0

我是 Web 服务开发的新手,我正在尝试使用 XACML 方法实现 JAVA Web 服务。

我已经实现了 2 个非常简单的 Web 服务,其中包含一个返回字符串的方法以及 PEP,它将过滤对我的 Web 服务的所有请求。所有客户端(RPCServiceClient)在调用我的 Web 服务时必须通过 SOAP 标头(addHeader 方法)传递一些必要的信息,对于 RPCServiceClient 服务调用,默认情况下 SOAP 标头为空。PEP 截获请求后,会提取这些信息并作为授权方法的参数传递。问题是当我的 PEP 尝试读取 SOAP 标头时,我总是得到这个异常:

org.apache.axis2.AxisFault: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
    at [row,col {unknown-source}]: [1,0] 
    at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
    at org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:123)
    at org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:67)
    at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:354)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
....

我已经验证了我的 SOAP 消息是否格式正确,但它仍然存在同样的问题。

有人可以帮忙吗??

编辑:

这是从客户端发送的 SOAP 请求。

<?xml version='1.0' encoding='UTF-8'?>
 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
    <ns1:RequestSOAPHeader xmlns:ns1="http://ws.transaccess.com">
     <ns1:username>bob</ns1:username>
     <ns1:action>read</ns1:action>
     <ns1:resourceId>file1</ns1:resourceId>
    </ns1:RequestSOAPHeader>
   </soapenv:Header>
   <soapenv:Body>
    <getRead xmlns="http://ws.transaccess.com">
     <arg0 xmlns="">bob</arg0>
    </getRead>
   </soapenv:Body>
 </soapenv:Envelope>

更新:这是我的 PEP:

public class WebPEP implements Filter{

public void doFilter(ServletRequest req, ServletResponse res,
        FilterChain chain) throws IOException, ServletException {

    if (req instanceof HttpServletRequest && res instanceof HttpServletResponse) {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        // PEP filter 
            RequestWrapper copiedRequest = new RequestWrapper(request);
            try{
                BufferedReader bReader = copiedRequest.getReader(); 
                String soapText=bReader.readLine(); 

                // Create SoapMessage  
                MessageFactory msgFactory     = MessageFactory.newInstance();  
                SOAPMessage message           = msgFactory.createMessage();  
                SOAPPart soapPart             = message.getSOAPPart();  

                // Load the SOAP text into a stream source  
                byte[] buffer                 = soapText.getBytes();  
                ByteArrayInputStream stream   = new ByteArrayInputStream(buffer);  
                StreamSource source           = new StreamSource(stream);  

                // Set contents of message   
                soapPart.setContent(source);

                //Try accessing the SOAPBody  

                SOAPHeader soapHeader = message.getSOAPHeader();
                NodeList param =  soapHeader.getElementsByTagNameNS("http://ws.transaccess.com", "RequestSOAPHeader");

                if(param.getLength()>0){
                    Element accessInfo = (Element) param.item(0);
                    NodeList user = accessInfo.getElementsByTagNameNS("http://ws.transaccess.com", "username");
                    targetUser = user.item(0).getTextContent();
                    NodeList action = accessInfo.getElementsByTagNameNS("http://ws.transaccess.com", "action");
                    targetAction = action.item(0).getTextContent();
                    NodeList resource = accessInfo.getElementsByTagNameNS("http://ws.transaccess.com", "resourceId");
                    targetResource = resource.item(0).getTextContent();
                }  

            } catch (SOAPException e1) {

                e1.printStackTrace();
            } 
            try {

                if(isUserAuthorize(targetResource, targetUser, targetAction)){
                    System.out.println("\nUser is authorized to perform this action\n\n");
                } else {
                    System.out.println("\nUser is NOT authorized to perform this action\n\n");
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
            chain.doFilter(req, res);
        }
        else{
            chain.doFilter(req, res);
        }
}
@Override
public void destroy() {
    // TODO Auto-generated method stub
}

@Override
public void init(FilterConfig arg0) throws ServletException {
    // TODO Auto-generated method stub
}

}
4

3 回答 3

0

请确保您使用的是:http://ws.transaccess.com而不是http://ws.transaccess.com/. (尾声/)祝你好运

于 2013-12-16T12:44:47.273 回答
0

问题已经解决,这个问题的原因是我转发了错误的(HttpServletRequest)请求。我应该转发

chain.doFilter(copiedRequest, res);

代替

chain.doFilter(req, res);

因为我正在处理copyRequest

感谢您的意见

于 2014-01-21T09:52:31.473 回答
-1

我可以从错误中了解到,Whwn PEP 正在尝试使用您的 soap 标头中的参数进行身份验证,它正在获取 html/text 消息作为响应而不是 soap 消息。您在标头中提供了错误的用户名和密码,或者您没有在 Web 服务实现中返回肥皂消息。

谢谢,阿布吉

于 2013-12-16T07:01:26.090 回答