基于Xfire SOAP Header的WebService安全验证(xfire服务端,jax-ws和xfire两种客户端)
来源:互联网 发布:单代号搭接网络计划 编辑:程序博客网 时间:2024/05/16 11:49
WebSerice是一种开放的web服务,任何人都可以访问,但我们有时候需要考虑只有付费用户才能使用WS,所以,我们就需要对WS加入安全验证机制,当然,可以利用防火墙的IP过滤,web应用的配置从最外层去隔离非法用户,但在内层,我们也可以使用SOAP Header的方式,由客户端发送验证数据,服务端验通过后基WS访问权限
首先根据我的这篇Blog
配置WS Server和WS Client,其中Client端的测试代码类名由Client改为ClientTest,因为我们要用到Xfire的一个名为Client的类
首先我们编写服务端验证类继承AbstractHandler
import org.codehaus.xfire.MessageContext;
import org.codehaus.xfire.handler.AbstractHandler;
import org.jdom.Element;
public class AuthenticationHandler extends AbstractHandler {
public void invoke(MessageContext cfx) throws Exception {
if(cfx.getInMessage().getHeader() == null)
{
throw new org.codehaus.xfire.fault.XFireFault("请求必须包含验证信息",org.codehaus.xfire.fault.XFireFault.SENDER);
}
Element token=cfx.getInMessage().getHeader().getChild("AuthenticationToken");
if (token == null)
{
throw new org.codehaus.xfire.fault.XFireFault("请求必须包含身份验证信息", org.codehaus.xfire.fault.XFireFault.SENDER);
}
String username = token.getChild("Username").getValue();
String password = token.getChild("Password").getValue();
try
{
//进行身份验证 ,只有abcd@1234的用户为授权用户
if(username.equals("abcd") && password.equals("1234"))
//这语句不显示
System.out.println("身份验证通过");
else throw new Exception();
}
catch (Exception e)
{
throw new org.codehaus.xfire.fault.XFireFault("非法的用户名和密码", org.codehaus.xfire.fault.XFireFault.SENDER);
}
}
}
xfire客户端实现身份
import org.codehaus.xfire.MessageContext;
import org.codehaus.xfire.handler.AbstractHandler;
import org.jdom.Element;
public class ClientAuthenticationHandler extends AbstractHandler {
private String username = null;
private String password = null;
public ClientAuthenticationHandler() {
}
public ClientAuthenticationHandler(String username,String password) {
this.username = username;
this.password = password;
}
public void setUsername(String username) {
this.username = username;
}
public void setPassword(String password) {
this.password = password;
}
public void invoke(MessageContext context) throws Exception {
//为SOAP Header构造验证信息
Element el = new Element("header");
context.getOutMessage().setHeader(el);
Element auth = new Element("AuthenticationToken");
Element username_el = new Element("Username");
username_el.addContent(username);
Element password_el = new Element("Password");
password_el.addContent(password);
auth.addContent(username_el);
auth.addContent(password_el);
el.addContent(auth);
}
}
为ClientTest.java加入以下代码
public static void main(String[] args) {
WebsiteAuthentClient Website = new WebsiteAuthentClient();
WebsiteAuthentPortType service = Website.getWebsiteAuthentHttpPort();
XFireProxy proxy = (XFireProxy)Proxy.getInvocationHandler(service);
Client client = proxy.getClient();
client.addOutHandler(new ClientAuthenticationHandler("abcd1","1234"));
service.test("sdf");
}
等等,还没有完,修改Services.xm为WS绑定Handler
<beans>
<service xmlns="http://xfire.codehaus.org/config/1.0">
<name>HelloService</name>
<namespace>http://test/HelloService</namespace>
<serviceClass>test.IHelloService</serviceClass>
<implementationClass>test.HelloServiceImpl</implementationClass>
<inHandlers>
<handler handlerClass ="test.AuthenticationHandler" ></handler >
</inHandlers>
</service>
</beans>
这样我们就完成了编码,下面启动tomcat,运行客户端代码,本文为abcd@1234位授权用户,使用abcd@1234,可以正常访问WS,如果用错误帐号,则会有以下异常
org.codehaus.xfire.fault.XFireFault: 非法的用户名和密码
at org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)
at org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)
at org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)
at org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.client.Client.onReceive(Client.java:406)
at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)
at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
at org.codehaus.xfire.client.Client.invoke(Client.java:336)
at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
at $Proxy0.getUser(Unknown Source)
at test.ClientTest.main(ClientTest.java:39)
如果不在CientTest加以下增加Heade则会有以下异常
XFireProxy proxy = (XFireProxy)Proxy.getInvocationHandler(service);
Client client = proxy.getClient();
client.addOutHandler(new ClientAuthenticationHandler("abcd1","1234"));
org.codehaus.xfire.fault.XFireFault: 请求必须包含验证信息
at org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)
at org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)
at org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)
at org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.client.Client.onReceive(Client.java:406)
at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)
at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
at org.codehaus.xfire.client.Client.invoke(Client.java:336)
at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
at $Proxy0.getUser(Unknown Source)
at test.ClientTest.main(ClientTest.java:35)
jax-ws客户端实现身份
import java.util.ArrayList;import java.util.List;import java.util.Set;import java.util.TreeSet;import javax.xml.namespace.QName;import javax.xml.soap.SOAPElement;import javax.xml.soap.SOAPEnvelope;import javax.xml.soap.SOAPException;import javax.xml.soap.SOAPFactory;import javax.xml.soap.SOAPHeader;import javax.xml.soap.SOAPMessage;import javax.xml.ws.handler.Handler;import javax.xml.ws.handler.HandlerResolver;import javax.xml.ws.handler.MessageContext;import javax.xml.ws.handler.PortInfo;import javax.xml.ws.handler.soap.SOAPHandler;import javax.xml.ws.handler.soap.SOAPMessageContext;public class ClientMain {@SuppressWarnings("unchecked")public static void main(String[] args) {WebsiteAuthent wa = new WebsiteAuthent();wa .setHandlerResolver(new HandlerResolver() {public List<Handler> getHandlerChain(PortInfo portInfo) {List<Handler> list = new ArrayList<Handler>();list.add(new MySOAPHandler());return list;}});WebsiteAuthentPortType service = wa.getWebsiteAuthentHttpPort();System.out.println(service.test("sdf"));}}
class MySOAPHandler implements SOAPHandler<SOAPMessageContext> {public Set<QName> getHeaders() { return null;}public void close(MessageContext context) {}public boolean handleFault(SOAPMessageContext context) {throw new UnsupportedOperationException("Not supported yet.");}public boolean handleMessage(SOAPMessageContext context) {Boolean outboundProperty = (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);if (outboundProperty.booleanValue()) {SOAPMessage message = context.getMessage();try {SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();SOAPFactory factory = SOAPFactory.newInstance();SOAPElement authenticationToken = factory.createElement("AuthenticationToken");SOAPElement userName = factory.createElement("userName");userName.setValue("abcd");SOAPElement password = factory.createElement("password");password.setValue("1234");authenticationToken.addChildElement(userName);authenticationToken.addChildElement(password);SOAPHeader header = envelope.addHeader();header.addChildElement(authenticationToken);} catch (SOAPException e) {e.printStackTrace();}}return true;}}
- 基于Xfire SOAP Header的WebService安全验证(xfire服务端,jax-ws和xfire两种客户端)
- 基于Xfire SOAP Header的WebService安全验证教程
- 基于Xfire SOAP Header的WebService安全验证教程
- 基于Xfire SOAP Header的WebService安全验证教程
- XFire实现身份验证(基于Xfire SOAP Header的WebService安全验证)
- XFire实现身份验证(基于Xfire SOAP Header的WebService安全验证)
- XFire实现身份验证(基于Xfire SOAP Header的WebService安全验证)
- WebService的 HelloWorld : XFire , JAX-WS , JSR181
- XFire webservice WS-Security安全
- XFire WebService服务端和客户端例子
- XFire WebService服务端和客户端例子
- XFire创建WebService服务端和客户端
- xfire 创建webservice客户端和服务端
- XFire创建WebService服务端和客户端
- webservice之JAX-WS 与XFire比较
- axis,jax-ws,xfire客户端调用
- WebService开发流程(AAXIS、JAX-WS、XFire框架)
- 基于Axis、XFire、CXF的webservice 客户端
- 按键设备驱动—我的学习资料
- H面试(20): 排序总结
- 数学知识
- 把应用安装到Android系统目录下
- qemu增加镜像磁盘
- 基于Xfire SOAP Header的WebService安全验证(xfire服务端,jax-ws和xfire两种客户端)
- 【C++学习笔记】简单的多线程程序(摘自孙鑫C++教学视频)
- Jquery绑定事件(bind和live的区别)
- hdu 4427 Math Magic(简单DP注意细节)
- 需求分析挑战之旅(疯狂的订餐系统)(1)——某IT公司员工的吃饭问题
- hdu 4704 Sum 多校第十场
- android源码下载方法
- Why I always get “Uncaught SyntaxError: Unexpected token u ” from Chrome?
- cv代码分类合集