2

我正在使用 CXF 和 Spring 开发一个基本的 WebService 示例。这是我的课程:

public interface AuthService {
 @WebMethod
   Person getPerson(@WebParam(name="user_id") Long userId);
}

WS实现如下:

public class AuthServiceImpl implements AuthService{

public Person getPerson(Long gid) {
    Person p = new Person();
    p.setUserId(gid);
    p.setEmail("test"+gid+"@test.de");
    p.setName("test"+gid);

    return p;
}

}

我的 web.xml 如下:

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener> 
<context-param>
   <param-name>contextConfigLocation</param-name>
  <param-value>WEB-INF/cxf-beans.xml</param-value>
</context-param>    
<servlet>
    <servlet-name>CXFServlet</servlet-name>
    <servlet-class>
        org.apache.cxf.transport.servlet.CXFServlet
    </servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>CXFServlet</servlet-name>
    <url-pattern>/*</url-pattern>
</servlet-mapping>

我的 cxf-beans.xml 是:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/>


<bean id="logInBound" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOutBound" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
</beans>

这是我的 cxf-servlet.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:jaxws="http://cxf.apache.org/jaxws"
  xmlns:soap="http://cxf.apache.org/bindings/soap"
  xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<jaxws:server id="jaxwsService" serviceClass="com.iptech.cxfws.service.AuthService" address="/auth_user">
<jaxws:serviceBean>
    <bean class="com.iptech.cxfws.service.impl.AuthServiceImpl" />
</jaxws:serviceBean>


<jaxws:inInterceptors>
  <ref bean="interceptor"/>
</jaxws:inInterceptors>
</jaxws:server>

<bean id="interceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
 <constructor-arg>
   <map>
     <entry key="action" value="UsernameToken" />
     <entry key="passwordType" value="PasswordText" />
     <entry key="passwordCallbackRef">
            <ref bean="passwordCallback" />
     </entry>
   </map>
 </constructor-arg>
</bean>
<bean id="passwordCallback" class="com.iptech.cxfws.service.callback.ServerPasswordCallback"/>

</beans>

最后是我的 ServerPasswordCallback 类:

public class ServerPasswordCallback implements CallbackHandler {

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

    WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
    String username = pc.getIdentifier();
    String password = //get it from a business class
    pc.setPassword(password);
}

}

如您所见,这是一个非常简单的示例,您可以在每个 CXF 基础教程中找到。现在,我有两个问题:1)当我打电话时

http://localhost:8080/cxf-ws/auth_user/getPerson?user_id=11

从 Internet 浏览器 (Chrome) 我得到响应,没有完成用户名/密码验证。但是,当从 Java 客户端调用 WS 时,如果不在 SOAP 消息头中包含用户名/密码,我将无法获得响应。这是正常的吗?2)第二个问题与WS-Security无关。将我的 WS 部署/发布到 Tomcat 时,一切都按预期工作(除了上面提到的安全问题)。但是,我有以下例外:

    javax.xml.bind.UnmarshalException: unexpected element 
(URI : "http://schemas.xmlsoap.org/ws/2005/04/discovery", local : "Probe"). 
Expected elements are <{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}AppSequence>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Bye>,
<{http://www.w3.org/2005/08/addressing}EndpointReference>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Hello>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}MetadataVersion>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Probe>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}ProbeMatches>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Resolve>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}ResolveMatches>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Scopes>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Security>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Sig>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}SupportedMatchingRules>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}Types>,
<{http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01}XAddrs>

非常感谢任何帮助。

4

1 回答 1

1

升级到 CXF 2.7.1 或更改为使用 WS-SecurityPolicy。

于 2012-12-13T18:16:16.130 回答