項目結構
spring boot cxf
https://blog.csdn.net/qq_26264237/article/details/105373000
在上個項目基礎上修改
安全認證使用spring-ws-security
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-parent</artifactId>
<version>1.4.5.RELEASE</version>
</parent>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-spring-boot-starter-jaxws</artifactId>
<version>3.1.12</version>
</dependency>
<dependency>
<groupId>org.springframework.ws</groupId>
<artifactId>spring-ws-security</artifactId>
</dependency>
</dependencies>
AuthInterceptor爲權限過濾
import java.util.List;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.opensaml.ws.soap.common.SOAPException;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
@Component
public class AuthInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
private static final String USERNAME = "root";
private static final String PASSWORD = "admin";
public AuthInterceptor() {
// 定義在哪個階段進行攔截
super(Phase.PRE_PROTOCOL);
}
@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
List<Header> headers = soapMessage.getHeaders();
String username = null;
String password = null;
if (headers == null || headers.isEmpty()) {
throw new Fault(new IllegalArgumentException("找不到Header,無法驗證用戶信息"));
}
// 獲取用戶名,密碼
for (Header header : headers) {
SoapHeader soapHeader = (SoapHeader) header;
Element e = (Element) soapHeader.getObject();
username = e.getAttribute("username");
password = e.getAttribute("password");
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
throw new Fault(new IllegalArgumentException("用戶信息爲空"));
}
}
// 校驗用戶名密碼
if (!(USERNAME.equals(username) && PASSWORD.equals(password))) {
SOAPException soapExc = new SOAPException("認證失敗");
System.err.println("用戶認證信息錯誤");
throw new Fault(soapExc);
}
}
}
@Configuration
public class CxfConfig {
@Autowired
private Bus bus;
@Autowired
private HelloService helloService;
@Autowired
AuthInterceptor authInterceptor;
@Bean
public Endpoint endpoint() {
EndpointImpl endpoint = new EndpointImpl(bus, helloService);
endpoint.publish("/helloService");
endpoint.getInInterceptors().add(authInterceptor);
// 訪問連接: http://localhost:8080/services/helloService?wsdl
return endpoint;
}
}
啓動後訪問
訪問連接: http://localhost:8080/services/helloService?wsdl
是否增加過濾器對生成的wsdl文件並無影響
客戶端增加認證信息(soapHeader)
<dependencies>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.10</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>3.1.12</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>3.1.12</version>
</dependency>
</dependencies>
/**
* 添加soapHeader
*/
public class ClientCheckInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
private static final String USERNAME = "root";
private static final String PASSWORD = "admin";
public ClientCheckInterceptor() {
super(Phase.PREPARE_SEND);
}
@Override
public void handleMessage(SoapMessage message) throws Fault {
List<Header> headers = message.getHeaders();
Document document = DOMUtils.createDocument();
Element authorEle = document.createElement("author");
authorEle.setAttribute("username", USERNAME);
authorEle.setAttribute("password", PASSWORD);
headers.add(new Header(new QName(""), authorEle));
}
}
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.junit.Test;
import com.sky.cxf01.interceptor.ClientCheckInterceptor;
import com.sky.cxf01.service.HelloService;
import com.sky.cxf01.service.impl.HelloServiceImplService;
public class DemoClient {
@Test
public void testCxfSecurityServer() {
HelloService service = new HelloServiceImplService().getHelloServiceImplPort();
Client client = ClientProxy.getClient(service);
client.getOutInterceptors().add(new ClientCheckInterceptor());
String sayHello = service.sayHello("Lebron");
System.err.println("sayHello=" + sayHello);
// sayHello=Hello, Lebron
}
}