WebService拦截器实现权限控制

package com.sdsj.main.interceptor;import java.lang.reflect.Method;import java.util.List;import org.apache.cxf.binding.soap.SoapMessage;import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;import org.apache.cxf.headers.Header;import org.apache.cxf.interceptor.Fault;import org.apache.cxf.message.Exchange;import org.apache.cxf.message.MessageContentsList;import org.apache.cxf.phase.AbstractPhaseInterceptor;import org.apache.cxf.phase.Phase;import org.apache.cxf.service.Service;import org.apache.cxf.service.invoker.MethodDispatcher;import org.apache.cxf.service.model.BindingOperationInfo;import org.w3c.dom.Element;import org.w3c.dom.NodeList;/** * @version 1.0 */public class AuthInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {     private SAAJInInterceptor saa = new SAAJInInterceptor();      public AuthInInterceptor() {        /** 指定拦截器在调用操作之前起作用 */        super(Phase.PRE_INVOKE);    }    @Override    public void handleMessage(SoapMessage soapMessage) throws Fault {        /** 获取所有的Header头 */        /**          * <header>         *    <auth></auth>         *    <id></id>         * </header>         */        List<Header> headers = soapMessage.getHeaders();         MessageContentsList contentsList = MessageContentsList.getContentsList(soapMessage);            Exchange exchange = soapMessage.getExchange();            BindingOperationInfo bop = exchange.get(BindingOperationInfo.class);              MethodDispatcher md = (MethodDispatcher) exchange.get(Service.class)                      .get(MethodDispatcher.class.getName());              Method method = md.getMethod(bop);            String MName = method.getName();           /* SimpleMethodDispatcher methodDispatcher = new SimpleMethodDispatcher();            Method method = methodDispatcher.getMethod(bindingOperationInfo);            WrappedMessageContext wmc = (WrappedMessageContext) messageContext;              Message m = wmc.getWrappedMessage();              Exchange exchange = m.getExchange();              BindingOperationInfo bop = exchange.get(BindingOperationInfo.class);              MethodDispatcher md = (MethodDispatcher) exchange.get(Service.class)                      .get(MethodDispatcher.class.getName());              Method method = md.getMethod(bop);  */        /**         * 约定好的         * <header>            <auth>                 <auth_id>admin</aut_id>                 <auth_pwd>888888</auth_pwd>            </auth>            </header>         */        if (headers == null || headers.size() != 1){            throw new Fault(new IllegalArgumentException("您没有携带Header头，不能访问！"));        }        // 获取第一个Header头        Header header = headers.get(0);        // 获取heade头对应的xml元素        Element element = (Element)header.getObject();        // 获取auth_id        NodeList idNode = element.getElementsByTagName("auth_id");        // 获取auth_pwd        NodeList pwdNode = element.getElementsByTagName("auth_pwd");        if (idNode == null || idNode.getLength() == 0                || pwdNode == null || pwdNode.getLength() == 0){            throw new Fault(new IllegalArgumentException("您携带Header头格式不正确，不能访问！"));        }        // 获取内容        String authId = idNode.item(0).getTextContent();        String authPwd = pwdNode.item(0).getTextContent();        if ("admin".equals(authId) ){            if( !"000000".equals(authPwd)){            throw new Fault(new IllegalArgumentException("用户名与密码不正确，不能访问！"));}        }        if("importerD".equals(authId)){            if(!"111111".equals(authPwd)){throw new Fault(new IllegalArgumentException("密码不正确，不能访问！"));}            if(!"innert".equals(MName)){throw new Fault(new IllegalArgumentException("权限不够，不能操作！"));}            if(!"1".equals(contentsList.get(5)+"")){throw new Fault(new IllegalArgumentException("对其他项目操作的权限不够！"));}        }        if("importerS".equals(authId)){            if(!"222222".equals(authPwd)){throw new Fault(new IllegalArgumentException("密码不正确，不能访问！"));}            if(!"innert".equals(MName)){throw new Fault(new IllegalArgumentException("权限不够，不能操作！"));}            if(!"2".equals(contentsList.get(5)+"")){throw new Fault(new IllegalArgumentException("对其他项目操作的权限不够！"));}        }        if("searcherD".equals(authId)){            if(!"333333".equals(authPwd)){throw new Fault(new IllegalArgumentException("密码不正确，不能访问！"));}            if(!"find".equals(MName)){throw new Fault(new IllegalArgumentException("权限不够，不能操作！"));}            if(!"gjidcx".equals(contentsList.get(0)+"")){            if(!"1".equals(contentsList.get(7)+"")){throw new Fault(new IllegalArgumentException("对其他项目操作的权限不够！"));}}        }        if("searcherS".equals(authId)){            if(!"444444".equals(authPwd)){throw new Fault(new IllegalArgumentException("密码不正确，不能访问！"));}            if(!"find".equals(MName)){throw new Fault(new IllegalArgumentException("权限不够，不能操作！"));}            if(!"gjidcx".equals(contentsList.get(0)+"")){            if(!"2".equals(contentsList.get(7)+"")){throw new Fault(new IllegalArgumentException("对其他项目操作的权限不够！"));}}        }        if("searcherBId".equals(authId)){            if(!"555555".equals(authPwd)){throw new Fault(new IllegalArgumentException("密码不正确，不能访问！"));}            if(!"find".equals(MName)){throw new Fault(new IllegalArgumentException("权限不够，不能操作！"));}            if(!"gjidcx".equals(contentsList.get(0)+"")){throw new Fault(new IllegalArgumentException("该用户只能进行通过id查询的操作！"));}        }    }}