基于CXF webservice（3）高级属性之拦截器（interceptor)

发布时间：2020-12-16 22:42:17 所属栏目：安全来源：网络整理

导读：webservice中用来对消息进行填充，验证，等预处理的高级特性。个人感觉比较重要，实用价值比较高。需要直接或间接继承的 public interface InterceptorT extends Message { ? ? void handleMessage(T message) throws Fault; ? ?? ? ? void handleFault(T m

webservice中用来对消息进行填充，验证，等预处理的高级特性。个人感觉比较重要，实用价值比较高。

需要直接或间接继承的

public interface Interceptor<T extends Message> {

? ? void handleMessage(T message) throws Fault;
? ??
? ? void handleFault(T message);

}

以及它的子接口

public interface PhaseInterceptor<T extends Message> extends Interceptor<T> {

? ? Set<String> getAfter();

? ? Set<String> getBefore();

? ? String getId();

? ? String getPhase();
? ??
? ? Collection<PhaseInterceptor<? extends Message>> getAdditionalInterceptors();
}

下面来看看他们的树结构：

下面我们来编写我们的客户端，

还是接着上面提到的例子上完成拦截器的功能

OrderProcessUserCredentialInterceptor.java

package demo.order;

import javax.xml.namespace.QName;

import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

public class OrderProcessUserCredentialInterceptor extends
		AbstractSoapInterceptor {

	private String userName;
	private String password;

	public String getUserName() {
		return userName;
	}

	public void setUserName(String userName) {
		this.userName = userName;
	}

	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
		this.password = password;
	}

	public OrderProcessUserCredentialInterceptor() {
		super(Phase.PRE_INVOKE);
	}

	public OrderProcessUserCredentialInterceptor(String p) {
		super(p);
	}

	@Override
	public void handleMessage(SoapMessage message) throws Fault {

		System.out.println("OrderProcessUserCredentialInterceptor");
	
		QName qnameCredentials = new QName("OrderCredentials");
		if (message.hasHeader(qnameCredentials)) {
			Header header = message.getHeader(qnameCredentials);
			Element elementOrderCredential = (Element) header.getObject();
			Node nodeUser = elementOrderCredential.getFirstChild();
			Node nodePassword = elementOrderCredential.getLastChild();
			if (nodeUser != null) {
				userName = nodeUser.getTextContent();
			}
			if (nodePassword != null) {
				password = nodePassword.getTextContent();
			}
		}
		System.out
				.println("userName reterived from soap header is " + userName);
		System.out
				.println("password reterived from soap header is " + password);
		if ("tianjun".equalsIgnoreCase(userName)
				&& "123".equalsIgnoreCase(password)) {
			System.out.println("tianjun:123");
		}else{
			throw new RuntimeException("invalid user&&验证非法！！！");
		}

	}

}

同时在服务器端的OrderProcessImpl.java上配置入拦截器如下所示：

启动服务端即可

--------------------------------------------------------------------

---------------------------------------------------------------------

客户端：

如上上图所示添加OrderProcessClientHandler.java

package demo.order.client;

import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;

import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

public class OrderProcessClientHandler extends AbstractSoapInterceptor {

	private String userName;
	private String password;
	
	

	public String getUserName() {
		return userName;
	}

	public void setUserName(String userName) {
		this.userName = userName;
	}

	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
		this.password = password;
	}

	public OrderProcessClientHandler() {
		super(Phase.WRITE);
		this.addAfter(SoapPreProtocolOutInterceptor.class.getName());
	}

	public void handleMessage(SoapMessage message) throws Fault {
		
		System.out.println("orderprocessClientHandler handleMessage invoked");
		DocumentBuilder builder = null;
		try{
			builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
			
		}catch(ParserConfigurationException e){
			e.printStackTrace();
		}
		Document doc = builder.newDocument();
		Element elementCredentials = doc.createElement("OrderCredentials");
		
		Element elementUser = doc.createElement("username");
		elementUser.setTextContent(getUserName());
		
		Element elementPassword = doc.createElement("password");
		elementPassword.setTextContent(getPassword());
		
		elementCredentials.appendChild(elementUser);
		elementCredentials.appendChild(elementPassword);
		
		QName qnameCredentials = new QName("OrderCredentials");
		Header header = new Header(qnameCredentials,elementCredentials);
		message.getHeaders().add(header);
//		System.out.println(((Element)message.getHeader(qnameCredentials).getObject()).getFirstChild().getTextContent());
//		System.out.println(((Element)message.getHeader(qnameCredentials).getObject()).getLastChild().getTextContent());
		
	}

}

在服务器端配置出拦截器如下：

如上即可通过验证。本次就完成了一个简单拦截器的验证功能，其实就是添加如下所示的message头的验证：

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!