4.授权Handler
AuthorizationHandler.java
package anni.handler;import java.util.*;import org.apache.axis.AxisFault;import org.apache.axis.MessageContext;import org.apache.axis.handlers.BasicHandler;import org.apache.axis.i18n.Messages;import org.apache.axis.security.AuthenticatedUser;import org.apache.axis.security.SecurityProvider;import org.apache.axis.security.simple.SimpleSecurityProvider;import org.apache.axis.Handler;import org.apache.commons.logging.Log;import org.apache.commons.logging.LogFactory;public class AuthorizationHandler extends BasicHandler { Log log = LogFactory.getLog(AuthorizationHandler.class); /** invoke,每一个handler都必须实现的方法。 */ public void invoke(MessageContext msgContext) throws AxisFault { log.info("start"); AuthenticatedUser user = (AuthenticatedUser)msgContext.getProperty("authenticatedUser"); if(user == null) throw new AxisFault("Server.NoUser", Messages.getMessage("needUser00"), null, null); String userId = user.getName(); Handler serviceHandler = msgContext.getService(); if(serviceHandler == null) throw new AxisFault(Messages.getMessage("needService00")); String serviceName = serviceHandler.getName(); String allowedRoles = (String)serviceHandler.getOption("allowedRoles"); if(allowedRoles == null) { log.info("不需要验证"); return; } SecurityProvider provider = (SecurityProvider)msgContext.getProperty("securityProvider"); if(provider == null) throw new AxisFault(Messages.getMessage("noSecurity00")); for(StringTokenizer st = new StringTokenizer(allowedRoles, ","); st.hasMoreTokens();) { String thisRole = st.nextToken(); if(provider.userMatches(user, thisRole)) { log.info("通过验证"); return;//访问授权通过。 } } //没有通过授权,不能访问目标服务,抛出Server.Unauthorized异常。 throw new AxisFault("Server.Unauthorized", Messages.getMessage("cantAuth02", userId, serviceName), null, null); } }deploy_5.wsdd
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <service name="HandleredService" provider="java:RPC"> <parameter name="allowedMethods" value="*"/> <parameter name="className" value="anni.handler.HandleredService"/> <parameter name="allowedRoles" value="lingo,anni"/> <requestFlow> <handler name="authen" type="java:anni.handler.AuthenticationHandler"/> <handler name="author" type="java:anni.handler.AuthorizationHandler"/> <handler name="logging" type="java:anni.handler.LogHandler"> <parameter name="filename" value="/MyService.log"/> </handler> </requestFlow> </service></deployment>使用deploy_5.wsdd发布HandleredService服务
java -cp %AXISCLASSPATH% org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/ deploy_5.wsddAuthenClient.java
package anni;import javax.xml.namespace.QName;import org.apache.axis.client.Call;import org.apache.axis.client.Service;import org.apache.commons.logging.Log;import org.apache.commons.logging.LogFactory;public class AuthorClient { public static void main(String [] args) throws Exception { Log log = LogFactory.getLog(AuthorClient.class); String endpointURL = "http://localhost:8080/axis/services/HandleredService"; Service service = new Service(); Call call = (Call) service.createCall(); call.setTargetEndpointAddress( new java.net.URL(endpointURL) ); call.setOperationName(new QName("HandleredService", "publicMethod"));//设置操作的名称。 //由于需要认证,故需要设置调用的用户名和密码。 call.getMessageContext().setUsername("anni"); call.getMessageContext().setPassword("123456"); String res = (String) call.invoke( new Object[] {"Lingo"} ); log.info( res ); }}
--------------------------------------------------------------------------------
六。为axis配置SOAPMonitor
SOAPMonitor可以用来监视web service的请求信息和响应信息。它的配置还算简单。
在axis目录下webapps/axis目录下找到SOAPMonitorApplet.java
javac -classpath %AXIS_HOME%/lib/axis.jar SOAPMonitorApplet.java编译之后可以得到七个class文件
deploy_6.wsdd
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <handler name="soapmonitor" type="java:org.apache.axis.handlers.SOAPMonitorHandler"> <parameter name="wsdlURL" value="/axis/SOAPMonitorService-impl.wsdl"/> <parameter name="namespace" value="http://tempuri.org/wsdl/2001/12/SOAPMonitorService-impl.wsdl"/> <parameter name="serviceName" value="SOAPMonitorService"/> <parameter name="portName" value="Demo"/> </handler> <service name="SOAPMonitorService" provider="java:RPC"> <parameter name="allowedMethods" value="publishMessage"/> <parameter name="className" value="org.apache.axis.monitor.SOAPMonitorService"/> <parameter name="scope" value="Application"/> </service></deployment>使用deploy_6.wsdd发布SOAPMonitorService服务和soapmonitor这个Handler
java -cp %AXISCLASSPATH% org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/ deploy_6.wsdd选择你要监控的服务
以上次的HelloWorld服务为例,在server-config.wsdd中你会找到这段代码
<service name="HelloWorld" provider="java:RPC"> <parameter name="allowedMethods" value="sayHello"/> <parameter name="className" value="HelloWorld"/></service>在这段代码中加入以下的代码:
<requestFlow> <handler type="soapmonitor"/></requestFlow><responseFlow> <handler type="soapmonitor"/></responseFlow>最后的样子是:
<service name="HelloWorld" provider="java:RPC"> <requestFlow> <handler type="soapmonitor"/> </requestFlow> <responseFlow> <handler type="soapmonitor"/> </responseFlow> <parameter name="allowedMethods" value="sayHello"/> <parameter name="className" value="HelloWorld"/></service>或者使用deploy_7.wsdd发布
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <service name="HelloWorld" provider="java:RPC"> <requestFlow> <handler type="soapmonitor"/> </requestFlow> <responseFlow> <handler type="soapmonitor"/> </responseFlow> <parameter name="allowedMethods" value="sayHello"/> <parameter name="className" value="anni.HelloWorld"/> </service></deployment>使用deploy_7.wsdd重新发布HelloWorld服务
java -cp %AXISCLASSPATH% org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/ deploy_7.wsdd这样HelloWorld服务就被监控了
启动Tomcat,打开http://localhost:8080/axis/SOAPMonitor,你就会看到Applet界面,运行我们上次写的客户端程序 TestClient.java。你会在Applet界面看客户端与服务器端互发的XML内容,注意这里是明文!
--------------------------------------------------------------------------------
七。使用https加密
通过https协议对传输进行加密,这个并不是仅仅使用在web service上的技术,下边将一步步讲解如果在tomcat上配置https协议,并用client进行连接。
1.使用JDK自带的工具创建密匙库和信任库
方便起见给出.bat文件,gen-cer-store.bat内容如下:
set SERVER_DN="CN=Server, OU=ec, O=ec, L=BEIJINGC, S=BEIJING, C=CN"set CLIENT_DN="CN=Client, OU=ec, O=ec, L=BEIJING, S=BEIJING, C=CN"set PWD=123456set KS_PASS=-storepass %PWD%set KEYINFO=-keyalg RSAkeytool -genkey -alias Server -dname %SERVER_DN% %KS_PASS% -keystore server.keystore %KEYINFO% -keypass %PWD%keytool -export -alias Server -file test_axis.cer %KS_PASS% -keystore server.keystorekeytool -import -file test_axis.cer %KS_PASS% -keystore client.truststore -alias serverkey -nopromptkeytool -genkey -alias Client -dname %CLIENT_DN% %KS_PASS% -keystore client.keystore %KEYINFO% -keypass %PWD%keytool -export -alias Client -file test_axis.cer %KS_PASS% -keystore client.keystorekeytool -import -file test_axis.cer %KS_PASS% -keystore server.truststore -alias clientkey -noprompt好的,现在我们就有了四个文件:server.keystore,server.truststore,client.keystore,client.truststore
更改Tomcat的配置文件(server.xml),增加以下部署描述符:(其实里面有,只是被注释掉了)
<Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="true" keystoreFile="f:/server.keystore" keystorePass="123456" truststoreFile="f:/server.truststore" truststorePass="123456" sslProtocol="TLS" />tomcat有一个问题,server和client的密码必须是相同的,否则就会出现cannot recover key的错误。不知道现在新版本解决没有。
修改客户端程序HttpsClient.java(修改的部分已标出)
package anni;import org.apache.axis.client.Call;import org.apache.axis.client.Service;public class HttpsClient { public static void main(String [] args) throws Exception { String endpoint = "https://localhost:8443/axis/services/HelloWorld";//注意区别在这里!https! Service service = new Service(); Call call = (Call) service.createCall(); call.setTargetEndpointAddress( new java.net.URL(endpoint) ); call.setOperationName( "sayHello" ); String res = (String) call.invoke( new Object[] {} ); System.out.println( res ); }}最后使用命令来执行客户端程序
java -cp %AXISCLASSPATH% -Djavax.net.ssl.keyStore=client.keystore -Djavax.net.ssl.keyStorePassword=123456 -Djavax.net.ssl.trustStore=client.truststore anni.HttpsClient
--------------------------------------------------------------------------------
八。在axis中使用session
axis中有两种方法实现session,一种是依靠HTTP和HTTP cookies,另一种是用SOAP headers。
1.依靠cookie
服务器端SessionService.java
package anni.session;import org.apache.axis.MessageContext;import org.apache.axis.session.Session;import org.apache.commons.logging.Log;import org.apache.commons.logging.LogFactory;public class SessionService { Log log = LogFactory.getLog(SessionService.class); public String echo(String in) { MessageContext mc = MessageContext.getCurrentContext(); Session session = mc.getSession(); log.info("session : " + session); String name = (String)session.get("name"); session.set("name", name + " - input : " + in); log.info(in + " - name : [" + name + "]"); return in; }}deploy_8.wsdd
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <service name="SessionService" provider="java:RPC"> <parameter name="className" value="anni.session.SessionService"/> <parameter name="allowedMethods" value="echo"/> <parameter name="scope" value="session"/> </service></deployment>我的问题就在于一直没有给service定义scope,而且她还是大小写敏感的。现在我把这个service的scope定义为session就可以传递session了。
使用deploy_8.wsdd重新发布SessionService服务
java -cp %AXISCLASSPATH% org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/ deploy_8.wsddaxis会在响应信息中添加对cookie的操作
Set-Cookie: JSESSIONID=49EBBB19A1B2F8D10EE075F6F14CB8C9; Path=/axis客户端SessionClient.java
package anni.session;import org.apache.axis.client.Call;import org.apache.axis.client.Service;import org.apache.commons.logging.Log;import org.apache.commons.logging.LogFactory;public class SessionClient { public static void main(String [] args) throws Exception { Log log = LogFactory.getLog(SessionClient.class); String endpoint = "http://localhost:8080/axis/services/SessionService"; Service service = new Service(); service.setMaintainSession(true);//设置为保持会话 Call call = (Call) service.createCall(); call.setTargetEndpointAddress(new java.net.URL(endpoint)); call.setOperationName("echo"); String res = (String) call.invoke(new Object[]{"lingo"}); System.out.println(res); call = (Call) service.createCall(); call.setTargetEndpointAddress(new java.net.URL(endpoint)); call.setOperationName("echo"); res = (String) call.invoke(new Object[]{"sophia"}); System.out.println(res); call = (Call) service.createCall(); call.setTargetEndpointAddress(new java.net.URL(endpoint)); call.setOperationName("echo"); res = (String) call.invoke(new Object[]{"swallow"}); System.out.println(res); }}client会在请求中添加cookie的信息
Cookie: JSESSIONID=49EBBB19A1B2F8D10EE075F6F14CB8C9重复调用三次,检验session是否生效。
2.使用SOAP headers
在wsdd中添加SimpleSessionHandler的定义,新的deploy_9.wsdd
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <handler name="session" type="java:org.apache.axis.handlers.SimpleSessionHandler"/> <service name="SessionService" provider="java:RPC"> <requestFlow> <handler type="session"/> </requestFlow> <responseFlow> <handler type="session"/> </responseFlow> <parameter name="className" value="anni.session.SessionService"/> <parameter name="allowedMethods" value="echo"/> <parameter name="scope" value="session"/> </service></deployment>使用deploy_9.wsdd重新发布SessionService服务
java -cp %AXISCLASSPATH% org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/ deploy_9.wsdd创建client-config.wsdd
java %AXISCLASSPATH% org.apache.axis.utils.Admin client deploy_9.wsdd不知道为什么,我自己生成的client-config.wsdd总是不能正常使用,没法子,只好自己手动修改
<?xml version="1.0" encoding="UTF-8"?><deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <globalConfiguration> <requestFlow> <handler type="java:org.apache.axis.handlers.SimpleSessionHandler"/> </requestFlow> <responseFlow> <handler type="java:org.apache.axis.handlers.SimpleSessionHandler"/> </responseFlow> </globalConfiguration> <transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/> <transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/></deployment>把client-config.wsdd放在classpath下,然后运行SessionClient,handler会自动在soap header中添加jsessionid的信息。
--------------------------------------------------------------------------------
九。使用tcpmon
配置session的时候学会了如何使用tcpmon监听请求和响应信息
启动tcpmon
java -cp %AXISCLASSPATH% org.apache.axis.utils.tcpmon 1234 127.0.0.1 8080然后在client中把endPoint从8080端口指向1234端口,就可以在tcpmon的界面上看到请求和响应的信息了,所以说tcpmon只是做了一个消息转发的作用。