ader的安全驗證 xml格式: <soap:Header> <auth:authentication xmlns:auth="http://gd.chinamobile.com//authentication"> <auth:systemID>1</auth:systemID> <auth:userID>test</auth:userID> <auth:password>test</auth:password> </auth:authentication> </soap:Header> 一,首先在服務端創建一個攔截器(被調用端),需要繼承org.apache.cxf.phase.AbstractPhaseInterceptor 代碼如下: import java.util.List; import javax.xml.soap.SOAPException; import org.apache.cxf.binding.soap.SoapHeader; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.headers.Header; import org.apache.cxf.helpers.XMLUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; import org.apache.log4j.Logger; import org.w3c.dom.Element; import org.w3c.dom.NodeList; public class AuthIntercetpr extends AbstractPhaseInterceptor<SoapMessage> { private static final Logger logger = Logger.getLogger(AuthIntercetpr.class); public static final String xml_namespaceUR_att = "http://gd.chinamobile.com//authentication"; public static final String xml_header_el = "soap:Header"; public static final String xml_authentication_el = "auth:authentication"; public static final String xml_systemID_el = "auth:systemID"; public static final String xml_userID_el = "auth:userID"; public static final String xml_password_el = "auth:password"; public AuthIntercetpr() { // 指定該攔截器在哪個階段被激發 super(Phase.PRE_INVOKE); } // 處理消息 public void handleMessage(SoapMessage message) { logger.info("==================SoapMessage =" + message); // 獲取SOAP消息的全部頭 List<Header> headers = message.getHeaders(); if (null == headers || headers.size() < 1) { throw new Fault(new SOAPException("SOAP消息頭格式不對哦!")); } for (Header header : headers) { SoapHeader soapHeader = (SoapHeader) header; // 取出SOAP的Header元素 Element element = (Element) soapHeader.getObject(); logger.info("ELEMENT =" + element.toString()); XMLUtils.printDOM(element); NodeList userIdNodes = element .getElementsByTagName(xml_userID_el); NodeList pwdNodes = element .getElementsByTagName(xml_password_el); NodeList systemIdNodes = element .getElementsByTagName(xml_systemID_el); logger.info("############ 打印帳號信息 ##############"); logger.info(userIdNodes.item(0) + "=" + userIdNodes.item(0).getTextContent()); logger.info(systemIdNodes.item(0) + "=" + systemIdNodes.item(0).getTextContent()); logger.info(pwdNodes.item(0) + "=" + pwdNodes.item(0).getTextContent()); logger.info("############————————##############"); if (null != userIdNodes && userIdNodes.item(0).getTextContent().equels("test") ) { if (null != pwdNodes && pwdNodes.item(0).getTextContent().equals("test")) { logger.info("$$$$$$$$ 認證成功"); } else {//認證失敗則拋出異常,停止繼續操作 SOAPException soapExc = new SOAPException("閣下可能不是合法用戶!"); throw new Fault(soapExc); } } else {//認證失敗則拋出異常,停止繼續操作 SOAPException soapExc = new SOAPException("閣下可能不是合法用戶!"); throw new Fault(soapExc); } } } } 二,修改cxf-beans.xml <!--id:隨意配,implementor:指定接口具體實現類,address:隨意配,訪問時會用到,下面會做說明--> <!--攔截器--> <bean id="authIntercetpr" class="unitTest.AuthIntercetpr"></bean> <jaxws:endpoint id="HelloWorldService" implementor="com.ws.HelloWorldServiceImpl" address="/IHelloService"> <!-- 在此配置調用當前ws所觸發的攔截器--> <ref bean="authIntercetpr" /> <!--或者直接在這裏寫<bean class="unitTest.AuthIntercetpr"></bean>--> </jaxws:endpoint> 到此服務端工作完畢!!! 下面是客戶端(調用端) 三,這邊同樣創建一個攔截器,實現org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor import java.text.SimpleDateFormat; import java.util.Date; import java.util.List; import javax.xml.namespace.QName; import org.apache.cxf.binding.soap.SoapHeader; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; import org.apache.cxf.headers.Header; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.helpers.XMLUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.phase.Phase; import org.w3c.dom.Document; import org.w3c.dom.Element; public class AddSoapHeader extends AbstractSoapInterceptor { public static final String xml_namespaceUR_att = "http://gd.chinamobile.com//authentication"; public static final String xml_header_el = "soap:Header"; public static final String xml_authentication_el = "auth:authentication"; public static final String xml_systemID_el = "auth:systemID"; public static final String xml_userID_el = "auth:userID"; public static final String xml_password_el = "auth:password"; public AddSoapHeader() { // 指定該攔截器在哪個階段被激發 super(Phase.WRITE); } public void handleMessage(SoapMessage message) throws Fault { SimpleDateFormat sd = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); Date date = new Date(); String time = sd.format(date); String userId = "test"; String sysId = "1"; String password = "test"; QName qname = new QName("RequestSOAPHeader");//這個值暫時不清楚具體做什麼用,可以隨便寫 Document doc = (Document) DOMUtils.createDocument(); Element root = doc.createElement(xml_header_el); Element eSysId = doc.createElement(xml_systemID_el); eSysId.setTextContent(sysId); Element eUserId = doc.createElement(xml_userID_el); eUserId.setTextContent(userId); Element ePwd = doc.createElement(xml_password_el); ePwd.setTextContent(password); Element child = doc.createElementNS(xml_namespaceUR_att, xml_authentication_el); child.appendChild(eSysId); child.appendChild(eUserId); child.appendChild(ePwd); root.appendChild(child); XMLUtils.printDOM(root);// 只是打印xml內容到控制檯,可刪除 SoapHeader head = new SoapHeader(qname, root); List<Header> headers = message.getHeaders(); headers.add(head); } } 四,具體調用ws的類代碼 private static final String webServiceConTimeout = "6000"; private static final String webServiceRevTimeout = "6000"; 。。。。。。。 HelloWorldServiceImplService hello = new HelloWorldServiceImplService(); HelloWorldService service = hello.getHelloWorldServiceImplPort(); //以上什麼意思請參考:http://learning.iteye.com/admin/blogs/1333223 Client clientProxy = ClientProxy.getClient(service);//通過目標ws獲取代理 //注入攔截器,getOutInterceptors代表調用服務端時觸發,getInInterceptors就是被調用才觸發 clientProxy.getOutInterceptors().add(ash); // 超時時間設置 HTTPConduit http = (HTTPConduit) clientProxy.getConduit(); HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); httpClientPolicy.setConnectionTimeout(Integer .valueOf(webServiceConTimeout)); httpClientPolicy.setReceiveTimeout(Integer .valueOf(webServiceRevTimeout)); httpClientPolicy.setAllowChunking(false); http.setClient(httpClientPolicy); //以上插入點超時設置方式 //下面這行代碼是具體調用服務段的deleteTeskTask() CallResult cResult = service.deleteTeskTask("1223"); 。 。 客戶端代碼到此結束 五,還有一種方式是通過JaxWsProxyFactoryBean方式,註冊攔截器及實例化ws,代碼如下: private static final JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean(); AddSoapHeader ash = new AddSoapHeader(); ArrayList list = new ArrayList(); // 添加soap header 信息 list.add(ash); //注入攔截器,getOutInterceptors代表調用服務端時觸發,getInInterceptors就是被調用才觸發 factory.setOutInterceptors(list); factory.setServiceClass(HelloWorldService.class);//實例化ws factory.setAddress("http://xxx.xxx.xxx.xxx:8004/services/IHelloService"); Object obj = factory.create(); HelloWorldService service = (HelloWorldService) obj; //下面這行代碼是具體調用服務段的deleteTeskTask() CallResult cResult = service.deleteTeskTask("1223"); ##########這段代碼可替代步驟(四)#####
CXF 入門:CXF攔截器使用,創建一個基於SOAPHeader的安全驗證
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章