KSoap2& Android - 不可能的身份验证(用户名+密码)

时间:2015-11-13 10:52:55

标签: android authentication soap https ksoap2

我实际上在开发一款必须使用SoS WebService的Android应用程序,使用KSoap2库... 过去,我没有使用Android的Soap服务遇到大问题,一切运行良好......但是现在,我必须实现一个新的WebService,它的URL是'https'和请求的变化是什么必须通过用户名和密码进行身份验证...

当我使用SoapUI等软件测试服务时,一切都很好: 我将“用户名”,“密码”和“WSS-PasswordType”(密码文本)设置到请求属性中,并且WebService答案正常。

通过搜索其他stackoverflow线程,我发现了很多可能的解决方案:有些正在创建安全标头,并将其添加到Soap信封,其他一些直接编码用户名+密码进入 httpHeaders ,由HttpTransportSe参数...

这两种解决方案中哪一项是合适的?我真的不能说...... 当SoapUI向我使用的WebService发送以下 Soap 标头时;我认为最好的解决方案是使用Soap安全头,而不是使用HttpHeader,对吗?

SoapUI发送的标题:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-15D8F1FA3D4EB11CFD144740958185128">
      <wsse:Username>username</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">oiHJvIxwZ1/UsSRg+KL2aw==</wsse:Nonce>
      <wsu:Created>2015-11-13T10:13:01.851Z</wsu:Created>
    </wsse:UsernameToken>
  </wsse:Security>
</soapenv:Header>

我的Android应用发送的标题:

  <v:Header>
<n0:Security soap:mustUnderstand="1" xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <n0:UsernameToken>
    <n0:Username>username</n0:Username>
    <n0:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</n0:Password>
    <n0:Nonce>oiHJvIxwZ1/UsSRg+KL2aw==</n0:Nonce>
    <n1:Created xmlns:n1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2015-11-12T16:01:01.004Z</n1:Created>
  </n0:UsernameToken>
</n0:Security>

正如我所说,以下是我尝试过的两种方法: Soap Header one ..导致400 Http错误响应

    Element headers[] = new Element[1];
headers[0]= new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
headers[0].setAttribute(null, "soap:mustUnderstand", "1");

Element to = new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");

Element action1 = new Element().createElement(null, "n0:Username");
action1.addChild(Node.TEXT, "username");
to.addChild(Node.ELEMENT,action1);

Element action2 = new Element().createElement(null, "n0:Password");
action2.setAttribute(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
action2.addChild(Node.TEXT, "password");
to.addChild(Node.ELEMENT,action2);

Element action3 = new Element().createElement(null, "n0:Nonce");
action3.setAttribute(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
action3.addChild(Node.TEXT, "PhWZD/H5OnnqW6wcavoNGg==");
to.addChild(Node.ELEMENT,action3);

Element action4 = new Element().createElement("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Created");
action4.addChild(Node.TEXT, "2015-11-12T16:01:01.004Z");
to.addChild(Node.ELEMENT,action4);

headers[0].addChild(Node.ELEMENT, to);

和HttpHeader一个......有了这个,我得到了一个407 Http响应(PROXY_AUTH)

httpHeaders = new ArrayList<>();
httpHeaders.add(new HeaderProperty("Authorization", "Basic " + org.kobjects.base64.Base64.encode("username:password".getBytes())));
transport.call(methodName, envelope, httpHeaders);

我想我几乎尝试过所有事情,所以我会感激每一个建议...... 提前致谢

0 个答案:

没有答案
相关问题
最新问题