该博客介绍了一个Webservice调用时的认证处理类,通过AbstractHandler扩展实现。内容涉及检查请求头中的AuthenticationToken,从中获取用户名和密码进行验证。使用ResourceBundle读取配置的合法用户名和密码,同时验证请求的IP是否在允许的范围内,防止非法访问。如果验证失败,会抛出XFireFault异常。
public class AuthenticationHandler extends AbstractHandler {
public static ResourceBundle resourceBundle;
static {
resourceBundle = ResourceBundle.getBundle("sysParam");
}
public void invoke(MessageContext cfx) throws Exception {
if (cfx.getInMessage().getHeader() == null) {
throw new org.codehaus.xfire.fault.XFireFault("请求必须包含验证信息",
org.codehaus.xfire.fault.XFireFault.SENDER);
}
Element token = cfx.getInMessage().getHeader().getChild(
"AuthenticationToken");
if (token == null) {
throw new org.codehaus.xfire.fault.XFireFault("请求必须包含身份验证信息",
org.codehaus.xfire.fault.XFireFault.SENDER);
}
String check_usernames = resourceBundle.getString("username");
HashMap currentUser = new HashMap();
String check_userName [] = check_usernames.split(",");
for(String _s : check_userName){
currentUser.put(_s, resourceBundle.getString(_s+"_psw"));
}
String username = token.getChild("Username").getValue();
String password = token.getChild("Password").getValue();
try {
if(!clsStringTool.isEmpty(currentUser.get(username))){
if(currentUser.get(username).equals(password)){
//System.out.println("用户名密码验证通过");
String ip = XFireServletController.getRequest().getHeader("remoteIp");
if( ip == null)
ip = XFireServletController.getRequest().getRemoteAddr();
//System.out.println("ip==="+ip);
if(resourceBundle.getString("ip").contains(ip)){
//System.out.println("用户IP验证通过");
}else{
throw new org.codehaus.xfire.fault.XFireFault("非法的IP来源",
org.codehaus.xfire.fault.XFireFault.SENDER);
}
}else{
throw new Exception();
}
}else{
throw new Exception();
}
} catch (Exception e) {
throw new org.codehaus.xfire.fault.XFireFault("非法的用户名、密码或IP",
org.codehaus.xfire.fault.XFireFault.SENDER);
}
}
扫一扫
评论
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
查看更多评论
添加红包
