客户端的的请求:
ApplicationContext context = new ClassPathXmlApplicationContext(
"com/javaeye/security/clientAppContext.xml");
HelloWorld proxy = (HelloWorld) context.getBean("client");
Map map = ((BindingProvider)proxy).getRequestContext();
map.put(BindingProvider.USERNAME_PROPERTY, "melin");
map.put(BindingProvider.PASSWORD_PROPERTY, "123456");
map.put(BindingProvider.SESSION_MAINTAIN_PROPERTY,true);
int result = proxy.getCounter();
System.out.println(result);
result = proxy.getCounter();
System.out.println(result);
添加一个拦截器:
获取header中Authorization的值,这样就能再服务端获取密码和用户名:
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.commons.codec.binary.Base64;
public class SecurityInterceptor extends
AbstractPhaseInterceptor<Message>{
public SecurityInterceptor() {
super(Phase.PRE_LOGICAL);
}
public void handleMessage(Message message) throws Fault {
String baseAuth = null;
Map<String, List<String>> reqHeaders = CastUtils.cast((Map<?,?
if (reqHeaders != null) {
for (Map.Entry<String, List<String>> e :
reqHeaders.entrySet()) {
if("Authorization".equalsIgnoreCase(e.getKey()))
baseAuth = e.getValue().get(0);
}
}
if ((baseAuth != null) && baseAuth.startsWith("Basic ")) {
byte[] base64Token;
try {
base64Token = baseAuth.substring(6).getBytes("UTF-8");
String token = new String(Base64.decodeBase64(base64Token),
"UTF-8");
String username = "";
String password = "";
int delim = token.indexOf(":");
if (delim != -1) {
username = token.substring(0, delim);
password = token.substring(delim + 1);
}
System.out.printf("用户名:%s/n密 码:%s/n",username,password);
} catch (Exception e) {
throw new Fault(e);
}
}
}
加上ssl。保证传输过程中的安全就可以了。