启用基本认证以访问 Web Service

可以配置基本认证以便客户机应用程序访问 Web Service。

关于此任务

如果您需要将 Web Service 客户机应用程序与基本认证一起使用,以访问受保护的 Web Service 资源,那么客户机在与服务提供者通信时,必须在请求中提供用户名和密码。

过程

  1. server.xml 文件中启用 jaxws-2.2servlet-3.0(或 servlet-3.1)和 appSecurity-2.0 功能部件。
    <featureManager>
      <feature>jaxws-2.2</feature>
      <feature>servlet-3.0</feature>
      <feature>appSecurity-2.0</feature>
    </featureManager>
  2. server.xml 文件中配置登录域,并将此域绑定至服务提供者。
    <application id="TransportSecurityProvider" name="TransportSecurityProvider"
                 location="TransportSecurityProvider.war" type="ear">
            <application-bnd>
                <security-role name="Employee">
                    <user name="employee0" />
                    <group name="employeeGroup" />
                </security-role>
                <security-role name="Manager">
                    <user name="manager0" />
                </security-role>
                <security-role name="AllAuthenticated">
                    <special-subject type="ALL_AUTHENTICATED_USERS" />
                </security-role>
            </application-bnd>
        	</application>    
        <basicRegistry id="basic" realm="BasicRealm">
            <user name="employee0" password="emp0pwd" />
            <user name="employee1" password="emp1pwd" />
            <user name="manager0" password="mgr0pwd" />
            <group name="employeeGroup">
                <member name="employee0" />
                <member name="employee1" />
            </group>
        </basicRegistry>
  3. 通过指定 Web Service 端点来配置服务提供者。
    1. 创建 Web Service。
      @WebService(serviceName = "SayHelloPojoService",
                  portName = "SayHelloPojoPort")
      public class SayHelloPojoService implements SayHelloService {
      	...
      }
      
      @WebService(serviceName = "SayHelloStatelessService",
                  portName = "SayHelloStatelessPort",
                  endpointInterface = "com.ibm.ws.jaxws.transport.server.security.SayHelloService")
      @Stateless(name = "SayHelloSessionBean")
      public class SayHelloStatelessService implements SayHelloLocal {
      	...
      }
    2. 为服务提供者配置 ibm-ws-bnd.xml 文件。
      <?xml version="1.0" encoding="UTF-8"?>
      <webservices-bnd xmlns="http://websphere.ibm.com/xml/ns/javaee"
      				xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      				xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-ws-bnd_1_0.xsd"
      		version="1.0">
      		<http-publishing>
      		<webservice-security>    
      			<security-constraint>
      				<web-resource-collection>
      										<web-resource-name>Only Managers</web-resource-name>
      										<url-pattern>/manager/*</url-pattern>
      					<http-method>GET</http-method>
      					<http-method>POST</http-method>
      				</web-resource-collection>
      								<auth-constraint id="AuthConstraint_manager">
      					<role-name>Manager</role-name>
      				</auth-constraint>
      			</security-constraint>
      			<security-constraint>
      				<web-resource-collection>
      										<web-resource-name>Employees</web-resource-name>
      										<url-pattern>/employee/*</url-pattern>
      					<http-method>GET</http-method>
      					<http-method>POST</http-method>
      				</web-resource-collection>
      								<auth-constraint id="AuthConstraint_employee">
      					<role-name>Employee</role-name>
      				</auth-constraint>
      			</security-constraint>
      			<!-- SECURITY ROLES -->
      						<security-role id="Staff">
      				<role-name>Employee</role-name>
      				<role-name>Manager</role-name>
      			</security-role>
      			<!-- AUTHENTICATION METHOD: Basic authentication -->
      						<login-config id="LoginConfig">
      				<auth-method>BASIC</auth-method>
      								<realm-name>Authentication</realm-name>
      			</login-config> 		</webservice-security>
      	</http-publishing>
      </webservices-bnd>
      注:
      • ibm-ws-bnd.xml 文件必须位于 Web 应用程序的 /WEB-INF 目录中,或者位于基于 EJB 的 Web Service 应用程序(JAR 归档)的 /META-INF 目录中。
      • ibm-ws-bnd.xml 文件中的 login-config 元素仅在基于 EJB 的 Web Service 应用程序(JAR 归档)中生效。对于 Web 应用程序,将忽略 login-config 元素,将使用 web.xml 文件中的同一元素的值。
  4. 通过指定 Web Service 端点来配置服务客户机。例如,客户机应用程序是一个名为 TransportSecurityClient.war 的 Web 应用程序。
    1. server.xml 文件中配置客户机应用程序。
      <application id="TransportSecurityClient" name="TransportSecurityClient" 
      				location="TransportSecurityClient.war"
      				context="TransportSecurityClient" type="war" />
    2. 配置客户机应用程序的 ibm-ws-bnd.xml 文件。
      <?xml version="1.0" encoding="UTF-8"?>
      <webservices-bnd xmlns="http://websphere.ibm.com/xml/ns/javaee"
      				xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      				xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-ws-bnd_1_0.xsd"
      		version="1.0">
      		<!-- POJO service reference binding-->
      		<service-ref name="service/SayHelloPojoService">
      				<port name="SayHelloPojoPort" 
      								namespace="http://ibm.com/ws/jaxws/transport/security/"
      								username="employee1"
      								password="{xor}OjIvbi8oOw=="
      				/>
      	</service-ref>
      		<!-- Stateless service reference binding-->
      		<service-ref name="service/SayHelloStatelessService">
      				<port name="SayHelloStatelessPort" 
      								namespace="http://ibm.com/ws/jaxws/transport/security/"
      								username="employee1"
      								password="{xor}OjIvbi8oOw=="
      				/>
      	</service-ref>
      </webservices-bnd>
      注:
      • ibm-ws-bnd.xml 文件必须位于客户机 Web 应用程序的 /WEB-INF 目录中。
      • usernamepassword 属性的值必须与 server.xml 文件中 basicRegistry 元素的用户名和密码相匹配。可以使用 securityUtility 命令对密码编码。
    3. 通过使用 WSDL 位置来生成客户机存根。
      @WebServiceClient(name = "SayHelloPojoService",
                        targetNamespace = "http://ibm.com/ws/jaxws/transport/security/",
                        wsdlLocation = "https://localhost:8020/TransportSecurityProvider/unauthorized/employPojoService?wsdl")
      public class SayHelloPojoService
                      extends Service
      {...}
      
      @WebServiceClient(name = "SayHelloStatelessService",
          targetNamespace = "http://ibm.com/ws/jaxws/transport/security/",
          wsdlLocation = "https://localhost:8020/TransportSecurityProvider/unauthorized/EmployStatelessService?wsdl")
      public class SayHelloStatelessService
                      extends Service
      {...}
    4. 使用 @WebServiceRef 注释将 Web Service 插入到 Servlet。例如,TestJaxWsTransportSecurityServlet
      @WebServiceRef(name = "service/SayHelloPojoService")
      SayHelloPojoService pojoService;
      
      @WebServiceRef(name = "service/SayHelloStatelessService")
      SayHelloStatelessService statelessService;

用于指示主题类型的图标 任务主题



时间戳记图标 最近一次更新时间: Tuesday, 6 December 2016
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twlp_sec_ws_basicauth
文件名:twlp_sec_ws_basicauth.html