用cxf、spring配置restful-优快云博客

本文链接：https://blog.youkuaiyun.com/iteye_7816/article/details/82159416

本文详细介绍了如何在Spring框架中利用Spring Security与CXF结合实现RESTful服务的权限管理，包括服务端配置、权限注解应用、用户认证与授权过程，以及客户端如何调用受保护的API。通过实例代码展示了如何实现用户认证、角色授权以及不同操作的访问控制。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

一、server端配置：

1.在spring的配置文件中加入：<import resource="RESTful.xml" />

２.RESTful.xml文件内容如下：

<jaxrs:server id="bookservice" address="/">
  <jaxrs:serviceBeans>
   <ref bean="customerservice" />
  </jaxrs:serviceBeans>
  <jaxrs:providers>
   <bean class="demo.jaxrs.service.SecurityExceptionMapper" />
  </jaxrs:providers>
</jaxrs:server>

<security:global-method-security
  secured-annotations="enabled">
  <security:protect-pointcut
   expression="execution(* demo.jaxrs.service.CustomerService.getCustomer(*))"
   access="ROLE_CUSTOMER, ROLE_ADMIN" />
  <security:protect-pointcut
   expression="execution(* demo.jaxrs.service.CustomerService.addCustomer(*))"
   access="ROLE_ADMIN" />
  <security:protect-pointcut
   expression="execution(* demo.jaxrs.service.CustomerService.updateCustomer(Long,demo.jaxrs.service.Customer))"
   access="ROLE_ADMIN" />
  <security:protect-pointcut
   expression="execution(* demo.jaxrs.service.CustomerService.deleteCustomer(*))"
   access="ROLE_ADMIN" />
  <security:protect-pointcut
   expression="execution(* demo.jaxrs.service.CustomerService.getOrder(*))"
   access="ROLE_CUSTOMER, ROLE_ADMIN" />
</security:global-method-security>

<security:http auto-config='true'>
<security:http-basic />
</security:http>

<security:authentication-provider>
  <security:user-service>
   <security:user name="bob" password="bobspassword"
    authorities="ROLE_CUSTOMER" />
   <security:user name="fred" password="fredspassword"
    authorities="ROLE_CUSTOMER, ROLE_ADMIN" />
  </security:user-service>
</security:authentication-provider>
</beans>

３.CustomerService.java内容如下：

package demo.jaxrs.service;

import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;

@Path("/customerservice/")
public interface CustomerService {

    @GET
    @Path("/customers/{id}/")
    Customer getCustomer(@PathParam("id") String id);

    @PUT
    @Path("/customers/{id}")
    Response updateCustomer(@PathParam("id") Long id, Customer customer);

    @POST
    @Path("/customers/")
    Response addCustomer(Customer customer);

    @DELETE
    @Path("/customers/{id}/")
    Response deleteCustomer(@PathParam("id") String id);

@Path("/orders/{orderId}/")
Order getOrder(@PathParam("orderId") String orderId);

}
４.CustomerServiceImpl.java内容如下：

/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package demo.jaxrs.service;

import java.util.HashMap;
import java.util.Map;

import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;

public class CustomerServiceImpl implements CustomerService {
    long currentId = 123;
    Map<Long, Customer> customers = new HashMap<Long, Customer>();
    Map<Long, Order> orders = new HashMap<Long, Order>();

    public CustomerServiceImpl() {
        init();
    }

    public Customer getCustomer(String id) {
        System.out.println("----invoking getCustomer, Customer id is: " + id);
        long idNumber = Long.parseLong(id);
        Customer c = customers.get(idNumber);
        return c;
    }

    public Response updateCustomer(Long id, Customer customer) {
        System.out.println("----invoking updateCustomer, Customer name is: " + customer.getName());
        Customer c = customers.get(id);
        if (c == null || c.getId() != customer.getId()) {
            throw new WebApplicationException();
        }
        Response r;
        if (c != null) {
            customers.put(customer.getId(), customer);
            r = Response.ok(customer).build();
        } else {
            r = Response.notModified().build();
        }

return r;
}

    public Response addCustomer(Customer customer) {
        System.out.println("----invoking addCustomer, Customer name is: " + customer.getName());
        customer.setId(++currentId);

customers.put(customer.getId(), customer);

return Response.ok(customer).build();
}

    public Response deleteCustomer(String id) {
        System.out.println("----invoking deleteCustomer, Customer id is: " + id);
        long idNumber = Long.parseLong(id);
        Customer c = customers.remove(idNumber);

        Response r;
        if (c != null) {
            r = Response.ok().build();
        } else {
            r = Response.notModified().build();
        }

return r;
}

    public Order getOrder(String orderId) {
        System.out.println("----invoking getOrder, Order id is: " + orderId);
        long idNumber = Long.parseLong(orderId);
        Order c = orders.get(idNumber);
        return c;
    }

    final void init() {
        Customer c = new Customer();
        c.setName("John");
        c.setId(123);
        customers.put(c.getId(), c);

        Order o = new Order();
        o.setDescription("order 223");
        o.setId(223);
        orders.put(o.getId(), o);
    }

}
５.server端例子可以参照cxf包中distribution\src\main\release\samples\jax_rs\spring_security的例子。

二、client端

１.在spring的配置文件中加入如下内容：<import resource="RESTClient.xml" />

２.RESTClient.xml内容如下：