Web Service Security - Application Authentication

Web Service Security --- Application Authentication

Container-Managed Security for Web Service

public class Test {

????? public static final String END_POINT = "https://localhost:8443/WebServiceExample/tc?wsdl";

????? /**

????? ?* @param args

????? ?*/

????? public static void main(String[]args) {

??????????? TempConvertImplServiceport = new TempConvertImplService();

??????????? TempConvertservice = port.getTempConvertImplPort();

???????????

??????????? //

??????????? Map<String,Object> req_ctx = ((BindingProvider)service).getRequestContext();

???????????

??????????? req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, END_POINT);

???????????

??????????? //place usernameand password into header which a non-java client could do as well.

??????????? Map<String,List<String>> hdr = new HashMap<String,List<String>>();

??????????? hdr.put("Username", Collections.singletonList("localhost"));

??????????? hdr.put("Password", Collections.singletonList("123456tt"));

??????????? req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, hdr);

???????????

??????????? System.out.println(service.c2F(12.f));

??????????? System.out.println(service.f2C(-40.1f));

????? }

?

@WebService(endpointInterface="com.csc.ws.temp.TempConvert")

public class TempConvertImplimplements TempConvert {

????? @Resource

????? WebServiceContextws_ctx;

?????

????? @Override

????? public float c2f(float c) {

??????????? if(authenticated()) {

????????????????? return32.0f + (c * 9.0f/5.0f);

??????????? }else {

????????????????? System.err.println("Authenticationfailure with exception ");

????????????????? throw new HTTPException(401);

??????????? }

???????????

???????????

????? }

?

????? @Override

????? public float f2c(float c) {

??????????? if(authenticated()) {

????????????????? return(5.0f/9.0f)*(c-32.0f);

??????????? }else {

????????????????? System.err.println("Authenticationfailure with exception ");

????????????????? throw newHTTPException(401);

??????????? }

???????????

????? }

?????

????? private booleanauthenticated(){

??????????? MessageContextmctx = ws_ctx.getMessageContext();

??????????? Maphttp_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);

???????????

??????????? ListuList = (List) http_headers.get("Username");

??????????? Listplist = (List) http_headers.get("Password");

???????????

??????????? if(uList.contains("localhost") && plist.contains("123456")) return true;

??????????? else return false;

????? }

?

}