构建基于CXF的WebService服务(3)-- 利用拦截器实现权限验证
时间:2014-05-13 09:27:07
收藏:0
阅读:360
CXF中的拦截器分为in拦截器和out拦截器,又有客户端拦截器和服务端拦截器。
拦截器使用流程:客户端(out)-> 服务端(in)->处理业务->服务端(out)->客户端(in),并不是每一步都需要拦截器。在这里我们用到的是客户端Out拦截器和服务端in拦截器。服务端in拦截器检查用户级权限,客户端out浏览器发送用户信息给服务端。
1、创建服务端验证
JaxWsServerFactoryBean或Endpoint都可以通过getInInterceptors方法,向WebService服务添加拦截器。
1.1 Endpoint方式
HelloWorldService service = new HelloWorldServiceImpl(); String address = "http://localhost:8080/hello"; EndpointImpl endpoint = (EndpointImpl)Endpoint.publish(address, service); endpoint.getInInterceptors().add(new AuthInterceptor());1.2 JaxWsServerFactoryBean方式
HelloWorldServiceImpl impl = new HelloWorldServiceImpl(); JaxWsServerFactoryBean factory = new JaxWsServerFactoryBean(); factory.setAddress("http://localhost:8080/hello"); factory.setServiceClass(HelloWorldService.class); factory.setServiceBean(impl); factory.getInInterceptors().add(new AuthInterceptor()); factory.create();
自定义拦截去需要实现PhaseInterceptor接口,不过一般都是继承自AbstractPhaseInterceptor<T>,下面我们来实现AuthInterceptor的权限控制功能
package com.tiamaes.webservice.auth; import java.util.List; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.headers.Header; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; import org.w3c.dom.Element; import org.w3c.dom.NodeList; /** * <p>类描述:用户权限验证拦截器 </p> * <p>修改人:王成委 </p> * <p>修改时间:2014-5-10 下午03:16:16 </p> * @version */ public class AuthInterceptor extends AbstractPhaseInterceptor<SoapMessage> { //在调用之前拦截 public AuthInterceptor() { super(Phase.PRE_INVOKE); } /** * 自定义拦截器需要实现handleMessage方法,该方法抛出Fault异常,可以自定义异常集成自Fault, * 也可以new Fault(new Throwable()) */ public void handleMessage(SoapMessage soap) throws Fault { System.out.println("开始验证用户信息"); List<Header> headers = soap.getHeaders(); //检查headers是否存在 if(headers == null | headers.size()<1){ throw new Fault(new IllegalArgumentException("找不到Header,无法验证用户信息")); } Header header = headers.get(0); Element el = (Element)header.getObject(); NodeList users = el.getElementsByTagName("username"); NodeList passwords = el.getElementsByTagName("password"); //检查是否有用户名和密码元素 if(users.getLength()<1){ throw new Fault(new IllegalArgumentException("找不到用户信息")); } String username = users.item(0).getTextContent().trim(); if(passwords.getLength()<1){ throw new Fault(new IllegalArgumentException("找不到密码信息")); } String password = passwords.item(0).getTextContent(); //检查用户名和密码是否正确 if(!"admin".equals(username) || !"admin".equals(password)){ throw new Fault(new IllegalArgumentException("用户名或密码不正确")); }else{ System.out.println("用户名密码正确允许访问"); } } }
2、客户端发送用户信息
客户端则需要添加out拦截器,在out拦截器中加入消息头
客户端拦截器:ClienLoginInterceptor
package com.tiamaes.webservice.auth; import java.util.List; import javax.xml.namespace.QName; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.headers.Header; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; import org.w3c.dom.Document; import org.w3c.dom.Element; /** * <p>类描述: </p> * <p>修改记录 ---------------- </p> * <p>修改人:王成委 </p> * <p>修改时间:2014-5-10 下午03:58:10 </p> * <p>修改备注: </p> * @version */ public class ClientLoginInterceptor extends AbstractPhaseInterceptor<SoapMessage> { private String username; private String password; public void setUsername(String username) { this.username = username; } public void setPassword(String password) { this.password = password; } /** * 创建一个新的实例 ClientLoginInterceptor. * * @param username * @param password */ public ClientLoginInterceptor(String username, String password) { super(Phase.PREPARE_SEND); this.username = username; this.password = password; } /* (non-Javadoc) * @see org.apache.cxf.interceptor.Interceptor#handleMessage(org.apache.cxf.message.Message) */ public void handleMessage(SoapMessage soap) throws Fault { // TODO Auto-generated method stub List<Header> headers = soap.getHeaders(); Document doc = DOMUtils.createDocument(); Element auth = doc.createElement("authrity"); Element username = doc.createElement("username"); Element password = doc.createElement("password"); username.setTextContent(this.username); password.setTextContent(this.password); auth.appendChild(username); auth.appendChild(password); //doc.appendChild(auth); headers.add(0, new Header(new QName("tiamaes"),auth)); } }
客户端添加ClientLoginInterceptor
public static void main(String[] args) { JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(); Client client = dcf.createClient("http://127.0.0.1:8080/hello?wsdl"); client.getOutInterceptors().add(new ClientLoginInterceptor("admin", "admin")); try { Object[] objs = client.invoke("syaHello", "Tom"); System.out.println(objs[0].toString()); } catch (Exception e) { e.printStackTrace(); } }
评论(0)