CXF密码验证_服务端和客户端配置

 

1:服务端spring里的配置:

 

<bean id="Customer" class="org.web.HelloServiceImpl"></bean>
lt;jaxws:endpoint  id="custom"  implementor="#Customer"   address="/web" >
     <jaxws:inInterceptors>
          <bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
          <!--<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
          -->
          <bean class="org.web.soapHeader.ReadSoapHeader"></bean>
          <!--<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
              <constructor-arg>
                  <map>
                      <entry key="action" value="UsernameToken" />
                      <entry key="passwordType"
                          value="PasswordText" />
                      <entry key="user" value="cxfServer" />
                      <entry key="passwordCallbackRef">
                          <ref bean="serverPasswordCallback" />
                      </entry>
                  </map>
              </constructor-arg>
          </bean> -->
          </jaxws:inInterceptors>
</jaxws:endpoint>

这个里面是有注释的..区别上一个密码验证的示例!

关键代码就有一句: <bean class="org.web.soapHeader.ReadSoapHeader"></bean>

  这个是自己写的读取soap信息.查看密码是否正确!

2:soap读入信息的验证:ReadSoapHeader代码:

 

public class ReadSoapHeader extends AbstractPhaseInterceptor<SoapMessage> {
    private SAAJInInterceptor saa=new SAAJInInterceptor();
    public ReadSoapHeader(){
        super(Phase.PRE_PROTOCOL);
        getAfter().add(SAAJInInterceptor.class.getName());
    }
    public void handleMessage(SoapMessage message) throws Fault {
        SOAPMessage mess=message.getContent(SOAPMessage.class);
        if(mess==null){
            saa.handleMessage(message);
            mess=message.getContent(SOAPMessage.class);
        }
        SOAPHeader head=null;
        try {
            head = mess.getSOAPHeader();
        } catch (SOAPException e) {
            e.printStackTrace();
        }
        if(head==null){
            return;
        }
        NodeList nodes=head.getElementsByTagName("tns:spId");
        NodeList nodepass=head.getElementsByTagName("tns:spPassword");
        if(nodes.item(0).getTextContent().indexOf("wdw")!=-1){
            if(nodepass.item(0).getTextContent().equals("wdwsb")){
                System.out.println("认证成功");
            }
        }
        else{
            SOAPException soapExc=new SOAPException("认证错误");
            throw new Fault(soapExc);
        }
    }
}

  功能:判断客户端传来的soap信息头是否有密码..有的话判断是否正确!

 

3:客户端spring的配置:

 

<bean id="webTest" class="org.web.HelloService" factory-bean="client" factory-method="create"/>
 <bean id="client" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean" >
        <property name="address" value="http://127.0.0.1:88/Hello/web/web"></property>
        <property name="serviceClass" value="org.web.HelloService"></property>
        <property name="outInterceptors">
            <list>
                <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
                <!--<bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />  -->
                <bean class="org.web.soapHeader.AddSoapHeader"></bean>
                <!--<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
                    <constructor-arg>
                        <map>
                            <entry key="action" value="UsernameToken" />
                            <entry key="passwordType"  value="PasswordText" />
                            <entry key="user" value="cxfClient" />
                            <entry key="passwordCallbackRef">
                                <ref bean="clientPasswordCallback" />
                            </entry>
                        </map>
                    </constructor-arg>
                </bean>
            -->
            </list>
    </property>
 </bean>

  PS:注意注释>...重点是:

<bean class="org.web.soapHeader.AddSoapHeader"></bean>

 4:对soap进行如入头信息.把密码加进去:AddSoapHeader代码:

 

public class AddSoapHeader extends AbstractSoapInterceptor {
    private static String nameURI="http://127.0.0.1/Hello/web";

    public AddSoapHeader(){
        super(Phase.WRITE);
    }
    public void handleMessage(SoapMessage message) throws Fault {
        SimpleDateFormat sd=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        Date date=new Date();
        String time =sd.format(date);
        String spPassword="wdwsb";
        String spName="wdw";

        QName qname=new QName("RequestSOAPHeader");
        Document doc=DOMUtils.createDocument();

        Element spId=doc.createElement("tns:spId");
        spId.setTextContent(spName);

        Element spPass=doc.createElement("tns:spPassword");
        spPass.setTextContent(spPassword);

        Element root=doc.createElementNS(nameURI, "tns:RequestSOAPHeader");
        root.appendChild(spId);
        root.appendChild(spPass);

        SoapHeader head=new SoapHeader(qname,root);
        List<Header> headers=message.getHeaders();
        headers.add(head);
    }
}

  很简单的东西...现在密码已经加进去了...spring里也已经配置好了..

客户端就可以正常的请求了..对请求的内容会进行soap头处理.把密码加进去....

服务端通过了客户端的权限密码请求就可以了.

转自：http://blog.csdn.net/keeyce/article/details/7090753