问题
I've been learning spring-ws for little over a week and I've set up a simple web service.
I'm testing it using soapui and specifying a username and password in the request properties.
My web service has no security layer nor do I want to add one. I just need to pull the username and password out of the request to make requests to another service. I don't want to have to specify a username or password in my request body itself.
All I want to do is retrieve the username and password from the request from soapui. Does anyone know where the username and password are in the request? Are they in a http header or the soap header. The soap header appears to be empty in soapui.
I have tried writing my own interceptor to my endpoint and getting the soap header but it appears to be empty.
I have also tried retrieving them using SecurityContextHolder.getContext().getAuthentication();
but this returns null.
I also tried to interrogate the HttpServletRequest from my endpoint to see if the user details were in there, sadly not.
Does anyone have any ideas or good knowledge of this area?
回答1:
Since there is not authentication in your application, your server does not prompt for authentication and the parameters you specify in soapUI are never used (not included in the http request). Furthermore there is not point using
SecurityContextHolder.getContext().getAuthentication()
since you don't have authentication, there is no authenticated user and it returns null as you said. If you need username/password to access another resource, you should specify them as configuration parameters in your web service.
来源:https://stackoverflow.com/questions/14460897/spring-ws-get-username-password