使用自己自己创建的拦截器完成权限的判定,即用户名和密码是否正确
服务器端主要是验证用户名和密码
以下的代码主要是Web Service的服务端
package lee;
import java.io.IOException;
public class ServerMain {
public static void main(String[] args) throws IOException{
HelloWorld hello=new HelloWorldWS();
//发布WebService
EndpointImpl endpoint=(EndpointImpl) Endpoint.publish("http://IP/webservie" ,hello);
/*
* 创建我们自己的拦截器AuthInterceptor该拦截器的功能
* 主要就是验证用户名和密码是否正确
* */
endpoint.getInInterceptors().add(new AuthInterceptor());
}
}
我们需要创建自己的拦截器AuthInterceptor这个拦截器会将SOAP消息到达服务器之前拦截该消息
public class AuthInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
public AuthInterceptor(){
super(Phase.PRE_INVOKE);
}
@Override
public void handleMessage(SoapMessage msg) throws Fault {
//这个参数msg就是我们拦截到的SOAP消息,我们需要解析Header
List<Header> headers=msg.getHeaders(); 得到所有的Header
if(headers==null || headers.size()<0){
throw new Fault(new IllegalArgumentException("根本没有Header,不能调用"));
}
Header firstHeader=headers.get(0); //得到headers的第一个元素
Element ele=(Element) firstHeader.getObject();
NodeList userIds=ele.getElementsByTagName("userId");
NodeList userpass=ele.getElementsByTagName("userPass");
if(userIds.getLength()!=1){
throw new Fault(new IllegalArgumentException("用户名格式不对"));
}
if(userpass.getLength()!=1){
throw new Fault(new IllegalArgumentException("密码格式不对"));
}
String userId=userIds.item(0).getTextContent();
String userPass=userpass.item(0).getTextContent();
//实际项目中调用数据库
if(!userId.equals("yy")||!userPass.equals("yy")){
throw new Fault(new IllegalArgumentException("用户名或者密码不正确"));
}
}
}
}
客户端的代码就是讲用户名和密码的信息加到Header中
package lee;
import yy.Cat;
public class ClientMain {
/**
* @param args
*/
public static void main(String[] args) {
HelloWorldWS factory =new HelloWorldWS();
//返回的是客户端的代理
HelloWorld hw=factory.getHelloWorldWSPort();
Client client=ClientProxy.getClient(hw);
client.getOutInterceptors().add(new AddHeaderInterceptor("yy","yy"));
client.getOutInterceptors().add(new LoggingOutInterceptor());
System.out.println(hw.sayHi("孙悟空"));
User user=new User();
user.setName("sun");
user.setPass("2233");
List<Cat> list=hw.getCatsByUser(user);
for(Cat cat:list){
System.out.println(cat.getName()+" "+cat.getColor());
}
StringCat sc=hw.getAllCats();
for (Entry entry:sc.getEntries()){
System.out.println(entry.getKey()+" "+entry.getValue().getName());
}
}
}
package yy.auth;
import java.util.List;
public class AddHeaderInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
private String userId;
private String userPass;
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getUserPass() {
return userPass;
}
public void setUserPass(String userPass) {
this.userPass = userPass;
}
public AddHeaderInterceptor(String userId,String userPass){
super(Phase.PREPARE_SEND);//在序列化之前的拦截 SOAP
this.userId=userId;
this.userPass=userPass;
}
@Override
public void handleMessage(SoapMessage msg) throws Fault {
Document document=DOMUtils.createDocument();
Element ele=document.createElement("authHeader");
Element id=document.createElement("userId");
Element pass=document.createElement("userPass");
id.setTextContent(userId);
pass.setTextContent(userPass);
ele.appendChild(id);
ele.appendChild(pass);
/*
* <authHeader>
* <userId></userId>
* <userPass></userPass>
* </authHeader>
* */
Header header=new Header(new QName("yy"),ele);
List<Header> headers=msg.getHeaders();
headers.add(header);
}
}