使用gSOAP开发实例(8) 自定义header实现用户名令牌认证(Usernametoken Authentication)

上一节介绍了怎样实现基本认证(Basic Authentication，以下简称basic方式)，望文生义，也就是最简单的用户验证方式，本节稍微深入一些，介绍用户名令牌认证(Usernametoken Authentication，以下简称usernametoken方式)。

 

Usernametoken方式与basic方式不同的地方，在于后者会把用户名和密码以摘要(digest)的形式，置于HTTP信息头，而前者则把用户名以明文的形式、密码以明文或者摘要的形式，嵌入到一段XML文本中，再置于SOAP消息头当中。

 

如果使用soapUI调试客户端程序的话，会发现以下是basic方式发出的完整的SOAP消息：

POST https://test2.r-secure.com/Services/ECHO HTTP/0.9

Content-Type: text/xml;charset=UTF-8

SOAPAction: ""

User-Agent: Jakarta Commons-HttpClient/3.1

Content-Length: 292

Authorization: Basic VkYtSEstbVNNST0OdlR42EMZaD1BMyE=

Host: test2.r-secure.com

Cookie: $Version=0; MSP2LB=test2.test2f02; $Path=/

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.rsecure.com/ECHO">

   <soapenv:Header/>

   <soapenv:Body>

      <echo:echo>

         <echo:EchoMessage>hello</echo:EchoMessage>

      </echo:echo>

   </soapenv:Body>

</soapenv:Envelope>

 

以下是usernametoken方式发出的完整的SOAP消息：

POST https://test.r-secure.com/4.0/services/SecureEcho HTTP/1.1

Content-Type: text/xml;charset=UTF-8

SOAPAction: ""

User-Agent: Jakarta Commons-HttpClient/3.1

Host: test.r-secure.com

Content-Length: xxx

 

<soapenv:Envelope xmlns:echo="http://echo.ws.rsecure.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

   <soapenv:Header>

      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

         <wsse:UsernameToken wsu:Id="UsernameToken-32870670" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

            <wsse:Username>roy</wsse:Username>

            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">liang</wsse:Password>

            <wsse:Nonce>LX4gh+njbEtCNAtkWkXDYA==</wsse:Nonce>

            <wsu:Created>2010-08-11T06:02:25.874Z</wsu:Created>

         </wsse:UsernameToken>

      </wsse:Security>

      <echo:customerId>G06164</echo:customerId>

   </soapenv:Header>

   <soapenv:Body>

      <echo:sendEcho>

         <echo:message>hello</echo:message>

      </echo:sendEcho>

   </soapenv:Body>

</soapenv:Envelope>

 

其中，加粗部分表示两者的主要区别，红字部分表示各自必不可少的元素。

 

由此可以看出，usernametoken方式的特点，是在SOAP的header中加入一个Security标签，把usernametoken信息放在这个Security标签里。至于header里的另外一个customerId标签，是该应用自身的额外要求。

 

gSOAP实现basic方式相对简单，不过实现usernametoken就比较复杂。gSOAP的用户指南推荐使用其自带的插件，在samples/wsse目录下的官方实例也是使用这个插件。但是，我个人认为这种方法比较累赘，自动生成的代码太多，不易看懂，而且似乎非常依赖于wsdl本身的写法。比如，samples/wsse目录下的官方实例含有下列表示SOAP header的结构体，但是，在我实际开发的应用并没有自动产生，即使强行加上去，编译执行通过，运行的时候也出现了相当多的错误。

struct  SOAP_ENV__Header
{
        struct _wsse__Security *wsse__Security
} ;

 

 

而且，从理论上讲，gSOAP不过是一个框架，定义了从SOAP对象到SOAP消息，以及从SOAP消息到SOAP对象的序列化过程，并且提供了一套与之相适应的API，使用gSOAP开发不过是在其框架范围内调用其API编程。框架的弊端，可想而知，限制了灵活，也限制了方便，更限制了创新。所以，我们可以使用gSOAP编程，但是也许没有必要全部照搬，至少在这个案例中，就没有必要照搬。

 

我们应有的思路是，既然customerId可以直接写到SOAP header中，那么与之并列的、含有usernametoken的Security也可以直接写到SOAP header中，完全不需要依赖于gSOAP的wsse插件。

 

与上节一样，基于保密原则，本节案例采用的wsdl同样是经过裁剪和替换的，内容如下：

<? xml version="1.0" encoding="UTF-8" ?>
< wsdl:definitions  targetNamespace ="http://echo.ws.rsecure.com"  xmlns:soapenc12 ="http://www.w3.org/2003/05/soap-encoding"  xmlns:tns ="http://echo.ws.rsecure.com"  xmlns:wsdl ="http://schemas.xmlsoap.org/wsdl/"  xmlns:xsd ="http://www.w3.org/2001/XMLSchema"  xmlns:soap11 ="http://schemas.xmlsoap.org/soap/envelope/"  xmlns:wsdlsoap ="http://schemas.xmlsoap.org/wsdl/soap/"  xmlns:soapenc11 ="http://schemas.xmlsoap.org/soap/encoding/"  xmlns:soap12 ="http://www.w3.org/2003/05/soap-envelope" >
  < wsdl:types >
< xsd:schema  xmlns:xsd ="http://www.w3.org/2001/XMLSchema"  attributeFormDefault ="qualified"  elementFormDefault ="qualified"  targetNamespace ="http://echo.ws.rsecure.com" >
< xsd:element  name ="sendEcho" >
< xsd:complexType >
< xsd:sequence >
< xsd:element  maxOccurs ="1"  minOccurs ="1"  name ="message"  type ="xsd:string" />
</ xsd:sequence >
</ xsd:complexType >
</ xsd:element >
< xsd:element  name ="sendEchoResponse" >
< xsd:complexType >
< xsd:sequence >
< xsd:element  maxOccurs ="1"  minOccurs ="1"  name ="out"  type ="xsd:string" />
</ xsd:sequence >
</ xsd:complexType >
</ xsd:element >
< xsd:element  name ="showVersionInformation" >
< xsd:complexType />
</ xsd:element >
< xsd:element  name ="showVersionInformationResponse" >
< xsd:complexType >
< xsd:sequence >
< xsd:element  maxOccurs ="1"  minOccurs ="1"  name ="out"  type ="xsd:string" />
</ xsd:sequence >
</ xsd:complexType >
</ xsd:element >
< xsd:element  name ="customerId"  type ="xsd:string" />
</ xsd:schema >
  </ wsdl:types >
  < wsdl:message  name ="sendEchoRequestHeaders" >
     < wsdl:part  name ="customerId"  element ="tns:customerId" >
     </ wsdl:part >
  </ wsdl:message >
  < wsdl:message  name ="showVersionInformationRequestHeaders" >
     < wsdl:part  name ="customerId"  element ="tns:customerId" >
     </ wsdl:part >
  </ wsdl:message >
  < wsdl:message  name ="sendEchoResponse" >
     < wsdl:part  name ="parameters"  element ="tns:sendEchoResponse" >
     </ wsdl:part >
  </ wsdl:message >
  < wsdl:message  name ="showVersionInformationRequest" >
     < wsdl:part  name ="parameters"  element ="tns:showVersionInformation" >
     </ wsdl:part >
  </ wsdl:message >
  < wsdl:message  name ="sendEchoRequest" >
     < wsdl:part  name ="parameters"  element ="tns:sendEcho" >
     </ wsdl:part >
  </ wsdl:message >
  < wsdl:message  name ="showVersionInformationResponse" >
     < wsdl:part  name ="parameters"  element ="tns:showVersionInformationResponse" >
     </ wsdl:part >
  </ wsdl:message >
  < wsdl:portType  name ="SecureEcho" >
     < wsdl:operation  name ="sendEcho" >
       < wsdl:input  name ="sendEchoRequest"  message ="tns:sendEchoRequest" >
     </ wsdl:input >
       < wsdl:output  name ="sendEchoResponse"  message ="tns:sendEchoResponse" >
     </ wsdl:output >
     </ wsdl:operation >
     < wsdl:operation  name ="showVersionInformation" >
       < wsdl:input  name ="showVersionInformationRequest"  message ="tns:showVersionInformationRequest" >
     </ wsdl:input >
       < wsdl:output  name ="showVersionInformationResponse"  message ="tns:showVersionInformationResponse" >
     </ wsdl:output >
     </ wsdl:operation >
  </ wsdl:portType >
  < wsdl:binding  name ="SecureEchoHttpBinding"  type ="tns:SecureEcho" >
     < wsdlsoap:binding  style ="document"  transport ="http://schemas.xmlsoap.org/soap/http" />
     < wsdl:operation  name ="sendEcho" >
       < wsdlsoap:operation  soapAction ="" />
       < wsdl:input  name ="sendEchoRequest" >
         < wsdlsoap:body  use ="literal" />
         < wsdlsoap:header  message ="tns:sendEchoRequestHeaders"  part ="customerId"  use ="literal" >
         </ wsdlsoap:header >
       </ wsdl:input >
       < wsdl:output  name ="sendEchoResponse" >
         < wsdlsoap:body  use ="literal" />
       </ wsdl:output >
     </ wsdl:operation >
     < wsdl:operation  name ="showVersionInformation" >
       < wsdlsoap:operation  soapAction ="" />
       < wsdl:input  name ="showVersionInformationRequest" >
         < wsdlsoap:body  use ="literal" />
         < wsdlsoap:header  message ="tns:showVersionInformationRequestHeaders"  part ="customerId"  use ="literal" >
         </ wsdlsoap:header >
       </ wsdl:input >
       < wsdl:output  name ="showVersionInformationResponse" >
         < wsdlsoap:body  use ="literal" />
       </ wsdl:output >
     </ wsdl:operation >
  </ wsdl:binding >
  < wsdl:service  name ="SecureEcho" >
     < wsdl:port  name ="SecureEchoHttpPort"  binding ="tns:SecureEchoHttpBinding" >
       < wsdlsoap:address  location ="https://localhost:6883" />
     </ wsdl:port >
  </ wsdl:service >
</ wsdl:definitions >

 

在gSOAP的wsdl目录，按以下步骤建立客户端存根程序：

-bash-3.2$ mkdir –p secure_echo

-bash-3.2$ cd secure_echo

-bash-3.2$ ../wsdl2h –c –o secure_echo.h secure_echo.wsdl

-bash-3.2$ ../../src/soapcpp2 –C –L –x secure_echo.h

 

重点来了，此时需要修改gSOAP为你自动生成的部分文件，加入usernametoken支持，以下是详细步骤，代码中加粗部分即修改的内容：

1.     soapStub.h，搜索SOAP_ENV__Header结构体，本案例中，gSOAP只为我们自动生成了对应customerId的指针，因为需要在SOAP header中增加用户名和密码，所以要在这里手动添加这些信息。这样，修改后的SOAP_ENV__Header变为：

struct SOAP_ENV__Header

{

        char *wsse__username;   /* mustUnderstand */

        char *wsse__password;   /* mustUnderstand */

        char *ns1__customerId; /* mustUnderstand */

};

2.     soapC.c，搜索soap_out_SOAP_ENV__Header函数，这是客户端把SOAP对象转化为SOAP消息相关的函数，由于gSOAP只是自动生成了customerId属性的转化，我们还需要加入Security属性，按照soapUI测试好的结果，Security含有一个UsernameToken，而UsernameToken又含有用户名和密码，因此soap_out函数应当这样写：

SOAP_FMAC3 int SOAP_FMAC4 soap_out_SOAP_ENV__Header(struct soap *soap, const char *tag, int id, const struct SOAP_ENV__Header *a, const char *type)

{

        if (soap_element_begin_out(soap, tag, soap_embedded_id(soap, id, a, SOAP_TYPE_SOAP_ENV__Header), type))

                return soap->error;

        if (soap_element_begin_out(soap, "wsse:Security", -1, "")

                || soap_element_begin_out(soap, "wsse:UsernameToken", -1, "")

                || soap_out_string(soap, "wsse:Username", -1, &a->wsse__username, "")

                || soap_out_string(soap, "wsse:Password", -1, &a->wsse__password, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText")

                || soap_element_end_out(soap, "wsse:UsernameToken")

                || soap_element_end_out(soap, "wsse:Security")

        )

                return soap->error;

        soap->mustUnderstand = 1;

        if (soap_out_string(soap, "ns1:customerId", -1, &a->ns1__customerId, ""))

                return soap->error;

        return soap_element_end_out(soap, tag);

}

3.     SecureEchoHttpBinding.nsmap，由于上一步用到了wsse这个namespace，而它又没有出现在nsmap文件中，因此我们需要增加该命名空间的信息，其URL同样可以从soapUI测试结果中取得：

SOAP_NMAC struct Namespace namespaces[] =

{

        {"SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/", "http://www.w3.org/*/soap-envelope", NULL},

        {"SOAP-ENC", "http://schemas.xmlsoap.org/soap/encoding/", "http://www.w3.org/*/soap-encoding", NULL},

        {"xsi", "http://www.w3.org/2001/XMLSchema-instance", "http://www.w3.org/*/XMLSchema-instance", NULL},

        {"xsd", "http://www.w3.org/2001/XMLSchema", "http://www.w3.org/*/XMLSchema", NULL},

        {"ns1", "http://echo.ws.rsecure.com", NULL, NULL},

        {"wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", NULL, NULL},

        {NULL, NULL, NULL, NULL}

};

 

存根程序修改完成，就可以开始编写客户端程序代码了。这个web service提供了两个接口，一个是secure_echo，也就是客户端送任意信息上来，服务端就返回相同的字符串，代码如下：

#include  " soapH.h "
#include  " SecureEchoHttpBinding.nsmap "
 
int  main( int  argc,  char   ** argv)  {
        if ( argc != 5 && argc != 6 ) {
                printf("Usage: %s username password customer_id message [end_point]\n", argv[0]);
                exit(-1);
        }
 
        struct soap soap;
        soap_init(&soap);
 
        struct _ns1__sendEcho request;
        struct _ns1__sendEchoResponse response;
 
        soap_ssl_init();
        if ( soap_ssl_client_context(&soap, SOAP_SSL_NO_AUTHENTICATION, NULL, NULL, NULL, NULL, NULL) ) {
                soap_print_fault(&soap, stderr);
                exit(-1);
        }
 
        struct SOAP_ENV__Header header;
        header.wsse__username = argv[1];
        header.wsse__password = argv[2];
        header.ns1__customerId = argv[3];
        soap.header = &header;
        //soap_write_SOAP_ENV__Header(&soap, &header);
 
        request.message = argv[4];
        char *endpoint = NULL;
        if ( argc == 6 )
                endpoint = argv[5];
 
        printf("username    : %s\n", header.wsse__username);
        printf("password    : %s\n", header.wsse__password);
        printf("customer id : %s\n", header.ns1__customerId);
        printf("message     : %s\n", request.message);
        if ( endpoint )
                printf("end point : %s\n", endpoint);
 
        if ( soap_call___ns1__sendEcho(&soap, endpoint, NULL, &request, &response) == SOAP_OK ) {
                printf("%s\n", response.out);
        }
        else {
                soap_print_fault(&soap, stderr);
        }
 
        soap_destroy(&soap);
        soap_end(&soap);
        soap_done(&soap);
        return 0;
}

 

另外一个是显示版本信息，代码如下：

#include  " soapH.h "
#include  " SecureEchoHttpBinding.nsmap "
 
int  main( int  argc,  char   ** argv)  {
        if ( argc != 4 && argc != 5 ) {
                printf("Usage: %s username password customer_id [end_point]\n", argv[0]);
                exit(-1);
        }
 
        struct soap soap;
        soap_init(&soap);
 
        struct _ns1__showVersionInformation request;
        struct _ns1__showVersionInformationResponse response;
 
        soap_ssl_init();
        if ( soap_ssl_client_context(&soap, SOAP_SSL_NO_AUTHENTICATION, NULL, NULL, NULL, NULL, NULL) ) {
                soap_print_fault(&soap, stderr);
                exit(-1);
        }
 
        struct SOAP_ENV__Header header;
        header.wsse__username = argv[1];
        header.wsse__password = argv[2];
        header.ns1__customerId = argv[3];
        soap.header = &header;
        //soap_write_SOAP_ENV__Header(&soap, &header);
 
        char *endpoint = NULL;
        if ( argc == 5 )
                endpoint = argv[4];
 
        printf("username    : %s\n", header.wsse__username);
        printf("password    : %s\n", header.wsse__password);
        printf("customer id : %s\n", header.ns1__customerId);
        if ( endpoint )
                printf("end point : %s\n", endpoint);
 
        if ( soap_call___ns1__showVersionInformation(&soap, endpoint, NULL, &request, &response) == SOAP_OK ) {
                printf("%s\n", response.out);
        }
        else {
                soap_print_fault(&soap, stderr);
        }
 
        soap_destroy(&soap);
        soap_end(&soap);
        soap_done(&soap);
        return 0;
}

 

两个客户端程序都是一样的结构，仅仅是调用的接口不一样。与上一节的basic方式的客户端相比，usernametoken方式的用户密码不是保存在soap结构体的userid变量和passwd变量中，而是保存在header指针指向的SOAP_ENV__Header结构体中，这就是刚才我们为什么要修改SOAP_ENV__Header结构体的原因。

 

两个客户端程序分别保存为secure_echo.c和show_version.c，编译命令分别是：

gcc -DWITH_OPENSSL -O2 -o secure_echo secure_echo.c soapC.c soapClient.c ../../stdsoap2.c -I../.. -L../.. -lgsoap -lssl

 

gcc -DWITH_OPENSSL -O2 -o show_version show_version.c soapC.c soapClient.c ../../stdsoap2.c -I../.. -L../.. -lgsoap –lssl

 

由此可见，编译的源代码和链接的库文件都与上一节的没什么区别，没有使用额外的插件。

 

客户端程序搞掂，然后就是服务端了。

 

回到gSOAP的wsdl目录，按以下步骤建立服务端存根程序：

-bash-3.2$ mkdir –p secure_echo_server

-bash-3.2$ cd secure_echo_server

-bash-3.2$ cp –p ../secure_echo/secure_echo.h .

-bash-3.2$ ../../src/soapcpp2 –S –L –x secure_echo.h

 

与客户端程序一样，服务端同样要进行一些修改，步骤如下：

1.     soapStub.h，与客户端的修改是一样的

2.     soapC.c，搜索soap_in_SOAP_ENV__Header函数，注意客户端修改的是soap_out函数，这里是soap_in函数，是服务端把SOAP消息转化为SOAP对象的函数。由于客户端送上来的SOAP header消息含有Security属性，我们需要把它转为username和password。修改后的代码如下，加粗部分是修改内容：

SOAP_FMAC3 struct SOAP_ENV__Header * SOAP_FMAC4 soap_in_SOAP_ENV__Header(struct soap *soap, const char *tag, struct SOAP_ENV__Header *a, const char *type)

{

        size_t soap_flag_wsse__security = 1;

        size_t soap_flag_ns1__customerId = 1;

        if (soap_element_begin_in(soap, tag, 0, type))

                return NULL;

        a = (struct SOAP_ENV__Header *)soap_id_enter(soap, soap->id, a, SOAP_TYPE_SOAP_ENV__Header, sizeof(struct SOAP_ENV__Header), 0, NULL, NULL, NULL);

        if (!a)

                return NULL;

        soap_default_SOAP_ENV__Header(soap, a);

        if (soap->body && !*soap->href)

        {

                for (;;)

                {

                        if ( soap_flag_wsse__security ) {

                                if ( soap_element_begin_in(soap, NULL, 0, NULL) )

                                        return NULL;

                                if ( soap_element_begin_in(soap, NULL, 0, NULL) )

                                        return NULL;

                                if ( soap_in_string(soap, "", &a->wsse__username, "")

                                       && soap_in_string(soap, "", &a->wsse__password, "") ) {

                                        soap_flag_wsse__security--;

                                        soap_element_end_in(soap, NULL);

                                        soap_element_end_in(soap, NULL);

                                }

                        }

                        soap->error = SOAP_TAG_MISMATCH;

                        if (soap_flag_ns1__customerId && (soap->error == SOAP_TAG_MISMATCH || soap->error == SOAP_NO_TAG))

                                if (soap_in_string(soap, "ns1:customerId", &a->ns1__customerId, "xsd:string"))

                                {       soap_flag_ns1__customerId--;

                                        continue;

                                }

                        if (soap->error == SOAP_TAG_MISMATCH)

                                soap->error = soap_ignore_element(soap);

                        if (soap->error == SOAP_NO_TAG)

                                break;

                        if (soap->error)

                                return NULL;

                }

                if (soap_element_end_in(soap, tag))

                        return NULL;

        }

        else

        {       a = (struct SOAP_ENV__Header *)soap_id_forward(soap, soap->href, (void*)a, 0, SOAP_TYPE_SOAP_ENV__Header, 0, sizeof(struct SOAP_ENV__Header), 0, NULL);

                if (soap->body && soap_element_end_in(soap, tag))

                        return NULL;

        }

        return a;

}

 

服务端程序如下，到这里就没什么难度了，基本上与上一节的服务端结构差不多，注意要把几个pem证书拷贝过来（因为usernametoken方式通常都是基于HTTPS的），echo接口和show_version接口都要编写：

#include  < pthread.h >
 
#include  " soapH.h "
#include  " SecureEchoHttpBinding.nsmap "
 
void   * process_request( void   * soap)  {
        pthread_detach(pthread_self());
        if ( soap_ssl_accept((struct soap *) soap) != SOAP_OK )
                soap_print_fault((struct soap *) soap, stderr);
        else
                soap_serve((struct soap *) soap);
        soap_end((struct soap *) soap);
        soap_free((struct soap *) soap);
        return NULL;
}
 
int  main( int  argc,  char   ** argv)  {
        if ( argc != 2 ) {
                printf("Usage: %s port\n", argv[0]);
                exit(-1);
        }
        int port = atol(argv[1]);
 
        pthread_t tid;
        struct soap *tsoap;
        struct soap soap;
        soap_init(&soap);
 
        soap_ssl_init();
        if ( soap_ssl_server_context(&soap, SOAP_SSL_DEFAULT, "server.pem", "password", "cacert.pem", NULL, "dh512.pem", NULL, argv[0]) ) {
                soap_print_fault(&soap, stderr);
                exit(-1);
        }
 
        int m, s;
        if ( (m = soap_bind(&soap, NULL, port, 100)) < 0 ) {
                soap_print_fault(&soap, stderr);
        }
        else {
                printf("Socket connect successfully: master socket = %d\n", m);
                int i = 0;
                while ( 1 ) {
                        if ( (s = soap_accept(&soap)) < 0 ) {
                                soap_print_fault(&soap, stderr);
                                break;
                        }
                        printf("Connection %d accepted from IP = %d.%d.%d.%d, slave socket = %d\n", ++i, (soap.ip >> 24) & 0xff, (soap.ip >> 16) & 0xff, (soap.ip >> 8) & 0xff, soap.ip & 0xff, s);
                        tsoap = soap_copy(&soap);
                        if ( !tsoap ) {
                                soap_closesock(&soap);
                                continue;
                        }
                        pthread_create(&tid, NULL, &process_request, (void *) tsoap);
                }
        }
        soap_done(&soap);
        return 0;
}
 
int  __ns1__sendEcho(
         struct  soap  * soap,
         struct  _ns1__sendEcho  * request,
         struct  _ns1__sendEchoResponse  * response)  {
        if ( !soap->header || !soap->header->wsse__username || !soap->header->wsse__password || !soap->header->ns1__customerId
                || strcmp(soap->header->wsse__username, "roy") || strcmp(soap->header->wsse__password, "liang")
                || strcmp(soap->header->ns1__customerId, "G06164"))
                return 401;
        int len = strlen(request->message);
        response->out = (char *) malloc(sizeof(char) * (len + 1));
        strcpy(response->out, request->message);
        return SOAP_OK;
}
 
int  __ns1__showVersionInformation(
         struct  soap  * soap,
         struct  _ns1__showVersionInformation  * request,
         struct  _ns1__showVersionInformationResponse  * response)  {
        if ( !soap->header || !soap->header->wsse__username || !soap->header->wsse__password || !soap->header->ns1__customerId
                || strcmp(soap->header->wsse__username, "roy") || strcmp(soap->header->wsse__password, "liang")
                || strcmp(soap->header->ns1__customerId, "G06164"))
                return 401;
        response->out = (char *) malloc(sizeof(char) * 100);
        strcpy(response->out, "Username token (text) test server version 1.0");
        return SOAP_OK;
}

 

服务端程序保存为secure_echo_server.c，编译命令是

gcc -DWITH_OPENSSL -O2 -o secure_echo_server secure_echo_server.c soapC.c soapServer.c ../../stdsoap2.c -I../.. -L../.. -lgsoap -lssl –lcrypto

 

运行测试，在6883端口启动服务端，然后执行客户端

-bash-3.2$ ./show_version roy liang G06164

username    : roy

password    : liang

customer id : G06164

Username token (text) test server version 1.0

 

-bash-3.2$ ./secure_echo roy liang G06164 hello

username    : roy

password    : liang

customer id : G06164

message     : hello

hello

 

以上就是gSOAP实现Usernametoken认证的方法，而且是通过自定义SOAP header实现的。个人认为，与使用wsse插件相比，这种方法更为简单直接。

 

另外，本案例的方法适用于以明文传送密码的情况，如果需要以摘要(digest)形式传送密码，请参考plugin目录wsseapi.c里面的soap_wsse_add_UsernameTokenDigest函数。

 

最后，感谢Codejie's C++ Space为本节的编写提供思路：

http://www.cppblog.com/codejie/archive/2010/04/07/89972.html

 

这是我在CSDN的本文链接

http://blog.csdn.net/yui/archive/2010/09/03/5862411.aspx