实现Webservice 中Soap Header 的用户验证

WebService 采用Apache CXF

SoapHeader 中结构如下

   
       UserOrgID
               Hubs1
               password
          
     

   采用Handler 处理链 来拦截SOAP Message 进行验证
  代码实现:

import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.soap.Name;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/**
 * AuthenticationHandler.java
 * 
 * @author waterborn
 */
public class AuthenticationHandler implements SOAPHandler {

    private static final Log log = LogFactory.getLog(AuthenticationHandler.class);

    private boolean checkAuthentication(String userOrgID, String userID, String userPSW) {
        log.debug("checkAuthentication : userOrgID=" + userOrgID + " , userID=" + userID + " ,  userPSW=" + userPSW);
        boolean check = false;
        if ("Hubs1".equals(userID) && "password".equals(userPSW)) {
            check = true;
        }
        return check;
    }

    @SuppressWarnings("unchecked")
    public boolean handleMessage(SOAPMessageContext messageContext) {
        log.debug("LoggingHandler : handleMessage Called....");
        Boolean outboundProperty = (Boolean) messageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
        if (!outboundProperty) { // InBound Message
            String userOrgID = "";
            String userID = "";
            String userPSW = "";
            SOAPMessage message = messageContext.getMessage();
            try {
                SOAPHeader soapHeader = message.getSOAPHeader();
                NodeList nodeList = soapHeader.getChildNodes();
                for (int i = 0; i < nodeList.getLength(); i++) {
                    Node nodeAuth = nodeList.item(i);
                    if (nodeAuth.getNodeType() == Node.ELEMENT_NODE && "Authentication".equals(nodeAuth.getNodeName())) {
                        for (Node node = nodeAuth.getFirstChild(); node != null; node = node.getNextSibling()) {
                            if (node.getNodeType() == Node.ELEMENT_NODE) {
                                if ("UserOrgID".equals(node.getNodeName()) && node.getFirstChild() != null) {
                                    userOrgID = node.getFirstChild().getTextContent();
                                } else if ("UserID".equals(node.getNodeName()) && node.getFirstChild() != null) {
                                    userID = node.getFirstChild().getTextContent();
                                } else if ("UserPSW".equals(node.getNodeName()) && node.getFirstChild() != null) {
                                    userPSW = node.getFirstChild().getTextContent();
                                }
                            }
                        }
                    }
                }
            } catch (SOAPException e) {
                log.warn(e);
                throw new RuntimeException(e);
            }
            if (!checkAuthentication(userOrgID, userID, userPSW)) {
                try {
                    message.getSOAPHeader().removeContents();
                    SOAPBody soapBody = message.getSOAPBody();
                    soapBody.removeContents();
                    SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
                    Name faultCode = envelope.createName("0001", "", envelope.getNamespaceURI());
                    String faultString = "Invaild userame or password !";
                    soapBody.addFault(faultCode, faultString);
                } catch (SOAPException e) {
                    log.warn(e);
                    throw new RuntimeException(e);
                }
                return false;
            }
        }
        return true;
    }

    public Set getHeaders() {
        return null;
    }

    public boolean handleFault(SOAPMessageContext messageContext) {
        log.debug("handleFault");
        return true;
    }

    public void close(MessageContext messageContext) {
        log.debug("close");
    }
}
在cxf-bean.xml 配置中插入
    

你可能感兴趣的:(WebService,J2EE)