webservice 自定义拦截器实现安全认证
服务器端验证拦截器:
package com.mscncn.ws.sayhi.interceptor;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Element;
public class CheckUserInterceptor extends AbstractPhaseInterceptor {
public CheckUserInterceptor() {
super(Phase.PRE_PROTOCOL);
}
public void handleMessage(SoapMessage msg) throws Fault {
Header header=msg.getHeader(new QName("mscncn"));
if(header!=null){
Element rootEle=(Element) header.getObject();
String name=rootEle.getElementsByTagName("name").item(0).getTextContent();
String password=rootEle.getElementsByTagName("password").item(0).getTextContent();
if(name.equals("zs")&&password.equals("123456")){
System.out.println(" Service 通过了拦截器");
}
}
//没有通过
System.out.println("Service 没有通过拦截器");
}
}
服务器端注册拦截器:
public static void main(String[] args) {
String address="http://192.168.70.51:1111/day01_ws/hellows";
Endpoint point=Endpoint.publish(address, new HelloWSImpl());
EndpointImpl endpointImpl=(EndpointImpl)point;
List> inTerceptors=endpointImpl.getInInterceptors();
inTerceptors.add(new CheckUserInterceptor());
System.out.println("web service 发布成功!");
}
客户端拦截器:
package com.mscncn.ws.sayhi.interceptor;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.xml.utils.DOMHelper;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
public class AddUserInterceptor extends AbstractPhaseInterceptor {
private String name;
private String password;
/**
* @param phase 拦截器什么时候被调用
*/
public AddUserInterceptor() {
super(Phase.PRE_PROTOCOL);//准备协议化时拦截
}
public AddUserInterceptor(String name,String password){
super(Phase.PRE_PROTOCOL);//准备协议化时拦截
this.name=name;
this.password=password;
}
@Override
public void handleMessage(SoapMessage msg) throws Fault {
/*
tom
*/
List headers=msg.getHeaders();//获取所有的头
Document document=DOMHelper.createDocument();
Element rootEle=document.createElement("mscncn");
Element nameEle=document.createElement("name");
Element passwordEle=document.createElement("name");
nameEle.setTextContent(name);
passwordEle.setTextContent(password);
rootEle.appendChild(nameEle);
rootEle.appendChild(passwordEle);
headers.add(new Header(new QName("mscncn"), rootEle));
System.out.println("client handleMessage()......");
}
}
客户端注册拦截器:
public static void main(String[] args) {
HelloWSImplService wsImplService=new HelloWSImplService();
HelloWS ws=wsImplService.getHelloWSImplPort();
Client client=ClientProxy.getClient(ws);
List> outTerceptors=client.getInInterceptors();
outTerceptors.add(new AddUserInterceptor("zs","123456"));
System.out.println("client :"+ws.sayHello("tom cat"));
}
}
CXF中的拦截器分为in拦截器和out拦截器,又有客户端拦截器和服务端拦截器。
拦截器使用流程:客户端(out)-> 服务端(in)->处理业务->服务端(out)->客户端(in),并不是每一步都需要拦截器。在这里我们用到的是客户端Out拦截器和服务端in拦截器。服务端in拦截器检查用户级权限,客户端out浏览器发送用户信息给服务端。