使用自己自己建立的攔截器完成權限的判定,即使用者名和密碼是否正确
伺服器端主要是驗證使用者名和密碼
以下的代碼主要是Web Service的服務端
package lee;
import java.io.IOException;
public class ServerMain {
public static void main(String[] args) throws IOException{
HelloWorld hello=new HelloWorldWS();
//釋出WebService
EndpointImpl endpoint=(EndpointImpl) Endpoint.publish("http://IP/webservie" ,hello);
endpoint.getInInterceptors().add(new AuthInterceptor());
}
}
我們需要建立自己的攔截器AuthInterceptor這個攔截器會将SOAP消息到達伺服器之前攔截該消息
public class AuthInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
public AuthInterceptor(){
super(Phase.PRE_INVOKE);
}
@Override
public void handleMessage(SoapMessage msg) throws Fault {
//這個參數msg就是我們攔截到的SOAP消息,我們需要解析Header
List<Header> headers=msg.getHeaders(); 得到所有的Header
if(headers==null || headers.size()<0){
throw new Fault(new IllegalArgumentException("根本沒有Header,不能調用"));
}
Header firstHeader=headers.get(0); //得到headers的第一個元素
Element ele=(Element) firstHeader.getObject();
NodeList userIds=ele.getElementsByTagName("userId");
NodeList userpass=ele.getElementsByTagName("userPass");
if(userIds.getLength()!=1){
throw new Fault(new IllegalArgumentException("使用者名格式不對"));
}
if(userpass.getLength()!=1){
throw new Fault(new IllegalArgumentException("密碼格式不對"));
}
String userId=userIds.item(0).getTextContent();
String userPass=userpass.item(0).getTextContent();
//實際項目中調用資料庫
if(!userId.equals("yy")||!userPass.equals("yy")){
throw new Fault(new IllegalArgumentException("使用者名或者密碼不正确"));
}
}
}
}
用戶端的代碼就是講使用者名和密碼的資訊加到Header中
package lee;
import yy.Cat;
public class ClientMain {
public static void main(String[] args) {
HelloWorldWS factory =new HelloWorldWS();
//傳回的是用戶端的代理
HelloWorld hw=factory.getHelloWorldWSPort();
Client client=ClientProxy.getClient(hw);
client.getOutInterceptors().add(new AddHeaderInterceptor("yy","yy"));
client.getOutInterceptors().add(new LoggingOutInterceptor());
System.out.println(hw.sayHi("孫悟空"));
User user=new User();
user.setName("sun");
user.setPass("2233");
List<Cat> list=hw.getCatsByUser(user);
for(Cat cat:list){
System.out.println(cat.getName()+" "+cat.getColor());
}
StringCat sc=hw.getAllCats();
for (Entry entry:sc.getEntries()){
System.out.println(entry.getKey()+" "+entry.getValue().getName());
}
}
}
package yy.auth;
import java.util.List;
public class AddHeaderInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
private String userId;
private String userPass;
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getUserPass() {
return userPass;
}
public void setUserPass(String userPass) {
this.userPass = userPass;
}
public AddHeaderInterceptor(String userId,String userPass){
super(Phase.PREPARE_SEND);//在序列化之前的攔截 SOAP
this.userId=userId;
this.userPass=userPass;
}
@Override
public void handleMessage(SoapMessage msg) throws Fault {
Document document=DOMUtils.createDocument();
Element ele=document.createElement("authHeader");
Element id=document.createElement("userId");
Element pass=document.createElement("userPass");
id.setTextContent(userId);
pass.setTextContent(userPass);
ele.appendChild(id);
ele.appendChild(pass);
Header header=new Header(new QName("yy"),ele);
List<Header> headers=msg.getHeaders();
headers.add(header);
}
}