CXF中的拦截器分为in拦截器和out拦截器,又有客户端拦截器和服务端拦截器。
拦截器使用流程:客户端(out)-> 服务端(in)->处理业务->服务端(out)->客户端(in),并不是每一步都需要拦截器。在这里我们用到的是客户端Out拦截器和服务端in拦截器。服务端in拦截器检查用户级权限,客户端out浏览器发送用户信息给服务端。
1、创建服务端验证
JaxWsServerFactoryBean或Endpoint都可以通过getInInterceptors方法,向WebService服务添加拦截器。
1.1 Endpoint方式
- HelloWorldService service = new HelloWorldServiceImpl();
- String address = "http://localhost:8080/hello";
- EndpointImpl endpoint = (EndpointImpl)Endpoint.publish(address, service);
- endpoint.getInInterceptors().add(new AuthInterceptor());
- HelloWorldServiceImpl impl = new HelloWorldServiceImpl();
- JaxWsServerFactoryBean factory = new JaxWsServerFactoryBean();
- factory.setAddress("http://localhost:8080/hello");
- factory.setServiceClass(HelloWorldService.class);
- factory.setServiceBean(impl);
- factory.getInInterceptors().add(new AuthInterceptor());
- factory.create();
自定义拦截去需要实现PhaseInterceptor接口,不过一般都是继承自AbstractPhaseInterceptor<T>,下面我们来实现AuthInterceptor的权限控制功能
- package com.tiamaes.webservice.auth;
- import java.util.List;
- import org.apache.cxf.binding.soap.SoapMessage;
- import org.apache.cxf.headers.Header;
- import org.apache.cxf.interceptor.Fault;
- import org.apache.cxf.phase.AbstractPhaseInterceptor;
- import org.apache.cxf.phase.Phase;
- import org.w3c.dom.Element;
- import org.w3c.dom.NodeList;
- /**
- * <p>类描述:用户权限验证拦截器 </p>
- * <p>修改人:王成委 </p>
- * <p>修改时间:2014-5-10 下午03:16:16 </p>
- * @version
- */
- public class AuthInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
- //在调用之前拦截
- public AuthInterceptor() {
- super(Phase.PRE_INVOKE);
- }
- /**
- * 自定义拦截器需要实现handleMessage方法,该方法抛出Fault异常,可以自定义异常集成自Fault,
- * 也可以new Fault(new Throwable())
- */
- public void handleMessage(SoapMessage soap) throws Fault {
- System.out.println("开始验证用户信息");
- List<Header> headers = soap.getHeaders();
- //检查headers是否存在
- if(headers == null | headers.size()<1){
- throw new Fault(new IllegalArgumentException("找不到Header,无法验证用户信息"));
- }
- Header header = headers.get(0);
- Element el = (Element)header.getObject();
- NodeList users = el.getElementsByTagName("username");
- NodeList passwords = el.getElementsByTagName("password");
- //检查是否有用户名和密码元素
- if(users.getLength()<1){
- throw new Fault(new IllegalArgumentException("找不到用户信息"));
- }
- String username = users.item(0).getTextContent().trim();
- if(passwords.getLength()<1){
- throw new Fault(new IllegalArgumentException("找不到密码信息"));
- }
- String password = passwords.item(0).getTextContent();
- //检查用户名和密码是否正确
- if(!"admin".equals(username) || !"admin".equals(password)){
- throw new Fault(new IllegalArgumentException("用户名或密码不正确"));
- }else{
- System.out.println("用户名密码正确允许访问");
- }
- }
- }
2、客户端发送用户信息
客户端则需要添加out拦截器,在out拦截器中加入消息头
客户端拦截器:ClienLoginInterceptor
- package com.tiamaes.webservice.auth;
- import java.util.List;
- import javax.xml.namespace.QName;
- import org.apache.cxf.binding.soap.SoapMessage;
- import org.apache.cxf.headers.Header;
- import org.apache.cxf.helpers.DOMUtils;
- import org.apache.cxf.interceptor.Fault;
- import org.apache.cxf.phase.AbstractPhaseInterceptor;
- import org.apache.cxf.phase.Phase;
- import org.w3c.dom.Document;
- import org.w3c.dom.Element;
- /**
- * <p>类描述: </p>
- * <p>修改记录 ---------------- </p>
- * <p>修改人:王成委 </p>
- * <p>修改时间:2014-5-10 下午03:58:10 </p>
- * <p>修改备注: </p>
- * @version
- */
- public class ClientLoginInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
- private String username;
- private String password;
- public void setUsername(String username) {
- this.username = username;
- }
- public void setPassword(String password) {
- this.password = password;
- }
- /**
- * 创建一个新的实例 ClientLoginInterceptor.
- *
- * @param username
- * @param password
- */
- public ClientLoginInterceptor(String username, String password) {
- super(Phase.PREPARE_SEND);
- this.username = username;
- this.password = password;
- }
- /* (non-Javadoc)
- * @see org.apache.cxf.interceptor.Interceptor#handleMessage(org.apache.cxf.message.Message)
- */
- public void handleMessage(SoapMessage soap) throws Fault {
- // TODO Auto-generated method stub
- List<Header> headers = soap.getHeaders();
- Document doc = DOMUtils.createDocument();
- Element auth = doc.createElement("authrity");
- Element username = doc.createElement("username");
- Element password = doc.createElement("password");
- username.setTextContent(this.username);
- password.setTextContent(this.password);
- auth.appendChild(username);
- auth.appendChild(password);
- //doc.appendChild(auth);
- headers.add(0, new Header(new QName("tiamaes"),auth));
- }
- }
客户端添加ClientLoginInterceptor
- public static void main(String[] args) {
- JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance();
- Client client = dcf.createClient("http://127.0.0.1:8080/hello?wsdl");
- client.getOutInterceptors().add(new ClientLoginInterceptor("admin", "admin"));
- try {
- Object[] objs = client.invoke("syaHello", "Tom");
- System.out.println(objs[0].toString());
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
转自:http://blog.csdn.net/jaune161/article/details/25602655