本文介绍了一种基于HTTP的身份验证机制实现方式,通过检查请求消息中的用户名和密码来决定是否授权访问资源。若验证失败,则返回未授权状态码并设置认证头。
@Override
public void handleMessage(Message aMsg) throws Fault
{
final AuthorizationPolicy policy = aMsg.get(AuthorizationPolicy.class);
if (null == policy)
{
sendErrorResponse(aMsg, HttpURLConnection.HTTP_UNAUTHORIZED);
return;
}
String userName = policy.getUserName();
String passwrod = policy.getPassword();
if (StringUtil.isNullOrEmpty(passwrod))
{
sendErrorResponse(aMsg, HttpURLConnection.HTTP_UNAUTHORIZED);
return;
}
if (!passwrod.equalsIgnoreCase(this.getProps().getProperty(userName)))
{
sendErrorResponse(aMsg, HttpURLConnection.HTTP_UNAUTHORIZED);
return;
}
super.handleMessage(aMsg);
}
private void sendErrorResponse(Message message, int responseCode)
{
Message outMessage = getOutMessage(message);
outMessage.put(Message.RESPONSE_CODE, responseCode);
// Set the response headers
Map responseHeaders = (Map) message.get(Message.PROTOCOL_HEADERS);
if (responseHeaders != null)
{
responseHeaders.put("WWW-Authenticate",
Arrays.asList(new String[] { "Basic realm=realm" }));
responseHeaders.put("Content-Length",
Arrays.asList(new String[] { "0" }));
}
message.getInterceptorChain().abort();
try
{
getConduit(message).prepare(outMessage);
close(outMessage);
}
catch (IOException e)
{
e.printStackTrace();
}
}
private Message getOutMessage(Message inMessage)
{
Exchange exchange = inMessage.getExchange();
Message outMessage = exchange.getOutMessage();
if (outMessage == null)
{
Endpoint endpoint = exchange.get(Endpoint.class);
outMessage = endpoint.getBinding().createMessage();
exchange.setOutMessage(outMessage);
}
outMessage.putAll(inMessage);
return outMessage;
}
}
public void handleMessage(Message aMsg) throws Fault
{
final AuthorizationPolicy policy = aMsg.get(AuthorizationPolicy.class);
if (null == policy)
{
sendErrorResponse(aMsg, HttpURLConnection.HTTP_UNAUTHORIZED);
return;
}
String userName = policy.getUserName();
String passwrod = policy.getPassword();
if (StringUtil.isNullOrEmpty(passwrod))
{
sendErrorResponse(aMsg, HttpURLConnection.HTTP_UNAUTHORIZED);
return;
}
if (!passwrod.equalsIgnoreCase(this.getProps().getProperty(userName)))
{
sendErrorResponse(aMsg, HttpURLConnection.HTTP_UNAUTHORIZED);
return;
}
super.handleMessage(aMsg);
}
private void sendErrorResponse(Message message, int responseCode)
{
Message outMessage = getOutMessage(message);
outMessage.put(Message.RESPONSE_CODE, responseCode);
// Set the response headers
Map responseHeaders = (Map) message.get(Message.PROTOCOL_HEADERS);
if (responseHeaders != null)
{
responseHeaders.put("WWW-Authenticate",
Arrays.asList(new String[] { "Basic realm=realm" }));
responseHeaders.put("Content-Length",
Arrays.asList(new String[] { "0" }));
}
message.getInterceptorChain().abort();
try
{
getConduit(message).prepare(outMessage);
close(outMessage);
}
catch (IOException e)
{
e.printStackTrace();
}
}
private Message getOutMessage(Message inMessage)
{
Exchange exchange = inMessage.getExchange();
Message outMessage = exchange.getOutMessage();
if (outMessage == null)
{
Endpoint endpoint = exchange.get(Endpoint.class);
outMessage = endpoint.getBinding().createMessage();
exchange.setOutMessage(outMessage);
}
outMessage.putAll(inMessage);
return outMessage;
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
