【webservice】基于axis2设计带soaphead安全机制的webservice服务端

还是用axis2写的。是先有客户端，再有这个服务端，严格根据客户端的请求报文来写的哦。是否解决了“ 先有鸡还是先有蛋”的问题。。报文的话，请参照我的上一篇博文《【webservice】调试方法篇（二）》，那么，我的编程步骤是这样的。

1、新建java工程，导入axis2的包、dom4j工具包。

2、根据客户端的请求报文上面soap的命名空间，为工程设计包名，因此，本工程的供外部调用类（Server类）的所在包是cn.com.ultrapower.webservice.service。

3、编辑配置文件services.xml如下：

<!-- webservice配置文件   --><service name="Prc_Service" ><description>Please Type your service description here</description><messageReceivers><messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only" class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver" /><messageReceiver  mep="http://www.w3.org/2004/08/wsdl/in-out"  class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/></messageReceivers><parameter name="ServiceClass">cn.com.ultrapower.webservice.service.Server</parameter></service>

4、根据客户端的请求报文上面soap的请求方法，定义Server类里面的对外方法是SendXML(String requestXml,String busiKey)。根据报文可知道：<soapenv:Header>的参数是username与password，<soapenv:body>的参数是busiKey（请求的业务）与requestXml（请求的业务的查询参数，xml格式，需要dom4j分析）。

5、其他工具类设计：用于加载关于业务码busiKey的map的InitBusiKey.java，

6、其他工具类设计：用于加载user的账号密码、接口权限、接口流量等配置信息的InitUser.java，

下面提供Server类的全部代码：

package cn.com.ultrapower.webservice.service;import java.io.UnsupportedEncodingException;import java.util.Calendar;import java.util.HashMap;import java.util.Iterator;import java.util.Map;import org.apache.axiom.om.OMElement;import org.apache.axiom.soap.SOAPHeader;import org.apache.axis2.context.MessageContext;import org.dom4j.DocumentException;import cn.com.ultrapower.webservice.service.conf.InitBusiKey;import cn.com.ultrapower.webservice.service.conf.InitUser;import cn.com.ultrapower.webservice.service.service.CRBT_Service;import cn.com.ultrapower.webservice.service.service.ISAG_Service;import cn.com.ultrapower.webservice.service.service.MMSC_Service;import cn.com.ultrapower.webservice.service.service.WAPGW_Service;public class Server{//userFlowMap是累加用户在单位时间里对某接口的访问次数private static Map<String, Long[]> userFlowMap = new HashMap<String, Long[]>();//String为用户名username，Long[0]为时间，Long[1]为次数String responseCode = "";  //查询服务返回的状态码String responseXML = "";  //查询服务返回的业务数据/* * @para busiKey :     业务平台标识 * @para requestXml :  查询条件的XML字符串 * 定义返回码responseCode：001输入参数的busiKey无效004请求方权限验证失败003查询接口达到最大并发能力002输入参数的requestXML无效005请求的查询时间超时999其它错误000服务接口处理成功 * */public String SendXML (String requestXml,String busiKey){try{String serviceName = InitBusiKey.getInitBusiKey().getServiceName(busiKey);if(serviceName!=null && !serviceName.equals("") && serviceName.length()>0){String Username = checkAuth(serviceName);if(Username!=null && !Username.equals("")){if(checkFlow(Username)){responseCode = "000";//000：服务接口处理成功responseXML = readRequestXml(serviceName,requestXml);String returnData = returnData();return returnData;}else{responseCode = "003";//003:查询接口达到最大并发能力responseXML = "";String returnData = returnData();return returnData;}}else{responseCode = "004";//004:请求方权限验证失败responseXML = "";String returnData = returnData();return returnData;}}else{responseCode = "001";//001:输入参数的busiKey无效responseXML = "";String returnData = returnData();return returnData;}}catch(NumberFormatException e){//002:参数string转int出错(参数requestXML无效)e.printStackTrace();responseCode = "002";responseXML = "";String returnData = returnData();return returnData;}catch(NullPointerException e){//002:参数为空时出错((参数requestXML无效))e.printStackTrace();responseCode = "002";responseXML = "";String returnData = returnData();return returnData;}catch(Exception e){e.printStackTrace();responseCode = "999";//999:其它错误responseXML = "";String returnData = returnData();return returnData;}}private String returnData(){StringBuffer returnData = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");returnData.append("<root>");returnData.append("<responseCode>"); returnData.append(responseCode); returnData.append("</responseCode>");returnData.append("<responseXML>"); returnData.append(responseXML); returnData.append("</responseXML>");returnData.append("</root>");return returnData.toString();}//检测用户账号及接口权限（soaphead安全机制）private String checkAuth(String serviceName){boolean pwIsOK = false;boolean authIsOK = false;String Username="",Password="",Address="",Province="";MessageContext msgContext = MessageContext.getCurrentMessageContext();  SOAPHeader header = msgContext.getEnvelope().getHeader();Iterator list = header.getChildren();while (list.hasNext()){      OMElement element = (OMElement) list.next();      if (element.getLocalName().equals("Username")){      Username = element.getText();  }  if (element.getLocalName().equals("Password")){          Password = element.getText();      }  } if(Password.equals(InitUser.getInitUser().getUser(Username).getPassword())) pwIsOK=true;if(InitUser.getInitUser().getUser(Username).getServiceAuth().contains((","+serviceName+","))) authIsOK=true;System.out.println("step1.checkAuth >>>>>>>>> pwIsOK:"+pwIsOK+" authIsOK:"+authIsOK);if(pwIsOK && authIsOK) return Username;else return "";}//控制用户查询频率（接口流量）private boolean checkFlow(String Username){boolean flowIsOK = true;long nowTime = Calendar.getInstance().getTime().getTime();if(userFlowMap.get(Username)==null){Long[] userflow = {nowTime,1L};//userflow[0]为初始时间，userflow[1]为期间访问次数userFlowMap.put(Username, userflow);flowIsOK = true;}else if(nowTime>(userFlowMap.get(Username)[0]+60000)){Long[] userflow = {nowTime,1L};//userflow[0]为初始时间，userflow[1]为期间访问次数userFlowMap.put(Username, userflow);flowIsOK = true;}else if(userFlowMap.get(Username)[0]<=nowTime && nowTime<=(userFlowMap.get(Username)[0]+60000)){if(userFlowMap.get(Username)[1]<InitUser.getInitUser().getUser(Username).getFlowIn1Min()){Long[] userflow = {userFlowMap.get(Username)[0],userFlowMap.get(Username)[1]+1};//访问次数+1userFlowMap.put(Username, userflow);flowIsOK = true;}else{flowIsOK = false;}}System.out.println("step2.checkFlow >>>>>>>>> flowIsOK:"+flowIsOK);return flowIsOK;}//执行查询服务private String readRequestXml(String serviceName,String requestXml) throws DocumentException,NumberFormatException, NullPointerException, UnsupportedEncodingException{System.out.println("step3.readRequestXml >>>>>>>>> serviceName: "+serviceName);//选择对应的serviceif(serviceName.equals("WAPGW"))  return new WAPGW_Service().readXML(requestXml);if(serviceName.equals("MMSC"))  return new MMSC_Service().readXML(requestXml);if(serviceName.equals("ISAG"))  return new ISAG_Service().readXML(requestXml);if(serviceName.equals("CRBT"))  return new CRBT_Service().readXML(requestXml);else return "";}}

一百几十行代码，有没有看的晕晕的？希望你能够耐心地理解到这段代码，更希望这段代码能给你带来帮助！

用axis2用得时间长了，自己也希望有些突破。前阵子重写了这段业务，完全放弃了axis2，直接弄了个servlet，也就是javaweb系统，小巧呢，直接扔到tomcat的webapps就能跑了，用上一篇博文《【webservice】调试方法篇（二）》上面的源码测试，是没问题的。但是，没能及时联系到客户端厂家联调了，因为，我已经申请离职了。今天是坐岗公司的最后一天，就偷闲整理了webservice的系列博文，希望能给大家带来帮助吧。入行不深，且祝群旅途愉快吧~

转载请说明出自whilejolly：http://blog.csdn.net/seedingly/article/details/39055107