CXF Client Security

后端 未结 4 2133
一整个雨季
一整个雨季 2021-02-15 15:23

I am creating a client to a Java soap web service, but am having trouble figuring out how to properly pass the password. Here is my \"hardcoded\" password exam

相关标签:
4条回答
  • 2021-02-15 16:13

    Use PW_CALLBACK_REF instead PW_CALLBACK_CLASS, and pass an instantiated object, instead of the static class. You can inject the password in said object.

    Something like:

        outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
        CXFClientPasswordHandler handler = new CXFClientPasswordHandler();
        handler.setPassword(password);
        outProps.put(WSHandlerConstants.PW_CALLBACK_REF, handler);
    
    0 讨论(0)
  • 2021-02-15 16:13

    Your ClientPasswordCallback class may be like that, with his own pwd field and the associated setter:

    class ClientPasswordCallback implements CallbackHandler {
    
        private String pwd;
    
        public void setPassword(String pwd) {
            passwd = pwd;
        }
    
        @Override
        public void handle(Callback[] callbacks) {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
            pc.setPassword(pwd);
        }
    }
    

    Then you can instanciate it in your test, set its password and use PW_CALLBACK_REF key to add it to the outProps map:

    @Test
    public void exploratorySecurityTest() {
        String username = "user";
        String password = "pwd";
    
        // ...
    
        outProps.put(PASSWORD_TYPE, WSConstants.PW_TEXT);
        ClientPasswordCallback handler = new ClientPasswordCallback();
        handler.setPassword(passwd);
        outProps.put(PW_CALLBACK_REF, handler);
        WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
    
        // ...
    }
    
    0 讨论(0)
  • 2021-02-15 16:16

    I was also able to do the following:

        org.apache.cxf.endpoint.Client client = ClientProxy.getClient(obj);
        org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
    
        Map<String, Object> outProps = new HashMap<String, Object>();
    
        outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    
        System.out.println("initialize security for user " + this.username);
        outProps.put(WSHandlerConstants.USER, this.username);
        outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    
        Map<String, Object> ctx = ((BindingProvider) obj).getRequestContext();
        ctx.put("password", this.password);
    
        WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
        cxfEndpoint.getOutInterceptors().add(wssOut);
    
    0 讨论(0)
  • 2021-02-15 16:18

    I have always used following way of adding properties to request context for http level authentication and CallbackHandler for adding message level username token.

    org.apache.cxf.endpoint.Client client = ClientProxy.getClient(obj);
    org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
    
    
    System.out.println("initialize security for user " + this.username);
    outProps.put(WSHandlerConstants.USER, this.username);
    outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    
    Map<String, Object> requestContext = ((BindingProvider) obj).getRequestContext();
    
    
    //For message level authentication
    requestContext.put("ws-security.username", "Ron");
    requestContext.put("ws-security.callback-handler", "com.ws.cxf.client.callback.UTPasswordCallback");
    
    //For endpoint level authentication, HTTP Basic/Digest
    requestContext.put(BindingProvider.USERNAME_PROPERTY, username);
    requestContext.put(BindingProvider.PASSWORD_PROPERTY, password);
    
    
    
    
    class UTPasswordCallback implements CallbackHandler {
    
    @Override
    public void handle(Callback[] callbacks) throws IOException,
            UnsupportedCallbackException {
    
    
        for(Callback cb:callbacks){
            WSPasswordCallback pcallback = (WSPasswordCallback)cb;
             if(pcallback.getUsage()==WSPasswordCallback.USERNAME_TOKEN)
            {
    
                if(pcallback.getIdentifier().equals("Ron"))
                    pcallback.setPassword("noR");
    
            }
    
            }
    
    
        }
    
    }
    
    0 讨论(0)
提交回复
热议问题