密码回拨类中的自动装配失败

时间:2017-03-23 09:42:43

标签: spring autowired wss4j

我正在使用WSS4JOutInterceptorWSS4JInInterceptor拦截soap web服务。我在那里使用

  

passwordCallbackClass

示例拦截器

<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" id="inbound-security">
    <constructor-arg>
        <map>
            <entry key="action" value="Signature Encrypt"/>
            <entry key="signaturePropFile" value="serviceKeystore.properties"/>
            <entry key="decryptionPropFile" value="clientKeystore.properties"/>
            <entry key="passwordCallbackClass" value="com.service.toolprovider.ToolProviderCallbackHandler"/>
        </map>
    </constructor-arg>
</bean>

在我的密码回调课程中,我需要注入另一个类来获取密码。

@Component
public class ToolProviderCallbackHandler implements CallbackHandler {

    @Autowired
    private IAuthenticationConfiguration configuration;

    @Override
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

        for (Callback callback : callbacks) {

            WSPasswordCallback wsPasswordCallback = (WSPasswordCallback) callback;

            if (wsPasswordCallback.getUsage() == WSPasswordCallback.SIGNATURE || wsPasswordCallback.getUsage() == WSPasswordCallback.DECRYPT) {

                if (wsPasswordCallback.getIdentifier().equals("client alias")) {
                    wsPasswordCallback.setPassword("password");
                }
            }
        }
    }
}

但是这里自动装配不起作用。配置属性始终为null。

2 个答案:

答案 0 :(得分:0)

对于以后遇到此问题的任何人,我都遇到了相同的问题,并使用以下方法解决: https://dzone.com/articles/autowiring-spring-beans-into-classes-not-managed-by-spring 


@Service
public class BeanUtil implements ApplicationContextAware {
    private static ApplicationContext context;
    @Override
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        context = applicationContext;
    }
    public static <T> T getBean(Class<T> beanClass) {
        return context.getBean(beanClass);
    }
}

然后在回调处理程序中使用BeanUtil.getBean(IAuthenticationConfiguration.class)设置配置

答案 1 :(得分:0)

按如下所示将您的配置保留在passwordCallbackClass的拦截器中,这将帮助您的密码回调处理程序也由Spring进行管理。

这意味着您的自动接线可以工作

<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" id="inbound-security">
    <constructor-arg>
        <map>
            <entry key="action" value="Signature Encrypt"/>
            <entry key="signaturePropFile" value="serviceKeystore.properties"/>
            <entry key="decryptionPropFile" value="clientKeystore.properties"/>
            <entry>
                    <key>
                        <value>passwordCallbackRef</value>
                    </key>
                    <ref bean="passwordCallbackHandler" />
                </entry>
        </map>
    </constructor-arg>
</bean>

<bean id="passwordCallbackHandler" class="com.service.toolprovider.ToolProviderCallbackHandler" />

参考:https://deepintojee.wordpress.com/2010/12/13/securing-a-webservice-at-method-level-apache-cxf-spring-security-jsr-250-wss4j/

相关问题
最新问题