1. 首頁
  2. 問答
  3. 爲什麼WSPasswordCallback.getPassword空當我嘗試我的SOAP請求

爲什麼WSPasswordCallback.getPassword空當我嘗試我的SOAP請求

2013-05-09 100 views
1

我曾與古城牆的安全做出了Axis2 Web服務,但我在這行不斷接收NullPointerException爲什麼WSPasswordCallback.getPassword空當我嘗試我的SOAP請求

if((pwcb.getIdentifier().equals("bob")) && pwcb.getPassword().equals("bobPW")))

所以我添加此代碼:

if (pwcb.getPassword()==null) { 
    throw new Exception ("passsssssssss is null:"+pwcb.getPassword()); 
}

哪個引發異常;所以我知道問題是pwcb.getPassword爲空,但不明白爲什麼。

這是SOAP請求我送:

<?xml version="1.0" encoding="utf-8"?> 
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:nilo="http://nilo"> 
    <soapenv:Header> 
     <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> 
      <wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="123"> 
       <wsse:Username>bob</wsse:Username> 
       <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobPW</wsse:Password> 
      </wsse:UsernameToken> 
     </wsse:Security> 
    </soapenv:Header> 
    <soapenv:Body> 
     <nilo:getdataForChecking> 
      <nilo:data>tranXml</nilo:data> 
     </nilo:getdataForChecking> 
    </soapenv:Body> 
</soapenv:Envelope>

這裏是handle方法,我使用:

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { 
    for (int i = 0; i < callbacks.length; i++) { 
     //When the server side need to authenticate the user 
     WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; 

     if (pwcb.getPassword()==null) { 
      try { 
       throw new Exception ("passsssssssss null:"+pwcb.getPassword()); 
      } catch (Exception e) { 
       // TODO Auto-generated catch block 
       e.printStackTrace(); 
      } 
     } 
     else { 
      try { 
       throw new Exception ("pass nooot null:"+pwcb.getPassword()); 
      } catch (Exception e) { 
       // TODO Auto-generated catch block 
       e.printStackTrace(); 
      } 
     } 

     if(pwcb.getIdentifier().equals("bob") && pwcb.getPassword().equals("bobPW")) { 
      return; 
     } 

     //When the client requests for the password to be added in to the 
     //UT element 

    } 
}

來源

2013-05-09 Milka Salkova

回答

0

無論WSPasswordCallback包含密碼取決於其使用場。例如,對於用法USERNAME_TOKEN_UNKNOWN,密碼被設置,並且回調處理程序應該拋出一個異常,如果它不匹配用戶名。另一方面,對於SIGNATURE,密碼字段爲空,並且回調需要對其進行設置,以便可以從密鑰庫中檢索密鑰。

您應該驗證在什麼情況下調用回調並作出適當的反應。例如:

// Rampart expects us to do authentication in this case 
if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { 
    String password = passwordFor(pwcb.getIdentifier()); 
    if (pwcb.getPassword().equals(password)) 
    return; 
    throw new UnsupportedCallbackException(callback, 
     "password check failed for user " + pwcb.getIdentifier()); 
} 
if (pwcb.getUsage() == WSPasswordCallback.SIGNATURE) { 
    pwcb.setPassword(passwordFor(pwcb.getIdentifier()));

來源

2013-06-15 09:34:45

0

處理程序需要知道發起呼叫的用戶的密碼。你不必親自做比較。

修改此行從: if((pwcb.getIdentifier().equals("bob")) && pwcb.getPassword().equals("bobPW")))

到:

if (pwcb.getIdentifier().equals("bob")) { pwcb.setPassword("bobPW"); }

來源

2014-11-06 13:43:21 zyked

+0

所以...的CXF開發者假設我們正在某處儲存乾淨的文字密碼....我錯過了什麼? – 2018-02-09 10:31:56

相關問題

 相關問題