我正在 Jive 4.5.5.0 中开发 SOAP Web 服务。我编写了一个没有身份验证的代码。
我的示例程序:
SuppressWarnings("serial")
@WebService(name="Helloworld",portName="HelloworldPort", serviceName = "Helloworld", targetNamespace="http://Helloworld.com/webservices")
@SOAPBinding(style = SOAPBinding.Style.RPC, use= SOAPBinding.Use.LITERAL, parameterStyle= SOAPBinding.ParameterStyle.WRAPPED)
public class Helloworld extends JiveActionSupport {
public String sayHello(@WebParam(name="name")String name) {
return "hello "+name;
}
}
我的 spring.xml 是这样的
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr"
xmlns:cxf="http://cxf.apache.org/core"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
http://www.directwebremoting.org/schema/spring-dwr http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd"
default-autowire="no">
<!-- Alter the default mapping chains, switching formAuthenticationFilter with the federatedIdentityAuthFilter defined below.
This definition uses the federated identity filter for normal app requests and Web Service requests, but leaves
the form mechanism in place for admin and upgrade purposes. The desired behavior will vary depending on
the application. -->
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/upgrade/**=httpSessionContextIntegrationFilter, upgradeAuthenticationFilter, upgradeExceptionTranslationFilter, jiveAuthenticationTranslationFilter
/post-upgrade/**=httpSessionContextIntegrationFilter, postUpgradeAuthenticationFilter, postUpgradeExceptionTranslationFilter,jiveAuthenticationTranslationFilter
/admin/**=httpSessionContextIntegrationFilter, adminAuthenticationFilter, adminExceptionTranslationFilter,jiveAuthenticationTranslationFilter
/rpc/xmlrpc=wsRequireSSLFilter, httpSessionContextIntegrationFilter, basicAuthenticationFilter, wsExceptionTranslator, jiveAuthenticationTranslationFilter, wsAccessTypeCheckFilter
/rpc/rest/**=wsRequireSSLFilter, httpSessionContextIntegrationFilter, basicAuthenticationFilter, wsExceptionTranslator, jiveAuthenticationTranslationFilter, wsAccessTypeCheckFilter
/rpc/soap/**=wsRequireSSLFilter, httpSessionContextIntegrationFilter, basicAuthenticationFilter, jiveAuthenticationTranslationFilter
/**=httpSessionContextIntegrationFilter, jiveAuthenticationTranslationFilter
</value>
</property>
</bean>
<bean id="hellworldbean" class="com.test.Helloworld">
</bean>
<jaxws:endpoint id="helloworld" address="/soap/sayHelloworld">
<jaxws:implementor>
<ref bean="hellworldbean" />
</jaxws:implementor>
</jaxws:endpoint>
</beans>
我想为其添加身份验证。虽然 basicAuthenticationFilter 存在于 /rpc/soap/** 模式中,但它并不要求进行身份验证。在管理控制台设置中,我只检查了对 Web 服务中特定用户的访问权限。
此 Web 服务运行良好,提供正确的输出。但它缺乏授权。
任何人都可以共享一些示例代码来在客户端以及服务端进行身份验证和授权。