1

我已经制作了一个带有 Rampart 安全性的 Axis2 Web 服务,但我不断收到NullPointerException以下信息:

if((pwcb.getIdentifier().equals("bob")) && pwcb.getPassword().equals("bobPW")) )

所以我添加了这段代码:

if ( pwcb.getPassword()==null) {  
    throw new Exception ("passsssssssss is null:"+pwcb.getPassword());
}

这引发了异常;所以我知道问题是pwcb.getPassword空的,但不明白为什么。

这是我发送的 SOAP 请求:

<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:nilo="http://nilo">
    <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
            <wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="123">
                <wsse:Username>bob</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobPW</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body>
        <nilo:getdataForChecking>
            <nilo:data>tranXml</nilo:data>
        </nilo:getdataForChecking>
    </soapenv:Body>
</soapenv:Envelope>

这是handle我正在使用的方法:

public void handle(Callback[] callbacks)   throws IOException,  UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        //When the server side need to authenticate the user
        WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];

        if ( pwcb.getPassword()==null) {
            try {
                throw new Exception ("passsssssssss null:"+pwcb.getPassword());
            } catch (Exception e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }
        else {
            try {
                throw new Exception ("pass nooot null:"+pwcb.getPassword());
            } catch (Exception e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }

        if(pwcb.getIdentifier().equals("bob") && pwcb.getPassword().equals("bobPW")) {
            return;
        } 

        //When the client requests for the password to be added in to the 
        //UT element

    }
}
4

2 回答 2

0

WSPasswordCallback 是否包含密码取决于其使用字段。例如,对于使用 USERNAME_TOKEN_UNKNOWN,设置了密码,如果与用户名不匹配,回调处理程序应该抛出异常。另一方面,对于 SIGNATURE,密码字段为空,回调需要设置它,以便可以从密钥库中检索密钥。

您应该验证在什么情况下调用回调并做出适当的反应。例如:

// Rampart expects us to do authentication in this case
if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
  String password = passwordFor(pwcb.getIdentifier());
  if (pwcb.getPassword().equals(password))
    return;
  throw new UnsupportedCallbackException(callback,
      "password check failed for user " + pwcb.getIdentifier());
}
if (pwcb.getUsage() == WSPasswordCallback.SIGNATURE) {
  pwcb.setPassword(passwordFor(pwcb.getIdentifier()));
于 2013-06-15T09:34:45.213 回答
0

处理程序需要知道发起呼叫的用户的密码。您不必自己进行比较。

修改这一行: if((pwcb.getIdentifier().equals("bob")) && pwcb.getPassword().equals("bobPW")) )

至:

if (pwcb.getIdentifier().equals("bob")) { pwcb.setPassword("bobPW"); }

于 2014-11-06T13:43:21.220 回答