SOAP header验证WebService接口的访问权限
?ServerPasswordCallback相当于filter,代码如下
?
客户端采用axis2? 生成客户端代码访问
?
ITReceptionAdapterStub adapterStub=new ITReceptionAdapterStub();//设置超时adapterStub._getServiceClient().getOptions().setTimeOutInMilliSeconds(600000L);//设置header账号密码ServiceClient serviceClient=adapterStub._getServiceClient();SOAP11Factory factory=new SOAP11Factory(); OMNamespace SecurityElementNamespace = factory.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","wsse");OMElement usernameTokenEl = factory.createOMElement("UsernameToken",SecurityElementNamespace);OMElement usernameEl = factory.createOMElement("Username",SecurityElementNamespace);OMElement passwordEl = factory.createOMElement("Password",SecurityElementNamespace);OMElement actionEl = factory.createOMElement("Action",SecurityElementNamespace);passwordEl.addAttribute(factory.createOMAttribute("Type",null,"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"));usernameEl.setText("test");passwordEl.setText("test");usernameTokenEl.addChild(usernameEl);usernameTokenEl.addChild(passwordEl);usernameTokenEl.addChild(actionEl);SOAPHeaderBlockImpl block = new SOAP11HeaderBlockImpl("Security",SecurityElementNamespace, factory);block.addChild(usernameTokenEl);serviceClient.addHeader(block);ProcessE processE=new ProcessE();Process process=new Process();//process.setXmldata();process.setXmldata(jiFangXml);process.setName("test");process.setPassword("test");processE.setProcess(process);ProcessResponseE responseE=adapterStub.process(processE);String xml=responseE.getProcessResponse().get_return();System.out.println(xml);?好了,这样既可做到在业务方法之外验证用户的权限,对外的业务方法里面也不会出现对权限的验证,不失为一种好办法 。
ps:网上的参考,加上自己经验,记录在此,备查
