CXF密碼驗證_服務端和客戶端配置
阿新 • • 發佈:2019-01-22
1:服務端spring裡的配置:
Java程式碼- <bean id="Customer"class="org.web.HelloServiceImpl"></bean>
- lt;jaxws:endpoint id="custom" implementor="#Customer" address="/web" >
- <jaxws:inInterceptors>
- <bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
- <!--<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
- -->
- <bean class="org.web.soapHeader.ReadSoapHeader"></bean>
- <!--<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
- <constructor-arg>
- <map>
- <entry key="action" value="UsernameToken" />
- <entry key="passwordType"
- value="PasswordText" />
- <entry key="user" value="cxfServer" />
- <entry key="passwordCallbackRef"
- <ref bean="serverPasswordCallback" />
- </entry>
- </map>
- </constructor-arg>
- </bean> -->
- </jaxws:inInterceptors>
- </jaxws:endpoint>
這個裡面是有註釋的..區別上一個密碼驗證的示例!
關鍵程式碼就有一句: <bean class="org.web.soapHeader.ReadSoapHeader"></bean>
這個是自己寫的讀取soap資訊.檢視密碼是否正確!
2:soap讀入資訊的驗證:ReadSoapHeader程式碼:
Java程式碼- publicclass ReadSoapHeader extends AbstractPhaseInterceptor<SoapMessage> {
- private SAAJInInterceptor saa=new SAAJInInterceptor();
- public ReadSoapHeader(){
- super(Phase.PRE_PROTOCOL);
- getAfter().add(SAAJInInterceptor.class.getName());
- }
- publicvoid handleMessage(SoapMessage message) throws Fault {
- SOAPMessage mess=message.getContent(SOAPMessage.class);
- if(mess==null){
- saa.handleMessage(message);
- mess=message.getContent(SOAPMessage.class);
- }
- SOAPHeader head=null;
- try {
- head = mess.getSOAPHeader();
- } catch (SOAPException e) {
- e.printStackTrace();
- }
- if(head==null){
- return;
- }
- NodeList nodes=head.getElementsByTagName("tns:spId");
- NodeList nodepass=head.getElementsByTagName("tns:spPassword");
- if(nodes.item(0).getTextContent().indexOf("wdw")!=-1){
- if(nodepass.item(0).getTextContent().equals("wdwsb")){
- System.out.println("認證成功");
- }
- }
- else{
- SOAPException soapExc=new SOAPException("認證錯誤");
- thrownew Fault(soapExc);
- }
- }
- }
功能:判斷客戶端傳來的soap資訊頭是否有密碼..有的話判斷是否正確!
3:客戶端spring的配置:
Java程式碼- <bean id="webTest"class="org.web.HelloService" factory-bean="client" factory-method="create"/>
- <bean id="client"class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean" >
- <property name="address" value="http://127.0.0.1:88/Hello/web/web"></property>
- <property name="serviceClass" value="org.web.HelloService"></property>
- <property name="outInterceptors">
- <list>
- <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
- <!--<bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> -->
- <bean class="org.web.soapHeader.AddSoapHeader"></bean>
- <!--<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
- <constructor-arg>
- <map>
- <entry key="action" value="UsernameToken" />
- <entry key="passwordType" value="PasswordText" />
- <entry key="user" value="cxfClient" />
- <entry key="passwordCallbackRef">
- <ref bean="clientPasswordCallback" />
- </entry>
- </map>
- </constructor-arg>
- </bean>
- -->
- </list>
- </property>
- </bean>
PS:注意註釋>...重點是:
Java程式碼- <bean class="org.web.soapHeader.AddSoapHeader"></bean>
4:對soap進行如入頭資訊.把密碼加進去:AddSoapHeader程式碼:
Java程式碼- publicclass AddSoapHeader extends AbstractSoapInterceptor {
- privatestatic String nameURI="http://127.0.0.1/Hello/web";
- public AddSoapHeader(){
- super(Phase.WRITE);
- }
- publicvoid handleMessage(SoapMessage message) throws Fault {
- SimpleDateFormat sd=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
- Date date=new Date();
- String time =sd.format(date);
- String spPassword="wdwsb";
- String spName="wdw";
- QName qname=new QName("RequestSOAPHeader");
- Document doc=DOMUtils.createDocument();
- Element spId=doc.createElement("tns:spId");
- spId.setTextContent(spName);
- Element spPass=doc.createElement("tns:spPassword");
- spPass.setTextContent(spPassword);
- Element root=doc.createElementNS(nameURI, "tns:RequestSOAPHeader");
- root.appendChild(spId);
- root.appendChild(spPass);
- SoapHeader head=new SoapHeader(qname,root);
- List<Header> headers=message.getHeaders();
- headers.add(head);
- }
- }
很簡單的東西...現在密碼已經加進去了...spring裡也已經配置好了..
客戶端就可以正常的請求了..對請求的內容會進行soap頭處理.把密碼加進去....
服務端通過了客戶端的許可權密碼請求就可以了.