|
|
Posted on 2010-09-06 23:39 roy 閱讀(10912) 評論(0) 編輯 收藏 引用 所屬分類: C/C++
- 上一節(jié)介紹了怎樣實現(xiàn)基本認(rèn)證(Basic Authentication,以下簡稱basic方式),望文生義,也就是最簡單的用戶驗證方式,本節(jié)稍微深入一些,介紹用戶名令牌認(rèn)證(Usernametoken Authentication,以下簡稱usernametoken方式)。
-
- Usernametoken方式與basic方式不同的地方,在于后者會把用戶名和密碼以摘要(digest)的形式,置于HTTP信息頭,而前者則把用戶名以明文的形式、密碼以明文或者摘要的形式,嵌入到一段XML文本中,再置于SOAP消息頭當(dāng)中。
-
- 如果使用soapUI調(diào)試客戶端程序的話,會發(fā)現(xiàn)以下是basic方式發(fā)出的完整的SOAP消息:
- POST https://test2.r-secure.com/Services/ECHO HTTP/0.9
- Content-Type: text/xml;charset=UTF-8
- SOAPAction: ""
- User-Agent: Jakarta Commons-HttpClient/3.1
- Content-Length: 292
- Authorization: Basic VkYtSEstbVNNST0OdlR42EMZaD1BMyE=
- Host: test2.r-secure.com
- Cookie: $Version=0; MSP2LB=test2.test2f02; $Path=/
-
- <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.rsecure.com/ECHO">
- <soapenv:Header/>
- <soapenv:Body>
- <echo:echo>
- <echo:EchoMessage>hello</echo:EchoMessage>
- </echo:echo>
- </soapenv:Body>
- </soapenv:Envelope>
-
- 以下是usernametoken方式發(fā)出的完整的SOAP消息:
- POST https://test.r-secure.com/4.0/services/SecureEcho HTTP/1.1
- Content-Type: text/xml;charset=UTF-8
- SOAPAction: ""
- User-Agent: Jakarta Commons-HttpClient/3.1
- Host: test.r-secure.com
- Content-Length: xxx
-
- <soapenv:Envelope xmlns:echo="http://echo.ws.rsecure.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
- <soapenv:Header>
- <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
- <wsse:UsernameToken wsu:Id="UsernameToken-32870670" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
- <wsse:Username>roy</wsse:Username>
- <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">liang</wsse:Password>
- <wsse:Nonce>LX4gh+njbEtCNAtkWkXDYA==</wsse:Nonce>
- <wsu:Created>2010-08-11T06:02:25.874Z</wsu:Created>
- </wsse:UsernameToken>
- </wsse:Security>
- <echo:customerId>G06164</echo:customerId>
- </soapenv:Header>
- <soapenv:Body>
- <echo:sendEcho>
- <echo:message>hello</echo:message>
- </echo:sendEcho>
- </soapenv:Body>
- </soapenv:Envelope>
-
- 其中,加粗部分表示兩者的主要區(qū)別,紅字部分表示各自必不可少的元素。
-
- 由此可以看出,usernametoken方式的特點,是在SOAP的header中加入一個Security標(biāo)簽,把usernametoken信息放在這個Security標(biāo)簽里。至于header里的另外一個customerId標(biāo)簽,是該應(yīng)用自身的額外要求。
-
- gSOAP實現(xiàn)basic方式相對簡單,不過實現(xiàn)usernametoken就比較復(fù)雜。gSOAP的用戶指南推薦使用其自帶的插件,在samples/wsse目錄下的官方實例也是使用這個插件。但是,我個人認(rèn)為這種方法比較累贅,自動生成的代碼太多,不易看懂,而且似乎非常依賴于wsdl本身的寫法。比如,samples/wsse目錄下的官方實例含有下列表示SOAP header的結(jié)構(gòu)體,但是,在我實際開發(fā)的應(yīng)用并沒有自動產(chǎn)生,即使強行加上去,編譯執(zhí)行通過,運行的時候也出現(xiàn)了相當(dāng)多的錯誤。
 struct SOAP_ENV__Header
 {
 struct _wsse__Security *wsse__Security
 };
-
- 而且,從理論上講,gSOAP不過是一個框架,定義了從SOAP對象到SOAP消息,以及從SOAP消息到SOAP對象的序列化過程,并且提供了一套與之相適應(yīng)的API,使用gSOAP開發(fā)不過是在其框架范圍內(nèi)調(diào)用其API編程。框架的弊端,可想而知,限制了靈活,也限制了方便,更限制了創(chuàng)新。所以,我們可以使用gSOAP編程,但是也許沒有必要全部照搬,至少在這個案例中,就沒有必要照搬。
-
- 我們應(yīng)有的思路是,既然customerId可以直接寫到SOAP header中,那么與之并列的、含有usernametoken的Security也可以直接寫到SOAP header中,完全不需要依賴于gSOAP的wsse插件。
-
- 與上節(jié)一樣,基于保密原則,本節(jié)案例采用的wsdl同樣是經(jīng)過裁剪和替換的,內(nèi)容如下:
-
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions targetNamespace="http://echo.ws.rsecure.com" xmlns:soapenc12="http://www.w3.org/2003/05/soap-encoding" xmlns:tns="http://echo.ws.rsecure.com" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc11="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<wsdl:types>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" attributeFormDefault="qualified" elementFormDefault="qualified" targetNamespace="http://echo.ws.rsecure.com">
<xsd:element name="sendEcho">
<xsd:complexType>
<xsd:sequence>
<xsd:element maxOccurs="1" minOccurs="1" name="message" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="sendEchoResponse">
<xsd:complexType>
<xsd:sequence>
<xsd:element maxOccurs="1" minOccurs="1" name="out" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="showVersionInformation">
<xsd:complexType/>
</xsd:element>
<xsd:element name="showVersionInformationResponse">
<xsd:complexType>
<xsd:sequence>
<xsd:element maxOccurs="1" minOccurs="1" name="out" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="customerId" type="xsd:string"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="sendEchoRequestHeaders">
<wsdl:part name="customerId" element="tns:customerId">
</wsdl:part>
</wsdl:message>
<wsdl:message name="showVersionInformationRequestHeaders">
<wsdl:part name="customerId" element="tns:customerId">
</wsdl:part>
</wsdl:message>
<wsdl:message name="sendEchoResponse">
<wsdl:part name="parameters" element="tns:sendEchoResponse">
</wsdl:part>
</wsdl:message>
<wsdl:message name="showVersionInformationRequest">
<wsdl:part name="parameters" element="tns:showVersionInformation">
</wsdl:part>
</wsdl:message>
<wsdl:message name="sendEchoRequest">
<wsdl:part name="parameters" element="tns:sendEcho">
</wsdl:part>
</wsdl:message>
<wsdl:message name="showVersionInformationResponse">
<wsdl:part name="parameters" element="tns:showVersionInformationResponse">
</wsdl:part>
</wsdl:message>
<wsdl:portType name="SecureEcho">
<wsdl:operation name="sendEcho">
<wsdl:input name="sendEchoRequest" message="tns:sendEchoRequest">
</wsdl:input>
<wsdl:output name="sendEchoResponse" message="tns:sendEchoResponse">
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="showVersionInformation">
<wsdl:input name="showVersionInformationRequest" message="tns:showVersionInformationRequest">
</wsdl:input>
<wsdl:output name="showVersionInformationResponse" message="tns:showVersionInformationResponse">
</wsdl:output>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="SecureEchoHttpBinding" type="tns:SecureEcho">
<wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="sendEcho">
<wsdlsoap:operation soapAction=""/>
<wsdl:input name="sendEchoRequest">
<wsdlsoap:body use="literal"/>
<wsdlsoap:header message="tns:sendEchoRequestHeaders" part="customerId" use="literal">
</wsdlsoap:header>
</wsdl:input>
<wsdl:output name="sendEchoResponse">
<wsdlsoap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="showVersionInformation">
<wsdlsoap:operation soapAction=""/>
<wsdl:input name="showVersionInformationRequest">
<wsdlsoap:body use="literal"/>
<wsdlsoap:header message="tns:showVersionInformationRequestHeaders" part="customerId" use="literal">
</wsdlsoap:header>
</wsdl:input>
<wsdl:output name="showVersionInformationResponse">
<wsdlsoap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SecureEcho">
<wsdl:port name="SecureEchoHttpPort" binding="tns:SecureEchoHttpBinding">
<wsdlsoap:address location="https://localhost:6883"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
-
- 在gSOAP的wsdl目錄,按以下步驟建立客戶端存根程序:
- -bash-3.2$ mkdir –p secure_echo
- -bash-3.2$ cd secure_echo
- -bash-3.2$ ../wsdl2h –c –o secure_echo.h secure_echo.wsdl
- -bash-3.2$ ../../src/soapcpp2 –C –L –x secure_echo.h
-
- 重點來了,此時需要修改gSOAP為你自動生成的部分文件,加入usernametoken支持,以下是詳細(xì)步驟,代碼中加粗部分即修改的內(nèi)容:
- 1. soapStub.h,搜索SOAP_ENV__Header結(jié)構(gòu)體,本案例中,gSOAP只為我們自動生成了對應(yīng)customerId的指針,因為需要在SOAP header中增加用戶名和密碼,所以要在這里手動添加這些信息。這樣,修改后的SOAP_ENV__Header變?yōu)椋?/dt>
- struct SOAP_ENV__Header
- {
- char *wsse__username; /* mustUnderstand */
- char *wsse__password; /* mustUnderstand */
- char *ns1__customerId; /* mustUnderstand */
- };
- 2. soapC.c,搜索soap_out_SOAP_ENV__Header函數(shù),這是客戶端把SOAP對象轉(zhuǎn)化為SOAP消息相關(guān)的函數(shù),由于gSOAP只是自動生成了customerId屬性的轉(zhuǎn)化,我們還需要加入Security屬性,按照soapUI測試好的結(jié)果,Security含有一個UsernameToken,而UsernameToken又含有用戶名和密碼,因此soap_out函數(shù)應(yīng)當(dāng)這樣寫:
- SOAP_FMAC3 int SOAP_FMAC4 soap_out_SOAP_ENV__Header(struct soap *soap, const char *tag, int id, const struct SOAP_ENV__Header *a, const char *type)
- {
- if (soap_element_begin_out(soap, tag, soap_embedded_id(soap, id, a, SOAP_TYPE_SOAP_ENV__Header), type))
- return soap->error;
- if (soap_element_begin_out(soap, "wsse:Security", -1, "")
- || soap_element_begin_out(soap, "wsse:UsernameToken", -1, "")
- || soap_out_string(soap, "wsse:Username", -1, &a->wsse__username, "")
- || soap_out_string(soap, "wsse:Password", -1, &a->wsse__password, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText")
- || soap_element_end_out(soap, "wsse:UsernameToken")
- || soap_element_end_out(soap, "wsse:Security")
- )
- return soap->error;
- soap->mustUnderstand = 1;
- if (soap_out_string(soap, "ns1:customerId", -1, &a->ns1__customerId, ""))
- return soap->error;
- return soap_element_end_out(soap, tag);
- }
- 3. SecureEchoHttpBinding.nsmap,由于上一步用到了wsse這個namespace,而它又沒有出現(xiàn)在nsmap文件中,因此我們需要增加該命名空間的信息,其URL同樣可以從soapUI測試結(jié)果中取得:
- SOAP_NMAC struct Namespace namespaces[] =
- {
- {"SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/", "http://www.w3.org/*/soap-envelope", NULL},
- {"SOAP-ENC", "http://schemas.xmlsoap.org/soap/encoding/", "http://www.w3.org/*/soap-encoding", NULL},
- {"xsi", "http://www.w3.org/2001/XMLSchema-instance", "http://www.w3.org/*/XMLSchema-instance", NULL},
- {"xsd", "http://www.w3.org/2001/XMLSchema", "http://www.w3.org/*/XMLSchema", NULL},
- {"ns1", "http://echo.ws.rsecure.com", NULL, NULL},
- {"wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", NULL, NULL},
- {NULL, NULL, NULL, NULL}
- };
-
- 存根程序修改完成,就可以開始編寫客戶端程序代碼了。這個web service提供了兩個接口,一個是secure_echo,也就是客戶端送任意信息上來,服務(wù)端就返回相同的字符串,代碼如下:
-
#include "soapH.h"
#include "SecureEchoHttpBinding.nsmap"
int main(int argc, char **argv) {
 if ( argc != 5 && argc != 6 ) {
printf("Usage: %s username password customer_id message [end_point]\n", argv[0]);
exit(-1);
 }
struct soap soap;
soap_init(&soap);
struct _ns1__sendEcho request;
struct _ns1__sendEchoResponse response;
soap_ssl_init();
if ( soap_ssl_client_context(&soap, SOAP_SSL_NO_AUTHENTICATION, NULL, NULL, NULL, NULL, NULL) ) {
soap_print_fault(&soap, stderr);
exit(-1);
}
struct SOAP_ENV__Header header;
header.wsse__username = argv[1];
header.wsse__password = argv[2];
header.ns1__customerId = argv[3];
soap.header = &header;
//soap_write_SOAP_ENV__Header(&soap, &header);
request.message = argv[4];
char *endpoint = NULL;
if ( argc == 6 )
endpoint = argv[5];
printf("username : %s\n", header.wsse__username);
printf("password : %s\n", header.wsse__password);
printf("customer id : %s\n", header.ns1__customerId);
printf("message : %s\n", request.message);
if ( endpoint )
printf("end point : %s\n", endpoint);
if ( soap_call___ns1__sendEcho(&soap, endpoint, NULL, &request, &response) == SOAP_OK ) {
printf("%s\n", response.out);
}
else {
soap_print_fault(&soap, stderr);
}
soap_destroy(&soap);
soap_end(&soap);
soap_done(&soap);
return 0;
}
-
- 另外一個是顯示版本信息,代碼如下:
-
#include "soapH.h"
#include "SecureEchoHttpBinding.nsmap"
int main(int argc, char **argv) {
if ( argc != 4 && argc != 5 ) {
printf("Usage: %s username password customer_id [end_point]\n", argv[0]);
exit(-1);
}
struct soap soap;
soap_init(&soap);
struct _ns1__showVersionInformation request;
struct _ns1__showVersionInformationResponse response;
soap_ssl_init();
if ( soap_ssl_client_context(&soap, SOAP_SSL_NO_AUTHENTICATION, NULL, NULL, NULL, NULL, NULL) ) {
soap_print_fault(&soap, stderr);
exit(-1);
}
struct SOAP_ENV__Header header;
header.wsse__username = argv[1];
header.wsse__password = argv[2];
header.ns1__customerId = argv[3];
soap.header = &header;
//soap_write_SOAP_ENV__Header(&soap, &header);
char *endpoint = NULL;
if ( argc == 5 )
endpoint = argv[4];
printf("username : %s\n", header.wsse__username);
printf("password : %s\n", header.wsse__password);
printf("customer id : %s\n", header.ns1__customerId);
if ( endpoint )
printf("end point : %s\n", endpoint);
if ( soap_call___ns1__showVersionInformation(&soap, endpoint, NULL, &request, &response) == SOAP_OK ) {
printf("%s\n", response.out);
}
else {
soap_print_fault(&soap, stderr);
}
soap_destroy(&soap);
soap_end(&soap);
soap_done(&soap);
return 0;
}
-
- 兩個客戶端程序都是一樣的結(jié)構(gòu),僅僅是調(diào)用的接口不一樣。與上一節(jié)的basic方式的客戶端相比,usernametoken方式的用戶密碼不是保存在soap結(jié)構(gòu)體的userid變量和passwd變量中,而是保存在header指針指向的SOAP_ENV__Header結(jié)構(gòu)體中,這就是剛才我們?yōu)槭裁匆薷腟OAP_ENV__Header結(jié)構(gòu)體的原因。
-
- 兩個客戶端程序分別保存為secure_echo.c和show_version.c,編譯命令分別是:
- gcc -DWITH_OPENSSL -O2 -o secure_echo secure_echo.c soapC.c soapClient.c ../../stdsoap2.c -I../.. -L../.. -lgsoap -lssl
-
- gcc -DWITH_OPENSSL -O2 -o show_version show_version.c soapC.c soapClient.c ../../stdsoap2.c -I../.. -L../.. -lgsoap –lssl
-
- 由此可見,編譯的源代碼和鏈接的庫文件都與上一節(jié)的沒什么區(qū)別,沒有使用額外的插件。
-
- 客戶端程序搞掂,然后就是服務(wù)端了。
-
- 回到gSOAP的wsdl目錄,按以下步驟建立服務(wù)端存根程序:
- -bash-3.2$ mkdir –p secure_echo_server
- -bash-3.2$ cd secure_echo_server
- -bash-3.2$ cp –p ../secure_echo/secure_echo.h .
- -bash-3.2$ ../../src/soapcpp2 –S –L –x secure_echo.h
-
- 與客戶端程序一樣,服務(wù)端同樣要進行一些修改,步驟如下:
- 1. soapStub.h,與客戶端的修改是一樣的
- 2. soapC.c,搜索soap_in_SOAP_ENV__Header函數(shù),注意客戶端修改的是soap_out函數(shù),這里是soap_in函數(shù),是服務(wù)端把SOAP消息轉(zhuǎn)化為SOAP對象的函數(shù)。由于客戶端送上來的SOAP header消息含有Security屬性,我們需要把它轉(zhuǎn)為username和password。修改后的代碼如下,加粗部分是修改內(nèi)容:
- SOAP_FMAC3 struct SOAP_ENV__Header * SOAP_FMAC4 soap_in_SOAP_ENV__Header(struct soap *soap, const char *tag, struct SOAP_ENV__Header *a, const char *type)
- {
- size_t soap_flag_wsse__security = 1;
- size_t soap_flag_ns1__customerId = 1;
- if (soap_element_begin_in(soap, tag, 0, type))
- return NULL;
- a = (struct SOAP_ENV__Header *)soap_id_enter(soap, soap->id, a, SOAP_TYPE_SOAP_ENV__Header, sizeof(struct SOAP_ENV__Header), 0, NULL, NULL, NULL);
- if (!a)
- return NULL;
- soap_default_SOAP_ENV__Header(soap, a);
- if (soap->body && !*soap->href)
- {
- for (;;)
- {
- if ( soap_flag_wsse__security ) {
- if ( soap_element_begin_in(soap, NULL, 0, NULL) )
- return NULL;
- if ( soap_element_begin_in(soap, NULL, 0, NULL) )
- return NULL;
- if ( soap_in_string(soap, "", &a->wsse__username, "")
- && soap_in_string(soap, "", &a->wsse__password, "") ) {
- soap_flag_wsse__security--;
- soap_element_end_in(soap, NULL);
- soap_element_end_in(soap, NULL);
- }
- }
- soap->error = SOAP_TAG_MISMATCH;
- if (soap_flag_ns1__customerId && (soap->error == SOAP_TAG_MISMATCH || soap->error == SOAP_NO_TAG))
- if (soap_in_string(soap, "ns1:customerId", &a->ns1__customerId, "xsd:string"))
- { soap_flag_ns1__customerId--;
- continue;
- }
- if (soap->error == SOAP_TAG_MISMATCH)
- soap->error = soap_ignore_element(soap);
- if (soap->error == SOAP_NO_TAG)
- break;
- if (soap->error)
- return NULL;
- }
- if (soap_element_end_in(soap, tag))
- return NULL;
- }
- else
- { a = (struct SOAP_ENV__Header *)soap_id_forward(soap, soap->href, (void*)a, 0, SOAP_TYPE_SOAP_ENV__Header, 0, sizeof(struct SOAP_ENV__Header), 0, NULL);
- if (soap->body && soap_element_end_in(soap, tag))
- return NULL;
- }
- return a;
- }
-
- 服務(wù)端程序如下,到這里就沒什么難度了,基本上與上一節(jié)的服務(wù)端結(jié)構(gòu)差不多,注意要把幾個pem證書拷貝過來(因為usernametoken方式通常都是基于HTTPS的),echo接口和show_version接口都要編寫:
-
#include <pthread.h>
#include "soapH.h"
#include "SecureEchoHttpBinding.nsmap"
void *process_request(void *soap) {
pthread_detach(pthread_self());
if ( soap_ssl_accept((struct soap *) soap) != SOAP_OK )
soap_print_fault((struct soap *) soap, stderr);
else
soap_serve((struct soap *) soap);
soap_end((struct soap *) soap);
soap_free((struct soap *) soap);
return NULL;
}
int main(int argc, char **argv) {
if ( argc != 2 ) {
printf("Usage: %s port\n", argv[0]);
exit(-1);
}
int port = atol(argv[1]);
pthread_t tid;
struct soap *tsoap;
struct soap soap;
soap_init(&soap);
soap_ssl_init();
if ( soap_ssl_server_context(&soap, SOAP_SSL_DEFAULT, "server.pem", "password", "cacert.pem", NULL, "dh512.pem", NULL, argv[0]) ) {
soap_print_fault(&soap, stderr);
exit(-1);
}
int m, s;
if ( (m = soap_bind(&soap, NULL, port, 100)) < 0 ) {
soap_print_fault(&soap, stderr);
}
else {
printf("Socket connect successfully: master socket = %d\n", m);
int i = 0;
while ( 1 ) {
if ( (s = soap_accept(&soap)) < 0 ) {
soap_print_fault(&soap, stderr);
break;
}
printf("Connection %d accepted from IP = %d.%d.%d.%d, slave socket = %d\n", ++i, (soap.ip >> 24) & 0xff, (soap.ip >> 16) & 0xff, (soap.ip >> 8) & 0xff, soap.ip & 0xff, s);
tsoap = soap_copy(&soap);
if ( !tsoap ) {
soap_closesock(&soap);
continue;
}
pthread_create(&tid, NULL, &process_request, (void *) tsoap);
}
}
soap_done(&soap);
return 0;
}
int __ns1__sendEcho(
struct soap *soap,
struct _ns1__sendEcho *request,
struct _ns1__sendEchoResponse *response) {
if ( !soap->header || !soap->header->wsse__username || !soap->header->wsse__password || !soap->header->ns1__customerId
|| strcmp(soap->header->wsse__username, "roy") || strcmp(soap->header->wsse__password, "liang")
|| strcmp(soap->header->ns1__customerId, "G06164"))
return 401;
int len = strlen(request->message);
response->out = (char *) malloc(sizeof(char) * (len + 1));
strcpy(response->out, request->message);
return SOAP_OK;
}
int __ns1__showVersionInformation(
struct soap *soap,
struct _ns1__showVersionInformation *request,
struct _ns1__showVersionInformationResponse *response) {
if ( !soap->header || !soap->header->wsse__username || !soap->header->wsse__password || !soap->header->ns1__customerId
|| strcmp(soap->header->wsse__username, "roy") || strcmp(soap->header->wsse__password, "liang")
|| strcmp(soap->header->ns1__customerId, "G06164"))
return 401;
response->out = (char *) malloc(sizeof(char) * 100);
strcpy(response->out, "Username token (text) test server version 1.0");
return SOAP_OK;
}
-
- 服務(wù)端程序保存為secure_echo_server.c,編譯命令是
- gcc -DWITH_OPENSSL -O2 -o secure_echo_server secure_echo_server.c soapC.c soapServer.c ../../stdsoap2.c -I../.. -L../.. -lgsoap -lssl –lcrypto
-
- 運行測試,在6883端口啟動服務(wù)端,然后執(zhí)行客戶端
- -bash-3.2$ ./show_version roy liang G06164
- username : roy
- password : liang
- customer id : G06164
- Username token (text) test server version 1.0
-
- -bash-3.2$ ./secure_echo roy liang G06164 hello
- username : roy
- password : liang
- customer id : G06164
- message : hello
- hello
-
- 以上就是gSOAP實現(xiàn)Usernametoken認(rèn)證的方法,而且是通過自定義SOAP header實現(xiàn)的。個人認(rèn)為,與使用wsse插件相比,這種方法更為簡單直接。
-
- 另外,本案例的方法適用于以明文傳送密碼的情況,如果需要以摘要(digest)形式傳送密碼,請參考plugin目錄wsseapi.c里面的soap_wsse_add_UsernameTokenDigest函數(shù)。
-
- 最后,感謝Codejie's C++ Space為本節(jié)的編寫提供思路:
- http://www.shnenglu.com/codejie/archive/2010/04/07/89972.html
-
- 這是我在CSDN的本文鏈接
- http://blog.csdn.net/yui/archive/2010/09/03/5862411.aspx
-
|