WebService CXF 日志拦截器和权限验证
要首先以有个接口:
?
@WebService
public interface MyWebService {
??? int add(int a, int b);
}
实现类
@WebService(endpointInterface="com.sg.service.MyWebService",serviceName="MyService")
public class MyWebserviceImpl implements MyWebService {
??? @Override
??? public int add(int a, int b) {
??? ??? System.out.println(a+"+"+b+"="+(a+b));
??? ??? return a+b;
??? }
}
?
发布服务端:
public class ServiceTest {
??? public static void main(String[] args) {
??? ??? System.out.println("service start................");
??? ??? MyWebserviceImpl myWebserviceImpl = new MyWebserviceImpl();
??? ??? String address = "http://localhost:8089/myService";
??? ??? EndpointImpl endpointImpl = (EndpointImpl) Endpoint.publish(address, myWebserviceImpl);
??? ??? System.out.println("service end ..............");
??? ??? //日志进来的日志拦截器
??? ??? endpointImpl.getOutInterceptors().add(new LoggingOutInterceptor());
??? ??? //出去的
??? ??? endpointImpl.getInInterceptors().add(new LoggingInInterceptor());
??? }
}
?
客户端:
//客户端
public class ClientTest {
??? public static void main(String[] args) {
??? ??? //对应服务器端实现类
??? ??? //@WebService(endpointInterface="com.sg.service.MyWebService",serviceName="MyService")
??? ??? MyService myService = new MyService();
??? ??? //获取一个接口:服务器端的代理接口
??? ??? MyWebService myWebService = myService.getMyWebserviceImplPort();
??? ???
??? ??? //获取cxf客户端服务类? 通过cxf客户端代理类来获取
??? ??? //传入参数是:代理webservice服务端口
??? ??? Client client = ClientProxy.getClient(myWebService);
??? ??? //进入时日志记录
??? ??? client.getInInterceptors().add(new LoggingInInterceptor());
??? ??? //响应时日志记录
??? ??? client.getOutInterceptors().add(new LoggingOutInterceptor());
??? ??? //用户名 权限验证
??? ??? client.getOutInterceptors().add(new AddHeaderInterceptor("admin", "123456"));
??? ???
??? ??? int add = myWebService.add(1, 1);
??? ??? System.out.println("add : "+add);
??? }
}
定义服务端拦截器:
package com.sg.service;
import java.util.List;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Element;
//服务器 验证权限
public class AuthInterceptor extends AbstractPhaseInterceptor<SoapMessage>{
??? public AuthInterceptor(){
??? ??? super(Phase.PRE_INVOKE);
??? }
??? @Override
??? public void handleMessage(SoapMessage message) throws Fault {
??? ??? List<Header> headers = message.getHeaders();
??? ??? //日过客户端没有传入SOAP包头文件时
??? ??? if (headers == null || headers.size() == 0) {
??? ??? ??? //return 在这里不能实用? 是错误的使用
??? ??? ??? //没有权限的时候? 怎样告诉客户端没有权限?抛异常
??? ??? ??? throw new Fault(new IllegalAccessException("SAOP 包文件没有....."));
??? ??? }
??? ??? Header header = headers.get(0);
??? ??? System.out.println(header.getObject().getClass()+"******************************");
??? ??? Element element = (Element)header.getObject();
??? ??? String username = element.getElementsByTagName("username").item(0).getTextContent();
??? ??? String password = element.getElementsByTagName("password").item(0).getTextContent();
??? ??? System.out.println("***************************************************");
??? ??? if ("admin".equals(username) && "123456".equals(password)) {
??? ??? ??? //验证成功
??? ??? ??? //处理其他的业务逻辑 : 扣费
??? ??? ???
??? ??? ??? System.out.println("===========处理其他的业务逻辑 : 扣费===========");
??? ??? }else {
??? ??? ??? //验证失败
??? ??? ??? throw new Fault(new RuntimeException("访问服务的用户名 或密码错误...."));
??? ??? }
??? }
}
定义客户端拦截器:
package com.sg.client;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
//客户端拦截器
public class AddHeaderInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
??? private String username;
??? private String password;
???
??? public AddHeaderInterceptor(String username,String password){
??? ??? //告诉拦截器什么时机调用拦截器
??? ??? super(Phase.PREPARE_SEND);
??? ??? this.username = username;
??? ??? this.password = password;
??? }
??? @Override
??? public void handleMessage(SoapMessage message) throws Fault {
??? ??? //添加soap头信息 包含用户名? 和 密码
??? ??? /**
??? ??? ?* <auth><username>admin</username><password>123456</password></auth>
??? ??? ?*/
??? ??? Document document = DOMUtils.createDocument();
??? ??? Element authElement = document.createElement("auth");
??? ??? Element username = document.createElement("username");
??? ??? username.setTextContent(this.username);
??? ??? authElement.appendChild(username);
??? ??? Element password = document.createElement("password");
??? ??? password.setTextContent(this.password);
??? ??? authElement.appendChild(password);
??? ???
??? ??? //第二个参数必须是Element对象
??? ??? Header header = new Header(new QName("com.sg.service"), authElement);
??? ??? message.getHeaders().add(header);
??? }
}
?
测试结果显示:
客户端日志信息:
2013-1-24 23:44:14 org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
信息: Creating Service {http://service.sg.com/}MyService from WSDL: http://localhost:8089/myService?wsdl
2013-1-24 23:44:15 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
信息: Outbound Message
---------------------------
ID: 1
Address: http://localhost:8089/myService
Encoding: UTF-8
Content-Type: text/xml
Headers: {Accept=[*/*], SOAPAction=[""]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header>
??? <auth>
??? ??? <username>admin</username>
??? ??? <password>123456</password>
??? </auth>
</soap:Header><soap:Body><ns2:add xmlns:ns2="http://service.sg.com/"><arg0>1</arg0><arg1>1</arg1></ns2:add></soap:Body></soap:Envelope>
--------------------------------------
2013-1-24 23:44:15 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
信息: Inbound Message
----------------------------
ID: 1
Response-Code: 200
Encoding: UTF-8
Content-Type: text/xml;charset=UTF-8
Headers: {Content-Length=[197], content-type=[text/xml;charset=UTF-8], Server=[Jetty(7.4.2.v20110526)]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:addResponse
xmlns:ns2="http://service.sg.com/"><return>2</return></ns2:addResponse></soap:Body></soap:Envelope>
--------------------------------------
add : 2
服务器端日志信息:
2013-1-24 23:44:14 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
信息: Inbound Message
----------------------------
ID: 1
Address: http://localhost:8089/myService?wsdl
Http-Method: GET
Content-Type: text/xml
Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive], content-type=[text/xml], Host=[localhost:8089], Pragma=[no-cache], User-Agent=[Apache CXF
2.4.1]}
--------------------------------------
2013-1-24 23:44:15 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
信息: Inbound Message
----------------------------
ID: 2
Address: http://localhost:8089/myService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive], Content-Length=[284], content-type=[text/xml; charset=UTF-8], Host=[localhost:8089],
Pragma=[no-cache], SOAPAction=[""], User-Agent=[Apache CXF 2.4.1]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header>
??? <auth>
??? ??? <username>admin</username>
??? ??? <password>123456</password>
??? </auth>
</soap:Header><soap:Body><ns2:add xmlns:ns2="http://service.sg.com/"><arg0>1</arg0><arg1>1</arg1></ns2:add></soap:Body></soap:Envelope>
--------------------------------------
1+1=2
2013-1-24 23:44:15 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
信息: Outbound Message
---------------------------
ID: 2
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:addResponse
xmlns:ns2="http://service.sg.com/"><return>2</return></ns2:addResponse></soap:Body></soap:Envelope>
--------------------------------------