WebService 采用Apache CXF
SoapHeader 中结构如下
UserOrgID Hubs1 password
采用Handler 处理链 来拦截SOAP Message 进行验证
代码实现:
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.soap.Name;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
* AuthenticationHandler.java
*
* @author waterborn
*/
public class AuthenticationHandler implements SOAPHandler
{
private static final Log log = LogFactory.getLog(AuthenticationHandler.class);
private boolean checkAuthentication(String userOrgID, String userID, String userPSW) {
log.debug("checkAuthentication : userOrgID=" + userOrgID + " , userID=" + userID + " , userPSW=" + userPSW);
boolean check = false;
if ("Hubs1".equals(userID) && "password".equals(userPSW)) {
check = true;
}
return check;
}
@SuppressWarnings("unchecked")
public boolean handleMessage(SOAPMessageContext messageContext) {
log.debug("LoggingHandler : handleMessage Called....");
Boolean outboundProperty = (Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (!outboundProperty) { // InBound Message
String userOrgID = "";
String userID = "";
String userPSW = "";
SOAPMessage message = messageContext.getMessage();
try {
SOAPHeader soapHeader = message.getSOAPHeader();
NodeList nodeList = soapHeader.getChildNodes();
for (int i = 0; i < nodeList.getLength(); i++) {
Node nodeAuth = nodeList.item(i);
if (nodeAuth.getNodeType() == Node.ELEMENT_NODE && "Authentication".equals(nodeAuth.getNodeName())) {
for (Node node = nodeAuth.getFirstChild(); node != null; node = node.getNextSibling()) {
if (node.getNodeType() == Node.ELEMENT_NODE) {
if ("UserOrgID".equals(node.getNodeName()) && node.getFirstChild() != null) {
userOrgID = node.getFirstChild().getTextContent();
} else if ("UserID".equals(node.getNodeName()) && node.getFirstChild() != null) {
userID = node.getFirstChild().getTextContent();
} else if ("UserPSW".equals(node.getNodeName()) && node.getFirstChild() != null) {
userPSW = node.getFirstChild().getTextContent();
}
}
}
}
}
} catch (SOAPException e) {
log.warn(e);
throw new RuntimeException(e);
}
if (!checkAuthentication(userOrgID, userID, userPSW)) {
try {
message.getSOAPHeader().removeContents();
SOAPBody soapBody = message.getSOAPBody();
soapBody.removeContents();
SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
Name faultCode = envelope.createName("0001", "", envelope.getNamespaceURI());
String faultString = "Invaild userame or password !";
soapBody.addFault(faultCode, faultString);
} catch (SOAPException e) {
log.warn(e);
throw new RuntimeException(e);
}
return false;
}
}
return true;
}
public Set
getHeaders() {
return null;
}
public boolean handleFault(SOAPMessageContext messageContext) {
log.debug("handleFault");
return true;
}
public void close(MessageContext messageContext) {
log.debug("close");
}
}
在cxf-bean.xml 配置中插入