public class AuthenticationHandler extends AbstractHandler {
public static ResourceBundle resourceBundle;
static {
resourceBundle = ResourceBundle.getBundle("sysParam");
}
public void invoke(MessageContext cfx) throws Exception {
if (cfx.getInMessage().getHeader() == null) {
throw new org.codehaus.xfire.fault.XFireFault("请求必须包含验证信息",
org.codehaus.xfire.fault.XFireFault.SENDER);
}
Element token = cfx.getInMessage().getHeader().getChild(
"AuthenticationToken");
if (token == null) {
throw new org.codehaus.xfire.fault.XFireFault("请求必须包含身份验证信息",
org.codehaus.xfire.fault.XFireFault.SENDER);
}
String check_usernames = resourceBundle.getString("username");
HashMap currentUser = new HashMap();
String check_userName [] = check_usernames.split(",");
for(String _s : check_userName){
currentUser.put(_s, resourceBundle.getString(_s+"_psw"));
}
String username = token.getChild("Username").getValue();
String password = token.getChild("Password").getValue();
try {
if(!clsStringTool.isEmpty(currentUser.get(username))){
if(currentUser.get(username).equals(password)){
//System.out.println("用户名密码验证通过");
String ip = XFireServletController.getRequest().getHeader("remoteIp");
if( ip == null)
ip = XFireServletController.getRequest().getRemoteAddr();
//System.out.println("ip==="+ip);
if(resourceBundle.getString("ip").contains(ip)){
//System.out.println("用户IP验证通过");
}else{
throw new org.codehaus.xfire.fault.XFireFault("非法的IP来源",
org.codehaus.xfire.fault.XFireFault.SENDER);
}
}else{
throw new Exception();
}
}else{
throw new Exception();
}
} catch (Exception e) {
throw new org.codehaus.xfire.fault.XFireFault("非法的用户名、密码或IP",
org.codehaus.xfire.fault.XFireFault.SENDER);
}
}
webservice 查询时校验用户名及其IP
最新推荐文章于 2021-06-22 13:42:13 发布