用Soap Header在Xfire中实现安全验证(实例代码)

用Soap Header在Xfire中实现安全验证(实例代码)

<? xml version="1.0" encoding="UTF-8" ?>
< web-app  xmlns ="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi ="http://www.w3.org/2001/XMLSchema-instance"  version ="2.4"
    xsi:schemaLocation ="http://java.sun.com/xml/ns/j2ee   http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" >
     < servlet >
         < display-name > XFire Servlet </ display-name >
         < servlet-name > XFireServlet </ servlet-name >
         < servlet-class >
            org.codehaus.xfire.transport.http.XFireConfigurableServlet
         </ servlet-class >
     </ servlet >

     < servlet-mapping >
         < servlet-name > XFireServlet </ servlet-name >
         < url-pattern > /servlet/XFireServlet/* </ url-pattern >
     </ servlet-mapping >

     < servlet-mapping >
         < servlet-name > XFireServlet </ servlet-name >
         < url-pattern > /services/* </ url-pattern >
     </ servlet-mapping >
</ web-app >

< beans  xmlns ="http://xfire.codehaus.org/config/1.0" >
< service >
< name > EchoService </ name >
< serviceClass > com.hhy.dss.ws.Echo </ serviceClass >
< serviceFactory > jsr181 </ serviceFactory >
< inHandlers >
< handler  handlerClass ="com.hhy.dss.ws.AuthenticationHandler" ></ handler >
</ inHandlers >
</ service >
</ beans >

package  com.hhy.dss.ws;

import  javax.jws.WebMethod;
import  javax.jws.WebService;

@WebService
public   class  Echo
{
    @WebMethod
     public  String echo(String in)
     {
         return  in;
    }

}

package  com.hhy.dss.ws;

import  org.apache.log4j.Logger;
import  org.codehaus.xfire.MessageContext;
import  org.codehaus.xfire.exchange.InMessage;
import  org.codehaus.xfire.fault.XFireFault;
import  org.codehaus.xfire.handler.AbstractHandler;
import  org.jdom.Element;

public   class  AuthenticationHandler  extends  AbstractHandler  {
     private   static   final  Logger log  =  Logger
            .getLogger(AuthenticationHandler. class );

     public   void  invoke(MessageContext context)  throws  Exception  {

        log.info( " #AuthenticationHandler is invoked " );
        InMessage message  =  context.getInMessage();

         if  (message.getHeader()  ==   null )  {
             throw   new  XFireFault( " GetRelation Service Should be Authenticated " ,
                    XFireFault.SENDER);
        }

        Element token  =  message.getHeader().getChild( " AuthenticationToken " );
         if  (token  ==   null )  {
             throw   new  XFireFault( " Request must include authentication token. " ,
                    XFireFault.SENDER);
        }

        String username  =  token.getChild( " Username " ).getValue();
        String password  =  token.getChild( " Password " ).getValue();

        System.out.println( " username= "   +  username);
        System.out.println( " password= "   +  password);

         if  (username  ==   null   ||  password  ==   null )
             throw   new  XFireFault( " Supplied Username and Password Please " ,
                    XFireFault.SENDER);

         /** */ /**
         * 检查用户名密码是否正确
          */
         if  ( ! username.equals( " ksafe " )  ||   ! password.equals( " killer " ))
             throw   new  XFireFault(
                     " Authentication Fail! Check username/password " ,
                    XFireFault.SENDER);

    }
}