package org.fkjava.cfx.auth;
import java.util.List;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
/**
* 服务器的In拦截器,可以指定在那个阶段起作用
*
* @author Kevin
*
*/
public class AuthInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
public AuthInterceptor() {
// 在客户端调用Web Services的operation之前
super(Phase.PRE_INVOKE);
}
/**
* msg被拦截到的soap消息
*/
@Override
public void handleMessage(SoapMessage msg) throws Fault {
// 得到soap消息的所有header
List<Header> headers = msg.getHeaders();
if (headers == null || headers.size() < 1) {
throw new Fault(new IllegalArgumentException("根本没有Header,别想调用!"));
}
Header firstHeader = headers.get(0);
Element element = (Element) firstHeader.getObject();
NodeList userIds = element.getElementsByTagName("userId");
NodeList userPasswords = element.getElementsByTagName("userPassword");
if (userIds.getLength() != 1) {
throw new Fault(new IllegalArgumentException("用户名的格式不对!"));
}
if (userPasswords.getLength() != 1) {
throw new Fault(new IllegalArgumentException("密码的格式不对!"));
}
String userId = userIds.item(0).getTextContent();
String userPassword = userPasswords.item(0).getTextContent();
// 实际项目中,应该去查询数据库,该用户名和密码是否被授权调用该Web Services
if (!userId.equals("fkjava") || !userPassword.equals("leegang")) {
throw new Fault(new IllegalArgumentException("用户名或是密码错误!"));
}
// 放行,不需要程序员关心
}
}
2.服务器自定义的In拦截器,负责检查用户名,密码是否正确:拦截器
最新推荐文章于 2021-02-16 10:50:53 发布