1.找到TOMCAT安裝目錄,找到CONFIG文件夾,查找到Tomcat_Home\conf\tomcat-users.xml文件,添加角色
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>… <role rolename="department-manager"/>
<user username="test" password="test" roles="department-manager"/>
…
</tomcat-users>
上面配置代碼在tomcat配置文件中添加了一個department-manager角色,並且在此角色中添加了一個名爲hellking的用戶。要使tomcat-users.xml中配置的角色和用戶生效,需要配置tomcat使用UserDatabaseRealm。打開Tomcat_Home\conf\server.xml配置文件,在GlobalNamingResources中添加以下描述:
2.在tomcat中添加UserDatabaseRealm
|
然後再web應用的部署描述符中指定Web服務資源的訪問控制,如下所示:
3.
<security-constraint>
<web-resource-collection>
<web-resource-name>Tax Web service </web-resource-name>
<url-pattern>/services/PersonalTaxService</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>department-manager</role-name> <
/auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Axis Basic Authentication Area</realm-name>
</login-config>
<security-role>
<role-name>department-manager</role-name>
</security-role>
url-pattern指定了需要通過角色驗證的URL樣式,在這裏是"/services/PersonalTaxService";role-name是能夠訪問制定URL的角色,這裏是department-manager。以上配置的意思是隻有角色類型是"department-manager"的用戶才能訪問URL樣式爲"/services/PersonalTaxService"Web服務。
4.客戶端調用:
public String ClientAccount(CDto abDto){
RPCServiceClient serviceClient = null;
String para=null;
String xmlString = null;
try {
serviceClient = new RPCServiceClient();
Options options = serviceClient.getOptions();
EndpointReference targetEPR = new EndpointReference(ClientReadProperties.getInstence().getProperty("Select"));
options.setTo(targetEPR);
HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator();
authenticator.setPreemptiveAuthentication(true);
authenticator.setUsername("test");
authenticator.setPassword("test");
options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);
QName qname = new QName(ClientReadProperties.getInstence().getProperty("Qurl"),"Select");
para=ObjectToXML.ObjectToXMLString(abDto);//封裝成XML格式字符串
xmlString = (String) serviceClient.invokeBlocking(qname,new Object[] { para },new Class[] { String.class })[0];
} catch (Exception e) {
e.getStackTrace();
}
return xmlString;
}