我无法使用kerberos对SOAP服务器进行授权。这是我的配置代码
@Bean
def webServiceTemplate(): WebServiceTemplate = {
val webServiceTemplate = new WebServiceTemplate()
webServiceTemplate.setMarshaller(marshaller.marshaller)
webServiceTemplate.setUnmarshaller(marshaller.marshaller)
webServiceTemplate.setDefaultUri(Parameters.getDefaultURI)
webServiceTemplate.setMessageSender(httpComponentsMessageSender())
webServiceTemplate
}
@Bean
def httpComponentsMessageSender(): HttpComponentsMessageSender = {
val sender = new HttpComponentsMessageSender()
if(Parameters.isProduction){
sender.setHttpClient(getHttpClient())
} else sender.setCredentials(usernamePasswordCredentials())
sender
}
@Bean
def usernamePasswordCredentials(): NTCredentials = {
new NTCredentials(
"usr",
"pass",
"",
"MY_COMPANY"
)
}
@Bean
def getHttpClient() = {
val builder = HttpClientBuilder.create
val authSchemeRegistry = RegistryBuilder.create[AuthSchemeProvider]
.register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true)).build
builder.setDefaultAuthSchemeRegistry(authSchemeRegistry)
builder.setDefaultCredentialsProvider(getCredProvider())
builder.addInterceptorFirst(new RemoveSoapHeadersInterceptor())
builder.build
}
我的HttpClient可以向其他kerberized服务(如oozie(发出请求。然而,当使用SOAP服务器时,我会得到
Caused by: org.springframework.ws.client.WebServiceTransportException: Unauthorized [401]
at org.springframework.ws.client.core.WebServiceTemplate.handleError(WebServiceTemplate.java:699)
at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:609)
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:555)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:378)
我使用krb5模块,并提出如下请求
reply = Subject.doAs(subject, new PrivilegedExceptionAction[CreateReply]() {
@throws[Exception]
override def run: CreateReply = getWebServiceTemplate
.marshalSendAndReceive("http://my-soap-service", request)
.asInstanceOf[CreateReply]
如何授权SOAP服务?我做错了什么?
原来我使用了错误的路径(http://my-soap-service)。我换成了有效的,可以授权。
结论:HttpClient属性可以帮助为SAOP设置HttpComponentsMessageSender。