public class ClientPasswordCallbackHandler implements CallbackHandler {
public final static String USER = "Fetion2";
public final static String PASSWORD = "Fetion";
@Override
public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {
WSPasswordCallback wspassCallback = (WSPasswordCallback) callbacks[0];
wspassCallback.setIdentifier(USER);
wspassCallback.setPassword(PASSWORD);
}
}
服务器端回调方法如下:
public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {
WSPasswordCallback wspassCallback = (WSPasswordCallback) callbacks[0];
System.out.println(wspassCallback.getIdentifier() + "\t"+ wspassCallback.getPassword());
if (WSConstants.PASSWORD_DIGEST.equals(wspassCallback.getType())) {
if (wspassCallback.getIdentifier().equals(USER)) {
wspassCallback.setPassword(PASSWORD);
} else {
try {
throw new WSSecurityException("No Permission!");
} catch (WSSecurityException e) {
e.printStackTrace();
}
}
}
}
当客户端密码和服务端密码不一样时,会抛出org.apache.cxf.binding.soap.SoapFault: The security token could not be authenticated or authorized异常,怎么处理这个异常更好一点啊,总不能给用户(客户端调用)也抛出这一大堆错吧,
我看网上的资料说密码验证是wss4j自动验证的,这个好像说的很模糊,到底是怎么自动验证的啊?还有这个回调方法是在什么时候调用的?刚学习ws,高手指点!!!
