I have a Spring applicatio开发者_如何学编程n that uses JAX-WS to consume another web service. Everything works fine but now this web service has been switched to require digest passwords. How could I accomplish this with JAX-WS?
I see from Sprig documentation that this should be possible but I cannot find any code samples with JAX-WS: http://static.springsource.org/spring-ws/site/reference/html/security.html#d4e2684
Has anyone done this earlier? Any code samples would be much appreciated.
After digging around and reading documentation it seems that digest authentication is not possible currently with JAX-WS. The surprising part is that it shouldn't be too difficult to implement using existing tools. I didn't go this way but I'll write it down anyway in case if someone else would be interested to take the challange.
JAX-WS supports adding handlers that modify the message or its headers before it's sent over the wire. Obtaining nonce and calculating password digests could be done in that phase as well. There is a blog post that adds handlers to encrypt and decrypt the messages that could be used as a base for this.
Axis2 that has digest authentication support uses Apache WSS4J for security. So WSS4J project must have all the methods to calculate values, the only required part would be to call the right methods in the JAX-WS callback handler (and get the nonce).
精彩评论