最近,在维护一个比较老的ear项目!需要同其他系统进行业务数据的交互!考虑到项目比较老且项目本身就在使用webservice进行数据交互!故我还是使用webservice!
涉及到数据在网络系统传输,就会涉及到数据安全问题!特别是企业内部的数据信息!故而需要在访问soap时做一个访问前的登录认证!
cxf本身就自带访问验证模块!不需要我们从头写访问验证!
现在的项目使用的是spring框架,故我这边只记录下,关于spring项目中webservice访问验证的配置!
1、修改spring整合cxf的配置文件
在spring整合配置文件中添加约束
1、xmlns:jaws=http://cxf.apache.org/jaxws
2、引入自定义拦截器,实现请求拦截验证
<jaxws:endpoint id="" implementor="" address="">
<jaxws:inInterceptor>
<ref bean="">
</jaxws:inInterceptor>
</jaxws:endpoint>
2、自定义拦截器
2.1、配置服务端拦截器
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.NodeList;
public class SOAPAuthIntercepter extends AbstractPhaseInterceptor<SoapMessage> {
private SAAJInInterceptor saaIn = new SAAJInInterceptor();
public SOAPAuthIntercepter() {
// 在哪个阶段被拦截
super(Phase.PRE_PROTOCOL);
getAfter().add(SAAJInInterceptor.class.getName());
}
public void handleMessage(SoapMessage message) throws Fault {
SOAPMessage soapMsg = message.getContent(SOAPMessage.class);
if (soapMsg == null){
saaIn.handleMessage(message);
soapMsg = message.getContent(SOAPMessage.class);
}
SOAPHeader header = null;
try {
header = soapMsg.getSOAPHeader();
NodeList userNodes = header.getElementsByTagName("username");
NodeList passNodes = header.getElementsByTagName("password");
if(userNodes!=null && passNodes!=null){
if(userNodes.item(0) == null || passNodes.item(0) == null){
throw new Fault(new Exception("auth error."));
}else{
String username = userNodes.item(0).getTextContent();
String password = passNodes.item(0).getTextContent();
if("用户名".equals(username) && "密码".equals(password)){
System.out.println("username : " + username + ",password : " + password);
}else{
throw new Fault(new Exception("auth error."));
}
}
}else{
throw new Fault(new Exception("auth error."));
}
} catch (SOAPException e) {
e.printStackTrace();
throw new Fault(new Exception("auth error."));
}
}
}
2.2、配置客户端拦截器
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
public class AddAuthIntercepter extends AbstractSoapInterceptor {
public AddAuthIntercepter() {
super(Phase.WRITE);
}
public void handleMessage(SoapMessage message) throws Fault {
String pwd = "admin";
String name = "admin";
QName qname = new QName("RequestSOAPHeader");
Document doc = DOMUtils.createDocument();
Element nameEle = doc.createElement("username");
nameEle.setTextContent(name);
Element pwdEle = doc.createElement("password");
pwdEle.setTextContent(pwd);
Element root = doc.createElementNS("", "tns:RequestSOAPHeader");
root.appendChild(nameEle);
root.appendChild(pwdEle);
SoapHeader head = new SoapHeader(qname, root);
List<Header> headers = message.getHeaders();
headers.add(head);
}
}
3、客户端调用拦截器,实现认证信息添加
Client client = ClientProxy.getClient(服务引用变量);
client.getInterceptors.add(拦截器对象)
cxf实现webservice服务远程调用时访问验证
最新推荐文章于 2023-03-22 11:28:39 发布