SOA Header 一般都是校验用户和权限的,在进入接口之前处理。
axis 一般继承BasicHandler,实现invoke方法来验证用户名密码以及权限。
cxf 是继承AbstractPhaseInterceptor,实现handleMessage方法来验证用户名密码以及权限。
AXIS如下:
package com.amway.ebiz.webService.msgService.header;
import java.util.Iterator;
import java.util.ResourceBundle;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;
import org.apache.axis.AxisFault;
import org.apache.axis.MessageContext;
import org.apache.axis.handlers.BasicHandler;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
public class MessageHeader extends BasicHandler {
private static final long serialVersionUID = 7284285169168827823L;
private static final ResourceBundle newsoasetting = ResourceBundle
.getBundle("newsoa");
@Override
public void invoke(MessageContext context) throws AxisFault {
// System.out.println("进入了头方法");
String userId = context.getUsername();
String password = context.getPassword();
// SOAPHeader header;
// try {
// header = context.getCurrentMessage().getSOAPHeader();
// NodeList l= header.getElementsByTagName("users");
// Node n= l.item(0);
// String u =n.getNodeValue();
// String v = n.getNodeName();
// Object o = n.getTextContent();
// System.out.println(u+":"+v);
// l= header.getElementsByTagName("password");
// n= l.item(0);
// u =n.getNodeValue();
// v = n.getNodeName();
// System.out.println(u+":"+v);
// } catch (SOAPException e) {
// e.printStackTrace();
// }
String user = newsoasetting.getString("soamsgname");
String pwd = newsoasetting.getString("soamsgpwd");
if (userId == null || password == null || !user.equals(userId)
|| !pwd.equals(password)) {
throw new AxisFault("Server.Unauthenticated", "用户名或者密码不对", null,
null);
}
}
}
CXF如下:
package com.gmcc.support.trade.service;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.NodeList;
import com.gmcc.support.trade.common.util.SecurityUtil;
public class ReadSoapHeader extends AbstractPhaseInterceptor<SoapMessage> {
private final Log log = LogFactory.getLog(ReadSoapHeader.class);
private SAAJInInterceptor saa = new SAAJInInterceptor();
public ReadSoapHeader() {
super(Phase.PRE_PROTOCOL);
getAfter().add(SAAJInInterceptor.class.getName());
}
@Override
public void handleMessage(SoapMessage message) throws Fault {
try {
SOAPMessage mess = message.getContent(SOAPMessage.class);
if (mess == null) {
saa.handleMessage(message);
mess = message.getContent(SOAPMessage.class);
}
SOAPHeader head = mess.getSOAPHeader();
if (head == null) {
log.warn("The soap request should has header.");
throw new Fault(new SOAPException("The soap request should has header."));
}
// 读取自定义的节点
NodeList nodes = head.getElementsByTagName("Username");
NodeList nodepass = head.getElementsByTagName("Password");
if (nodes.item(0) == null || nodepass.item(0) == null) {
log.warn("The soap request should has header.");
throw new Fault(new SOAPException("The soap request should has header."));
}
String userName = nodes.item(0).getTextContent().trim();// 用户名
String password = nodepass.item(0).getTextContent().trim();// 密码
if (userName == null || userName.equals("") || password == null || password.equals("")) {
log.warn("The soap header should has authentication message.");
throw new Fault(new SOAPException("The soap header should has authentication message."));
}
// 简单认证
if (!"root".equals(userName) || !SecurityUtil.getMD5("sonus").toUpperCase().equals(password)) {
log.warn("The user or password is illegal. user: " + userName + " pass: " + password);
throw new Fault(new SOAPException("The user or password is illegal."));
}
} catch (Exception e) {
throw new Fault(new SOAPException(e.getMessage()));
}
}
}
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
