Axis1.4 在weblogic9.2中报 (401)Unauthorized 的处理

发布时间：2020-12-17 02:05:12 所属栏目：安全来源：网络整理

导读：WebService server 在tomcat上部署，client在Weblogic9.2中部署，在使用安全方式调用的时候，报错： (401)Unauthorized at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744) 如果server 和client 都在 tomcat，则不存在问题

WebService server 在tomcat上部署，client在Weblogic9.2中部署，在使用安全方式调用的时候，报错：
(401)Unauthorized at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)

如果server 和client 都在 tomcat，则不存在问题。

webService 的 client 代码是有 WDSL2JAVA 自动产生的代码。

经过多方跟踪，发现在client构造的java.net.URL 实例的 toString() 在tomcat下输出如下：
http://7564945504235898643:123@192.168.0.175:9080/tunnel-web/secure/axis/Plat_UserService

在weblogic下输出如下：
http://192.168.0.175:9080/tunnel-web/secure/axis/Plat_UserService

多方查找，也找不到原因。后来通过手工创建call，可以调用，代码如下：

String wsdlUrl = " http://192.168.0.175:9080/tunnel-web/secure/axis/BkPlat_UserService?wsdl " ; String nameSpaceUri = " urn:http.service.system.platform.xx.com " ; try { Service service = new Service(); Call call = null ; call = (Call) service.createCall(); call.setUsername( " 7564945504235898643 " ); call.setPassword( " 123 " ); org.apache.axis.description.OperationDesc oper; org.apache.axis.description.ParameterDesc param; oper = new org.apache.axis.description.OperationDesc(); oper.setName( " getUserById " ); param = new org.apache.axis.description.ParameterDesc( new javax.xml.namespace.QName( ""," userId " ),org.apache.axis.description.ParameterDesc.IN,new javax.xml.namespace.QName( " http://www.w3.org/2001/XMLSchema "," long " ),long . class,false,false ); oper.addParameter(param); oper.setReturnType( new javax.xml.namespace.QName( " http://model.system.platform.xxx.com "," UserSoap " )); oper.setReturnClass(com.xxx.platform.client.system.model.UserSoap. class ); oper.setReturnQName( new javax.xml.namespace.QName( ""," getUserByIdReturn " )); oper.setStyle(org.apache.axis.constants.Style.RPC); oper.setUse(org.apache.axis.constants.Use.ENCODED); call.setOperation(oper); call.setOperationName( new QName(nameSpaceUri," getUserById " )); call.setTargetEndpointAddress( new java.net.URL(wsdlUrl)); try { java.lang.Object _resp = call.invoke( new java.lang.Object[] {Long.valueOf( " 7564945504235898643 " )}); if (_resp instanceof java.rmi.RemoteException) { throw (java.rmi.RemoteException)_resp; } else { try { Object user = (com.xxx.platform.client.system.model.UserSoap) _resp; } catch (java.lang.Exception _exception) { Object user = (com.xxx.platform.client.system.model.UserSoap) org.apache.axis.utils.JavaUtils.convert(_resp,com.xxx.platform.client.system.model.UserSoap. class ); } } } catch (org.apache.axis.AxisFault axisFaultException) { throw axisFaultException; } } catch (Exception e){ log.warn( " test error: ",e); }?

然后下载axis1.4的源代码，对源代码做中org.apache.axis.wsdl.toJava.JavaStubWriter 类的产生createCall的代码做如下修正：

pw.println( "     // add by winderain " );
        pw.println( "     protected org.apache.axis.client.Call setUserInfo(org.apache.axis.client.Call call) throws java.rmi.RemoteException { " );
        pw.println( "         if(super.cachedUsername == null){ " );
        pw.println( "             if(super.cachedEndpoint != null){ " );
        pw.println( "                 String userInfo = super.cachedEndpoint.getUserInfo(); " );
        pw.println( "                 if(userInfo == null) return call; " );
        pw.println( "                 String[] str = userInfo.split(/ " :/ " ); " );
        pw.println( "                 if(str != null && str.length == 2){ " );
        pw.println( "                     String userName = str[0]; " );
        pw.println( "                     String password = str[1]; " );
        pw.println( "                     call.setUsername(userName); " );
        pw.println( "                     call.setPassword(password); " );
        pw.println( "                 } " );
        pw.println( "             } " );
        pw.println( "         }else{ " );
        pw.println( "             call.setUsername(super.cachedUsername); " );
        pw.println( "             if (super.cachedPassword != null) { " );
        pw.println( "                 call.setPassword(super.cachedPassword); " );
        pw.println( "             } " );
        pw.println( "         } " );
        pw.println( "         return call; " );
        pw.println( "     } " );
        pw.println( "     // end by winderain " );
        pw.println( "" );
        
        pw.println(
                 "     protected org.apache.axis.client.Call createCall() throws java.rmi.RemoteException { " );
        pw.println( "         try { " );
        pw.println( "             org.apache.axis.client.Call _call = super._createCall(); " );
        pw.println( "             if (super.maintainSessionSet) { " );
        pw.println(
                 "                 _call.setMaintainSession(super.maintainSession); " );
        pw.println( "             } " );
        pw.println( "             /*if (super.cachedUsername != null) { " );
        pw.println( "                 _call.setUsername(super.cachedUsername); " );
        pw.println( "             } " );
        pw.println( "             if (super.cachedPassword != null) { " );
        pw.println( "                 _call.setPassword(super.cachedPassword); " );
        pw.println( "             } " );
        pw.println( "             */ " );
        pw.println( "             _call = setUserInfo(_call); " );
        pw.println( "             if (super.cachedEndpoint != null) { " );
        pw.println(
                 "                 _call.setTargetEndpointAddress(super.cachedEndpoint); " );
        pw.println( "             } " );
        pw.println( "             if (super.cachedTimeout != null) { " );
        pw.println( "                 _call.setTimeout(super.cachedTimeout); " );
        pw.println( "             } " );
        pw.println( "             if (super.cachedPortName != null) { " );
        pw.println( "                 _call.setPortName(super.cachedPortName); " );
        pw.println( "             } " );
        pw.println(
                 "             java.util.Enumeration keys = super.cachedProperties.keys(); " );
        pw.println( "             while (keys.hasMoreElements()) { " );
        pw.println(
                 "                 java.lang.String key = (java.lang.String) keys.nextElement(); " );
        pw.println(
                 "                 _call.setProperty(key,super.cachedProperties.get(key)); " );
        pw.println( "             } " );

使得在url中找不到用户信息的时候，通过userInfo中获取用户信息。

修改后产生的Stub代码如下：

// add by gongjan protected org.apache.axis.client.Call setUserInfo(org.apache.axis.client.Call call) throws java.rmi.RemoteException { if(super.cachedUsername == null){ if(super.cachedEndpoint != null){ String userInfo = super.cachedEndpoint.getUserInfo(); if(userInfo == null) return call; String[] str = userInfo.split(":"); if(str != null && str.length == 2){ String userName = str[0]; String password = str[1]; call.setUsername(userName); call.setPassword(password); } } }else{ call.setUsername(super.cachedUsername); if (super.cachedPassword != null) { call.setPassword(super.cachedPassword); } } return call; } // end by wiwinderai

JavaStubWriter.java

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!