0

我尝试使用壁垒模块将壁垒安全添加到我的axis2 Web 服务。

所以这就是我所做的:

  1. 我已经在数据库中存储了“bobWWW”密码的哈希值和盐

在我的 PWCBHandler.java 类中

•我选择存储在数据库中的密码和哈希

•我尝试使用相同的算法pwcb.getPassword() 和相同的存储盐进行散列

•检查这个新的散列密码是否等于存储的密码

但是我经常收到 nullpointerexception 所以我决定检查并编写这段代码

if(pwcb.getPassword()==null)
{
   try {
        throw new Exception ("passwordget pass null" +pwcb.getPassword());
        } 
        catch (Exception e) 
        {
           // TODO Auto-generated catch block
        e.printStackTrace();
         }
}

我看到 pwcb.getPassword() 是空的。所以这里是 PWCBHandler.java 的代码

public void handle(Callback[] callbacks)   throws IOException,  UnsupportedCallbackException 
  {

      for (int i = 0; i < callbacks.length; i++) 
       {          
            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
            try {
              pasandsalt = getdataforChecking();



            if(pwcb.getPassword()==null)
            {

                try {
                    throw new Exception ("passwordget pass null" +pwcb.getPassword());
                } catch (Exception e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            }



            try {
                passwordforchecking = hash(pwcb.getPassword(),Base64.decodeBase64(pasandsalt[1]));


            } catch (Exception e) {

                // TODO Auto-generated catch block
                e.printStackTrace();
            }





             if((pwcb.getIdentifier().equals("bob")) && (passwordforchecking.equals(pasandsalt[0])) ) 
             {
                return;

             } 
         }

这是我的带有 sequeiry 标头的soaprequest

 var sr =  
                "<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
                "<soapenv:Envelope " + 

                 "xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
                 "xmlns:nilo=\"http://nilo\">"+
                  "<soapenv:Header>"+
                  '<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" soapenv:mustUnderstand="1">'+
                  '<wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="123">'+
                  '<wsse:Username>bob</wsse:Username>'+
                  '<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobWWW</wsse:Password>'+
                  '</wsse:UsernameToken>'+
                  '</wsse:Security>'+
                  "</soapenv:Header>"+
                  "<soapenv:Body>" +
                  "<nilo:getdataForChecking>" +
                  '<nilo:data>'+tranXml+'</nilo:data>' +

                   ' </nilo:getdataForChecking>'+

                    '</soapenv:Body>' +



                  '</soapenv:Envelope>';
4

1 回答 1

0

According to your soap headers i can see you are using a Plain text password instead of Password Digest. You might need to change the rampart configuration 

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobWWW</wsse:Password>

this might be helpful to you. http://wso2.com/library/240/

于 2014-04-23T04:28:20.750 回答