JAX-WS Handler使用

最新推荐文章于 2021-03-04 20:11:55 发布

ytzyg

最新推荐文章于 2021-03-04 20:11:55 发布

阅读量3k

点赞数

分类专栏： java webservice 文章标签： webservice soap null string interceptor user

java 同时被 2 个专栏收录

35 篇文章 0 订阅

订阅专栏

webservice

30 篇文章 0 订阅

订阅专栏

1.Handler和Servlet中的filter极为相似，我们可以对所有WebServicer进行拦截，在这个Handler中我们可以记录日志、

权限控制、对请求的SOAP消息进行加密，解密等。CXF也有Interceptor,不知道有什么区别，后面会学习

2.接口javax.xml.ws.handler.Handler和javax.xml.ws.handler.soap.SOAPHandler

定义自己Handler需要实现两个Handler其中一个SOAPHandler是Handler的子接口

Handler的三个方法

void

close(MessageContext context) ：一个webService调用结束时会调用，通常会做释放资源的操作

boolean

handleFault(C context) ：当handlerMessage发生异常时，会调用

boolean

handleMessage(C context)：调用webService inbound和outbound时都会调用，一次webService调用，

会调用该方法两次

3.实现一个用户身份验证的Handler来说明Handler使用

3.1定义我们自己Handler

public class AuthValidationHandler implements SOAPHandler<SOAPMessageContext> {

Java代码

public Set<QName> getHeaders() {
// TODO Auto-generated method stub
return null;
}
public void close(MessageContext context) {
}
public boolean handleFault(SOAPMessageContext context) {
return false;
}
public boolean handleMessage(SOAPMessageContext context) {
HttpServletRequest request = (HttpServletRequest)context.get(AbstractHTTPDestination.HTTP_REQUEST);
System.out.println("客户端IP："+request.getRemoteAddr());
Boolean outbound = (Boolean)context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (!outbound.booleanValue())
{
SOAPMessage soapMessage = context.getMessage();
try {
SOAPEnvelope soapEnvelope = soapMessage.getSOAPPart().getEnvelope();
SOAPHeader soapHeader = soapEnvelope.getHeader();
if(soapHeader == null)generateSoapFault(soapMessage, "No Message Header...");
Iterator it = soapHeader.extractHeaderElements(SOAPConstants.URI_SOAP_1_2_ROLE_NEXT);
if(it == null || !it.hasNext())generateSoapFault(soapMessage, "No Header block for role next");
Node node = (Node)it.next();
String value = node == null ? null : node.getValue();
if(value == null)generateSoapFault(soapMessage, "No authation info in header blocks");
String[] infos = value.split("&");
return authValidate(infos[0], infos[1]);
} catch (SOAPException e) {
e.printStackTrace();
}
}
return false;
}
private boolean authValidate(String userName,String password){
if(userName == null || password == null){
return false;
}
if("admin".equals(userName) && "admin".equals(password)){
return true;
}
return false;
}
private void generateSoapFault(SOAPMessage soapMessage,String reasion){
try {
SOAPBody soapBody = soapMessage.getSOAPBody();
SOAPFault soapFault = soapBody.getFault();
if(soapFault == null){
soapFault = soapBody.addFault();
}
soapFault.setFaultString(reasion);
throw new SOAPFaultException(soapFault);
} catch (SOAPException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}

	public Set<QName> getHeaders() {
		// TODO Auto-generated method stub
		return null;
	}

	public void close(MessageContext context) {
		
	}

	public boolean handleFault(SOAPMessageContext context) {
		return false;
	}

	public boolean handleMessage(SOAPMessageContext context) {
		
		HttpServletRequest request = (HttpServletRequest)context.get(AbstractHTTPDestination.HTTP_REQUEST);
		
		System.out.println("客户端IP："+request.getRemoteAddr());
		
		Boolean outbound = (Boolean)context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY); 

		  if (!outbound.booleanValue()) 
		  {
			  SOAPMessage soapMessage = context.getMessage();
			  
			  try {
				SOAPEnvelope soapEnvelope = soapMessage.getSOAPPart().getEnvelope();
				SOAPHeader soapHeader = soapEnvelope.getHeader();
				
				if(soapHeader == null)generateSoapFault(soapMessage, "No Message Header...");
				
				Iterator it = soapHeader.extractHeaderElements(SOAPConstants.URI_SOAP_1_2_ROLE_NEXT);
				
				if(it == null || !it.hasNext())generateSoapFault(soapMessage, "No Header block for role next");
				
				Node node = (Node)it.next();
				
				String value = node == null ? null : node.getValue();
				
				if(value == null)generateSoapFault(soapMessage, "No authation info in header blocks");
				
				String[] infos = value.split("&");
				
				return authValidate(infos[0], infos[1]);
				
				
			} catch (SOAPException e) {
				e.printStackTrace();
			}
			  
		  }

		  
		return false;
	}
	
	
	private boolean authValidate(String userName,String password){
		if(userName == null || password == null){
			return false;
		}
		
		if("admin".equals(userName) && "admin".equals(password)){
			return true;
		}
		return false;
	}
	
	private void generateSoapFault(SOAPMessage soapMessage,String reasion){
		try {
			SOAPBody soapBody = soapMessage.getSOAPBody();
			SOAPFault soapFault = soapBody.getFault();
			
			if(soapFault == null){
				soapFault = soapBody.addFault();
			}
			
			soapFault.setFaultString(reasion);
			
			throw new SOAPFaultException(soapFault);
			
		} catch (SOAPException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}

	
}

HttpServletRequest request = (HttpServletRequest)context.get(AbstractHTTPDestination.HTTP_REQUEST);

可以获取request对象，从而拿到客户端Ip,可以进行非法地址ip排除

Boolean outbound = (Boolean)context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

判断当前是Inbound还是outbound

只在inbound时做用户校验

我们将用户相信放在soapheader里

3.2在SEI实现类UserServiceImpl上添加@HandlerChain(file = "handlers.xml")

3.3在UserServiceImpl所在包下编写handlers.xml

<handler-chains xmlns="http://java.sun.com/xml/ns/javaee"

Xml代码

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee">
<handler-chain>
<handler>
<handler-name>authHandler</handler-name>
<handler-class>com.cxf.users.AuthValidationHandler</handler-class>
</handler>
</handler-chain>
</handler-chains>

                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                xsi:schemaLocation="http://java.sun.com/xml/ns/javaee">
  <handler-chain>

    <handler>
      <handler-name>authHandler</handler-name>
      <handler-class>com.cxf.users.AuthValidationHandler</handler-class>
    </handler>
  </handler-chain>
</handler-chains>

这样我们服务端就编写好了，我们还有在客户端将我们用户信息加到soapHeader中

4.客户端将我们用户信息加到soapHeader中

4.1客户端Handler

public class AuthenticationHandler implements SOAPHandler<SOAPMessageContext> {

Java代码

public Set<QName> getHeaders() {
// TODO Auto-generated method stub
return null;
}
public void close(MessageContext arg0) {
// TODO Auto-generated method stub
}
public boolean handleFault(SOAPMessageContext arg0) {
// TODO Auto-generated method stub
return false;
}
public boolean handleMessage(SOAPMessageContext ctx) {
Boolean request_p=(Boolean)ctx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if(request_p){
try {
SOAPMessage msg=ctx.getMessage();
SOAPEnvelope env=msg.getSOAPPart().getEnvelope();
SOAPHeader hdr=env.getHeader();
if(hdr==null)hdr=env.addHeader();
//添加认证信息
QName qname_user=new QName("http://com/auth/","auth");
SOAPHeaderElement helem_user=hdr.addHeaderElement(qname_user);
helem_user.setActor(SOAPConstants.URI_SOAP_1_2_ROLE_NEXT);
helem_user.addTextNode("admin&admin");
msg.saveChanges();
//把SOAP消息输出到System.out，即控制台
msg.writeTo(System.out);
return true;
} catch (Exception e) {
e.printStackTrace();
}
}
return false;
}
}

	public Set<QName> getHeaders() {
		// TODO Auto-generated method stub
		return null;
	}

	public void close(MessageContext arg0) {
		// TODO Auto-generated method stub
		
	}

	public boolean handleFault(SOAPMessageContext arg0) {
		// TODO Auto-generated method stub
		return false;
	}

	public boolean handleMessage(SOAPMessageContext ctx) {
		Boolean request_p=(Boolean)ctx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
		
       if(request_p){
           try { 
              SOAPMessage msg=ctx.getMessage();
              SOAPEnvelope env=msg.getSOAPPart().getEnvelope();
              SOAPHeader hdr=env.getHeader();
              
              if(hdr==null)hdr=env.addHeader();
          
              //添加认证信息
              QName qname_user=new QName("http://com/auth/","auth");
              SOAPHeaderElement helem_user=hdr.addHeaderElement(qname_user);
              helem_user.setActor(SOAPConstants.URI_SOAP_1_2_ROLE_NEXT);
              helem_user.addTextNode("admin&admin");
              msg.saveChanges();
              //把SOAP消息输出到System.out，即控制台
              msg.writeTo(System.out);
              return true;
           } catch (Exception e) {
              e.printStackTrace();
           }
       }
	       return false;
	}

	
}

4.2将Handler加到HandlerResolver中

public class UserClient {

Java代码

/**
* @param args
*/
public static void main(String[] args) {
UserServiceImplService userServiceImpl = new UserServiceImplService();
userServiceImpl.setHandlerResolver(new HandlerResolver(){
public List<Handler> getHandlerChain(PortInfo arg0) {
List<Handler> handlerList = new ArrayList<Handler>();
//添加认证信息
handlerList.add(new AuthenticationHandler());
return handlerList;
}
});
IUserService service = userServiceImpl.getUserServiceImplPort();
User u = new User();
u.setId(110);
u.setUserName("张三");
u.setAddress("杭州");
u.setSex(0);
System.out.println();
System.out.println(service.addUser(u));
}
}

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		UserServiceImplService userServiceImpl = new UserServiceImplService();
		
		userServiceImpl.setHandlerResolver(new HandlerResolver(){

			public List<Handler> getHandlerChain(PortInfo arg0) {
				
				List<Handler> handlerList = new ArrayList<Handler>();
	            //添加认证信息
	            handlerList.add(new AuthenticationHandler());
	              return handlerList;
			}
			
		});
		
		
		IUserService service = userServiceImpl.getUserServiceImplPort();
		
		
		User u = new User();
		u.setId(110);
		u.setUserName("张三");
		u.setAddress("杭州");
		u.setSex(0);
		System.out.println();
		System.out.println(service.addUser(u));
		
	}

}

这样验证就做好了

ytzyg

关注

0
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
JAX-WS Handler使用

1.Handler和Servlet中的filter极为相似，我们可以对所有WebServicer进行拦截，在这个Handler中我们可以记录日志、权限控制、对请求的SOAP消息进行加密，解密等。CXF也有Interceptor,不知道有什么区别，后面会学习 2.
复制链接

扫一扫