CXF利用过滤器实现身份验证

< 本文建立在上篇文章基础之上 >

编写服务器端用户验证WsAuthHandler.java类

package Interceptor;import java.io.IOException;import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException;import org.apache.ws.security.WSPasswordCallback;public class WsAuthHandler implements CallbackHandler {public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {System.out.println("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  COME  IN @@@@@@@@@@@@@@");for (int i = 0; i < callbacks.length; i++) {WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];String identifier = pc.getIdentifier();int usage = pc.getUsage();if (usage == WSPasswordCallback.USERNAME_TOKEN) {pc.setPassword("testPassword");} else if (usage == WSPasswordCallback.SIGNATURE) {pc.setPassword("testPassword");}}}}

进行发布服务

<jaxws:server id="userService" serviceClass="com.IComplexUserService"address="/userService"><!-- 指向实现类 --><jaxws:serviceBean><ref bean="userServiceBean" /></jaxws:serviceBean><!--进入web service之前用户验证的拦截器--><jaxws:inInterceptors><bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /><bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"><constructor-arg><map><!-- 设置加密类型 --><entry key="action" value="UsernameToken" /><!-- 设置密码类型为明文 --><entry key="passwordType" value="PasswordText" /><!--<entry key="action" value="UsernameToken Timestamp" />设置密码类型为加密<entry key="passwordType" value="PasswordDigest" />--><entry key="passwordCallbackClass" value="Interceptor.WsAuthHandler" /></map></constructor-arg></bean></jaxws:inInterceptors></jaxws:server>

客户端编写WsClinetAuthHandler.java类记性验证

package com.client;import java.io.IOException;import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException;import org.apache.ws.security.WSPasswordCallback;public class WsClinetAuthHandler implements CallbackHandler {public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {for (int i = 0; i < callbacks.length; i++) {WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];System.out.println("identifier: " + pc.getIdentifier());// 这里必须设置密码，否则会抛出：java.lang.IllegalArgumentException: pwd == null// but a password is neededpc.setPassword("testPassword");//这里必须设置密码}}}

调用服务

package com.client;import java.util.ArrayList;import java.util.HashMap;import java.util.List;import java.util.Map;import org.apache.cxf.binding.soap.interceptor.SoapInterceptor;import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;import org.apache.ws.security.WSConstants;import org.apache.ws.security.handler.WSHandlerConstants;public class UserAccess {public List UserAccess(String username, String password) {// 以下和服务端配置类似，不对，应该说服务端和这里的安全验证配置一致Map<String, Object> outProps = new HashMap<String, Object>();outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);outProps.put(WSHandlerConstants.USER, username);outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);// 指定在调用远程ws之前触发的回调函数WsClinetAuthHandler，其实类似于一个拦截器outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,WsClinetAuthHandler.class.getName());ArrayList<SoapInterceptor> list = new ArrayList<SoapInterceptor>();// 添加cxf安全验证拦截器，必须list.add(new SAAJOutInterceptor());list.add(new WSS4JOutInterceptor(outProps));return list;}}

OK这是实现了用户的验证