CXF 拦截器之消息体token验证
服务端拦截器(验证soapHeader中的token):
package com.rpc.token;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.NodeList;
import com.common.ws.AuthHeader;
public class CheckSOAPHeaderIntercepter extends AbstractSoapInterceptor {
Log logger = LogFactory.getLog(CheckSOAPHeaderIntercepter.class);
private AuthHeader authHeader;
private SAAJInInterceptor saaIn = new SAAJInInterceptor();
public CheckSOAPHeaderIntercepter() {
super(Phase.PRE_PROTOCOL);
getAfter().add(SAAJInInterceptor.class.getName());
}
public void handleMessage(SoapMessage message) throws Fault {
SOAPMessage mess = message.getContent(SOAPMessage.class);
if (mess == null) {
saaIn.handleMessage(message);
mess = message.getContent(SOAPMessage.class);
}
SOAPHeader head = null;
try {
head = mess.getSOAPHeader();
} catch (Exception e) {
logger.error("获取头信息出错" + e.getMessage(), e);
e.printStackTrace();
}
if (head == null) {
logger.error("head is null");
return;
}
NodeList nodes = head.getElementsByTagName(authHeader.getKey());
String token = "";
if (nodes != null) {
for (int i = 0; i < nodes.getLength(); i++) {
token += nodes.item(i).getTextContent();
}
}
token = StringUtils.trim(token);
// logger.info(authHeader.getTokenValue());
// logger.info(token);
if (StringUtils.isEmpty(token)) {
logger.error("Token null!");
SOAPException soapExc = new SOAPException("Token null!");
throw new Fault(soapExc);
}
if (!token.equals(authHeader.getTokenValue())) {
logger.error("认证失败!");
SOAPException soapExc = new SOAPException("Verify failed! Token wrong!");
throw new Fault(soapExc);
}
}
public void setAuthHeader(AuthHeader authHeader) {
this.authHeader = authHeader;
}
}
服务端配置:
<bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
<bean id="authHeader" class="com.xx.common.ws.AuthHeader">
<property name="token" value="${xxx.ws.pcm.token}" />
<property name="key" value="${xxx.ws.pcm.key}" />
<property name="qName" value="${xxx.ws.pcm.qName}" />
<property name="seed" value="${xxx.ws.pcm.seed}" />
<property name="content" value="${xxx.ws.pcm.content}" />
</bean>
<bean id="tokenAuth" class="com.xx.xx.rpc.token.CheckSOAPHeaderIntercepter">
<property name="authHeader" ref="authHeader" />
</bean>
<bean id="addheader" class="com.xx.common.ws.SOAPHeaderIntercepter">
<property name="authHeader" ref="authHeader" />
</bean>
<bean id="userWebServiceBean" class="com.rpc.admin.impl.UserWebServiceImpl"> <property name="xxx" ref="xxx"/> <property name="hhh" ref="hhh"/> </bean> <jaxws:server id="userWebService" serviceClass="com.rpc.admin.UserWebService" address="/userPcm"> <jaxws:serviceBean> <ref bean="userWebServiceBean"/> </jaxws:serviceBean> <jaxws:inInterceptors> <ref bean="logIn"/> <ref bean="tokenAuth" /> </jaxws:inInterceptors> <jaxws:outInterceptors> <ref bean="logOut"/> <ref bean="addheader"/> </jaxws:outInterceptors> </jaxws:server>
客户端拦截器(在soapHeader中增加token):
package com.common.ws;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
public class SOAPHeaderIntercepter extends AbstractSoapInterceptor
{
private AuthHeader authHeader;
public SOAPHeaderIntercepter()
{
super("write");
}
public void handleMessage(SoapMessage soapMessage) throws Fault
{
List headers = soapMessage.getHeaders();
headers.add(getHeader());
}
private Object getHeader() {
QName qName = new QName(this.authHeader.getqName(), this.authHeader.getKey(), "");
Document document = DOMUtils.createDocument();
Element element = document.createElementNS(this.authHeader.getqName(), this.authHeader.getKey());
Element token = document.createElement(this.authHeader.getToken());
token.setTextContent(this.authHeader.getTokenValue());
element.appendChild(token);
SoapHeader header = new SoapHeader(qName, element);
return header;
}
public AuthHeader getAuthHeader() {
return this.authHeader;
}
public void setAuthHeader(AuthHeader authHeader) {
this.authHeader = authHeader;
}
}
模拟客户端测试(方法一):
public void testGetUserByProjId() {
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "client-test.xml" });
UserWebService client = (UserWebService) context.getBean("userClient");
List<UserCms> response = client.getUserByProjId("19aee854de2442b8911c8144770a895c");
System.out.println("testuser Response: " + response.size());
}
方法一对应配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
<bean id="userClient" class="com.rpc.admin.UserWebService" factory-bean="userClientFactory" factory-method="create" />
<bean id="userClientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass" value="com.xx.rpc.admin.UserWebService" />
<property name="address" value="http://localhost:8080/services/userPcm" />
<property name="outInterceptors">
<list>
<ref bean="domainSOAPHeader"/>
</list>
</property>
</bean>
<bean id="domainSOAPHeader" class="com.common.ws.SOAPHeaderIntercepter">
<property name="authHeader" ref="domainAuthHeader" />
</bean>
<bean id="domainAuthHeader" class="com.common.ws.AuthHeader">
<property name="qName" value="http://xxx.com"/>
<property name="seed" value="hhh"/>
<property name="content" value="www"/>
<property name="key" value="AuthenticationHeader"/>
<property name="token" value="Token"/>
</bean>
</beans>
客户端测试方法二:
public static void main(String args[]) throws Exception {
System.out.println("进入测试");
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext("rpc-test.xml");
UserWebService client = (UserWebService) context.getBean("userClient");
List<UserCms> response = client.getUserByProjId("19aee854de2442b8911c8144770a895c");
System.out.println("Response :{}" + response.size());
}
方法二对应配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="authHeader" class="com.xx.common.ws.AuthHeader">
<property name="token" value="webtoken"/>
<property name="key" value="AuthenticationHeader"/>
<property name="qName" value="http://xxx.com"/>
<property name="seed" value="ggg"/>
<property name="content" value="gggg"/>
</bean>
<bean id="addheader" class="com.common.ws.SOAPHeaderIntercepter">
<property name="authHeader" ref="authHeader" />
</bean>
<!-- user test使用 -->
<jaxws:client id="userClient" serviceClass="com.rpc.admin.UserWebService" address="http://localhost:8080/services/userPcm" >
<jaxws:outInterceptors>
<ref bean="addheader"/>
</jaxws:outInterceptors>
</jaxws:client>
</beans>
认证头:
package com.common.ws;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
public class AuthHeader
{
private static final String QNAME = "http://www.xhx.com/";
private String KEY = "AuthenticationHeader";
private String TOKEN = "Token";
private String qName;
private String key;
private String token;
private String content;
private String seed;
public String getTokenValue()
{
if (StringUtils.isNotEmpty(this.content)) {
if (StringUtils.isNotEmpty(this.seed)) {
byte[] bb = MD5Util.md5(this.content + "-" + this.seed);
return new String(Base64.encodeBase64(bb));
}
return this.content;
}
return "";
}
public String getqName() {
if (StringUtils.isEmpty(this.qName)) {
this.qName = "http://www.360buy.com/";
}
return this.qName;
}
public void setqName(String qName) {
this.qName = qName;
}
public String getKey() {
if (StringUtils.isEmpty(this.key)) {
this.key = this.KEY;
}
return this.key;
}
public void setKey(String key) {
this.key = key;
}
public String getToken() {
if (StringUtils.isEmpty(this.token)) {
this.token = this.TOKEN;
}
return this.token;
}
public void setToken(String token) {
this.token = token;
}
public String getContent() {
return this.content;
}
public void setContent(String content) {
this.content = content;
}
public String getSeed() {
return this.seed;
}
public void setSeed(String seed) {
this.seed = seed;
}
}