AXIS2訪問權限控制利用TOMCAT用戶

1.找到TOMCAT安裝目錄，找到CONFIG文件夾，查找到Tomcat_Home\conf\tomcat-users.xml文件，添加角色

 

<?xml version='1.0' encoding='utf-8'?>

<tomcat-users>… <role rolename="department-manager"/>

<user username="test" password="test" roles="department-manager"/>

…

</tomcat-users>

上面配置代碼在tomcat配置文件中添加了一個department-manager角色，並且在此角色中添加了一個名爲hellking的用戶。要使tomcat-users.xml中配置的角色和用戶生效，需要配置tomcat使用UserDatabaseRealm。打開Tomcat_Home\conf\server.xml配置文件，在GlobalNamingResources中添加以下描述：

 

2.在tomcat中添加UserDatabaseRealm

<GlobalNamingResources>... 

<Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database 

that can be updated and saved"> </Resource> <ResourceParams name="UserDatabase"> 

<parameter> 

<name>factory</name> 

<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> 

</parameter> <parameter> <name>pathname</name> <value>conf/tomcat-users.xml</value> 

</parameter> 

</ResourceParams> 

</GlobalNamingResources>

然後再web應用的部署描述符中指定Web服務資源的訪問控制，如下所示：

3.

<security-constraint>

<web-resource-collection>

<web-resource-name>Tax Web service </web-resource-name>

<url-pattern>/services/PersonalTaxService</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>department-manager</role-name> <

/auth-constraint>

</security-constraint>

<login-config>

<auth-method>BASIC</auth-method>

<realm-name>Axis Basic Authentication Area</realm-name>

</login-config>

<security-role>

<role-name>department-manager</role-name>

</security-role>

url-pattern指定了需要通過角色驗證的URL樣式，在這裏是"/services/PersonalTaxService"；role-name是能夠訪問制定URL的角色，這裏是department-manager。以上配置的意思是隻有角色類型是"department-manager"的用戶才能訪問URL樣式爲"/services/PersonalTaxService"Web服務。

 

4.客戶端調用：

public String ClientAccount(CDto abDto){
  RPCServiceClient serviceClient = null;
  String para=null;
  String xmlString = null;
  try {
   serviceClient = new RPCServiceClient();
   
   Options options = serviceClient.getOptions();
   EndpointReference targetEPR = new EndpointReference(ClientReadProperties.getInstence().getProperty("Select"));
   options.setTo(targetEPR);
   
   HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator();
   authenticator.setPreemptiveAuthentication(true);
   authenticator.setUsername("test");
   authenticator.setPassword("test");
   options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);

   
   QName qname = new QName(ClientReadProperties.getInstence().getProperty("Qurl"),"Select");
   para=ObjectToXML.ObjectToXMLString(abDto);//封裝成XML格式字符串   
   xmlString = (String) serviceClient.invokeBlocking(qname,new Object[] { para },new Class[] { String.class })[0];   
  } catch (Exception e) {
   e.getStackTrace();
  }
  return xmlString;
 }