WSS4J 密码验证错误处理捕获异常

0 0

WSS4J 密码验证错误处理捕获异常0

我使用用 CXF和WSS4J搭建的一个WebService框架，发布和应用都是正常的，但是在处理客户端床送的WSS4J错误密码时就抛异常，我是故意将客户端发送的密码写错，然后客户端验证密码错误，就抛一个异常，这个异常我都不知道应该在哪捕获和如何告知客户段密码验证错误。
代码片段如下

密码验证处理的类
public class ServerPasswordCallback implements CallbackHandler {

Logger logger = Logger.getLogger(ServerPasswordCallback.class);
@Override
public void handle(Callback[] callbacks){
try {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
// 标识符
String identifier = pc.getIdentifier();
if (identifier != null && identifier.equals("admin")) {
pc.setPassword("12345");//客户端传送的是123456789
} else {
logger.info("未授权的用户");
}
} catch (Exception e) {
System.out.println("服务端密码验证错误……");//这里捕获不到抛出来的异常
}
}
}

密码验证错误就抛异常：
org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
at org.apache.ws.security.validate.UsernameTokenValidator.verifyDigestPassword(UsernameTokenValidator.java:203)
at org.apache.ws.security.validate.UsernameTokenValidator.verifyPlaintextPassword(UsernameTokenValidator.java:142)
at org.apache.ws.security.validate.UsernameTokenValidator.validate(UsernameTokenValidator.java:100)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:67)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:279)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:95)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:203)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:159)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:722)
这个异常我也不知道怎么捕获，也不知道怎么通知客户端密码错误，

这里抛异常也就没有执行我的服务端方法
@Override
public String sayHello(String name) {
return "Hello " + name + " ^_^ !";
}