXF message exchange from a JAX-RS REST Resource within CXF?
这是使用 WSSJ4 拦截器获取用户名的方法:
@WebResult(name = "UpdatePatternResponse", targetNamespace = "http://test.com/schemas/xsd/myservice/", partName = "UpdatePatternResponse")
@WebMethod(operationName = "UpdatePattern", action = "UpdatePattern")
@Generated(value = "org.apache.cxf.tools.wsdlto.WSDLToJava", date = "2015-02-19T12:49:59.491-05:00")
public test.com.schemas.xsd.myservice.UpdatePatternResponse updatePattern(
@WebParam(partName = "UpdatePatternRequest", name = "UpdatePatternRequest", targetNamespace = "http://test.com/schemas/xsd/myservice/")
test.com.schemas.xsd.myservice.UpdatePatternRequest updatePatternRequest
) throws SIASFaultMessage{
.
.
Message message = PhaseInterceptorChain.getCurrentMessage();
WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal)message.get("wss4j.principal.result");
String userName = principal.getName();
.
.
.
}
我发现这是与如此重要的主题相关的唯一问题,因此我想分享我对 CXF 3 的发现。1.x。
基本思路和@alfredo-a 说明的一样。这是代码:
Message message=PhaseInterceptorChain.getCurrentMessage();
SecurityContext context=message.get(SecurityContext.class);
String userName=context.getUserPrincipal().getName();
希望对大家有所帮助。
干杯!
我在 Spring 中托管了一个 Apache CXF 服务。我正在使用 WSS4J 拦截器来验证 username/password 访问服务器的安全性。身份验证工作正常,如果我从 SoapUI 发送错误的凭据,我将无法按预期使用该服务。如果我发送正确的凭据,服务就没有问题。这是我在 spring 上下文文件中的配置。
<bean id="myPasswordCallback" class="cu.datys.sias.custom.ServerPasswordCallback"/>
<jaxws:endpoint id="siasEndpoint"
implementor="#siasImpl"
address="/sias">
<jaxws:features>
<!-- Soporte WS-Addressing -->
<!--<wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing" addressingRequired="true" usingAddressingAdvisory="true" allowDuplicates="true"/>-->
</jaxws:features>
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackRef"
value-ref="myPasswordCallback" />
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
现在我需要能够在我的服务方法中访问经过身份验证的用户,如下所示:
@WebResult(name = "UpdatePatternResponse", targetNamespace = "http://test.com/schemas/xsd/myservice/", partName = "UpdatePatternResponse")
@WebMethod(operationName = "UpdatePattern", action = "UpdatePattern")
@Generated(value = "org.apache.cxf.tools.wsdlto.WSDLToJava", date = "2015-02-19T12:49:59.491-05:00")
public test.com.schemas.xsd.myservice.UpdatePatternResponse updatePattern(
@WebParam(partName = "UpdatePatternRequest", name = "UpdatePatternRequest", targetNamespace = "http://test.com/schemas/xsd/myservice/")
test.com.schemas.xsd.myservice.UpdatePatternRequest updatePatternRequest
) throws SIASFaultMessage{
.
.
User myAuthenticatedUser = //HOW TO GET THE USER???
.....
.
.
.
}
如何在我的 Apache CXF 服务方法中获取经过身份验证的用户?
我终于弄明白了,多亏了这个link:
Is there a way to access the CXF message exchange from a JAX-RS REST Resource within CXF?
这是使用 WSSJ4 拦截器获取用户名的方法:
@WebResult(name = "UpdatePatternResponse", targetNamespace = "http://test.com/schemas/xsd/myservice/", partName = "UpdatePatternResponse")
@WebMethod(operationName = "UpdatePattern", action = "UpdatePattern")
@Generated(value = "org.apache.cxf.tools.wsdlto.WSDLToJava", date = "2015-02-19T12:49:59.491-05:00")
public test.com.schemas.xsd.myservice.UpdatePatternResponse updatePattern(
@WebParam(partName = "UpdatePatternRequest", name = "UpdatePatternRequest", targetNamespace = "http://test.com/schemas/xsd/myservice/")
test.com.schemas.xsd.myservice.UpdatePatternRequest updatePatternRequest
) throws SIASFaultMessage{
.
.
Message message = PhaseInterceptorChain.getCurrentMessage();
WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal)message.get("wss4j.principal.result");
String userName = principal.getName();
.
.
.
}
我发现这是与如此重要的主题相关的唯一问题,因此我想分享我对 CXF 3 的发现。1.x。
基本思路和@alfredo-a 说明的一样。这是代码:
Message message=PhaseInterceptorChain.getCurrentMessage();
SecurityContext context=message.get(SecurityContext.class);
String userName=context.getUserPrincipal().getName();
希望对大家有所帮助。
干杯!