cxf webserivce 身份认证 拦截器定义 JAVA
服务器端XML及代码配置:
<bean name="crawlInfoClient" class="com.client.impl.CrawlInfoClientImpl"></bean>
<bean id="crawInfoSupply" class="com.server.impl.CrawInfoSupplyImpl">
<property name="crawlInfoClient" ref="crawlInfoClient"></property>
</bean>
<bean id="authHeader" class="com.common.ws.AuthHeader">
<property name="token" value="test123" />
<property name="key" value="AuthenticationHeader" />
<property name="qName" value="http://server.com/" />
<property name="content" value="test12" />
<property name="seed" value="test123" />
</bean>
<bean id="crawinfoSupplySOAPHeaderIntercepter" class="com.util.AuthInterceptor">
<property name="authHeader" ref="authHeader"/>
</bean>
<jaxws:endpoint id="crawInfoSupplyMessage" implementor="#crawInfoSupply" address="/crawInfoSupplyMessage" >
<jaxws:inInterceptors>
<ref bean="crawinfoSupplySOAPHeaderIntercepter"></ref>
</jaxws:inInterceptors>
</jaxws:endpoint>
AuthInterceptor定义:
import common.ws.AuthHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.NodeList;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
public class AuthInterceptor extends AbstractSoapInterceptor {
private AuthHeader authHeader;
public void setAuthHeader(AuthHeader authHeader) {
this.authHeader = authHeader;
}
private SAAJInInterceptor saa = new SAAJInInterceptor();
public AuthInterceptor() {
super(Phase.PRE_PROTOCOL);
getAfter().add(SAAJInInterceptor.class.getName());
}
@Override
public void handleMessage(SoapMessage message) throws Fault {
SOAPMessage mess = message.getContent(SOAPMessage.class);
if (mess == null) {
saa.handleMessage(message);
mess = message.getContent(SOAPMessage.class);
}
SOAPHeader head = null;
try {
head = mess.getSOAPHeader();
} catch (Exception e) {
e.printStackTrace();
}
if (head == null) {
return;
}
NodeList nodes = head.getElementsByTagName(authHeader.getToken());
if (!nodes.item(0).getTextContent().equals(authHeader.getTokenValue())) {
SOAPException soapExc = new SOAPException("verify error!token error!");
throw new Fault(soapExc);
}
}
}
AuthHeader代码:
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
public class AuthHeader {
private final static String QNAME ="http://www.bb.com/";
private String KEY = "AuthenticationHeader";
private String TOKEN = "Token";
private String qName ;
private String key ;
private String token ;
private String content;
private String seed;
public AuthHeader(){}
public String getTokenValue(){
if(StringUtils.isNotEmpty( content )) {
if(StringUtils.isNotEmpty(seed)){
byte[] bb = MD5Util.md5( content + "-" + seed );
return new String(Base64.encodeBase64(bb));
} else {
return content;
}
}
return "";
}
public String getqName() {
if( StringUtils.isEmpty(qName) ){
qName = QNAME;
}
return qName;
}
public void setqName(String qName) {
this.qName = qName;
}
public String getKey() {
if( StringUtils.isEmpty(key) ){
key = KEY;
}
return key;
}
public void setKey(String key) {
this.key = key;
}
public String getToken() {
if( StringUtils.isEmpty(token) ){
token = TOKEN;
}
return token;
}
public void setToken(String token) {
this.token = token;
}
public String getContent() {
return content;
}
public void setContent(String content) {
this.content = content;
}
public String getSeed() {
return seed;
}
public void setSeed(String seed) {
this.seed = seed;
}
}
客户端XML配置及代码:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="crawinfoSupplySOAPHeaderIntercepter" class="com.SOAPHeaderIntercepter">
<property name="authHeader" ref="authHeader"/>
</bean>
<bean id="authHeader" class="com.AuthHeader">
<property name="token" value="test123" />
<property name="key" value="AuthenticationHeader" />
<property name="qName" value="http://server.com/" />
<property name="content" value="test12" />
<property name="seed" value="test1236" />
</bean>
<jaxws:client id="client" address="http://localhost:80/ws/crawInfoSupplyMessage"
serviceClass="com.CrawInfoSupply">
<jaxws:outInterceptors>
<ref bean="crawinfoSupplySOAPHeaderIntercepter"/>
</jaxws:outInterceptors>
</jaxws:client>
</beans>
AuthHeader代码如上,SOAPHeaderIntercepter代码如下:
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import javax.xml.namespace.QName;
import java.util.List;
public class SOAPHeaderIntercepter extends AbstractSoapInterceptor {
private AuthHeader authHeader;
public SOAPHeaderIntercepter(){
super(Phase.WRITE);
}
public void handleMessage(SoapMessage soapMessage) throws Fault {
List headers=soapMessage.getHeaders();
headers.add(getHeader());
}
private Object getHeader() {
QName qName=new QName(authHeader.getqName(), authHeader.getKey(), "");
Document document= DOMUtils.createDocument();
Element element=document.createElementNS(authHeader.getqName(), authHeader.getKey());
Element token = document.createElement(authHeader.getToken());
token.setTextContent(authHeader.getTokenValue());
element.appendChild(token);
SoapHeader header=new SoapHeader(qName, element);
return(header);
}
public AuthHeader getAuthHeader() {
return authHeader;
}
public void setAuthHeader(AuthHeader authHeader) {
this.authHeader = authHeader;
}
}