WebService学习——回顾之前应用
发布时间:2020-12-16 23:07:04 所属栏目:安全 来源:网络整理
导读:回顾之前项目的应用——Cxf在spring框架中的简单运用 之前项目需要用到WebService,但是由于项目开发的快节奏,所以虽然把他搭起来,但是没有了解他的原理。 1 准备工作 cxf核心包(cxf-2.4.1.jar)、wss4j( 安全模块 )、spring包。 其他包如 commons-logg
回顾之前项目的应用——Cxf在spring框架中的简单运用
之前项目需要用到WebService,但是由于项目开发的快节奏,所以虽然把他搭起来,但是没有了解他的原理。
1 准备工作
cxf核心包(cxf-2.4.1.jar)、wss4j(
安全模块)、spring包。
其他包如
commons-logging-1.1.1.jar geronimo-activation_1.1_spec-1.0.2.jar (or Sun's Activation jar) geronimo-annotation_1.0_spec-1.1.1.jar (JSR 250) geronimo-javamail_1.4_spec-1.6.jar (or Sun's JavaMail jar) geronimo-servlet_2.5_spec-1.2.jar (or Sun's Servlet jar) geronimo-ws-metadata_2.0_spec-1.1.2.jar (JSR 181) geronimo-jaxws_2.1_spec-1.0.jar (or Sun's jaxws-api-2.1.jar) geronimo-stax-api_1.0_spec-1.0.1.jar (or other stax-api jar) jaxb-api-2.1.jar jaxb-impl-2.1.12.jar jetty-6.1.21.jar jetty-util-6.1.21.jar neethi-2.0.4.jar saaj-api-1.3.jar saaj-impl-1.3.2.jar wsdl4j-1.6.2.jar wstx-asl-3.2.8.jar XmlSchema-1.4.5.jar xml-resolver-1.2.jar
如果使用的Maven,需要注意了,Maven仓库中下不到cxf的包。
2 配置web.xml<!-- 配置CXFServlet --> <servlet> <servlet-name>CXFServlet</servlet-name> <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>CXFServlet</servlet-name> <url-pattern>/service/*</url-pattern> </servlet-mapping> 3 spring整合cxf
在spring配置文件之一applicationContext.xml中,加入:
<!-- 引入CXF Bean定义如下 --> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="http://cxf.apache.org/core" xmlns:wsa="http://cxf.apache.org/ws/addressing" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:wsrm-policy="http://schemas.xmlsoap.org/ws/2005/02/rm/policy" xmlns:wsrm-mgr="http://cxf.apache.org/ws/rm/manager" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://schemas.xmlsoap.org/ws/2005/02/rm/policy http://schemas.xmlsoap.org/ws/2005/02/rm/wsrm-policy.xsd http://cxf.apache.org/ws/rm/manager http://cxf.apache.org/schemas/configuration/wsrm-manager.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <cxf:bus> <cxf:features> <cxf:logging /> <wsa:addressing /> </cxf:features> </cxf:bus> </beans> spring配置文件 beans.xml <?xml version="1.0" encoding="UTF-8"?> <!-- Spring配置文件 --> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans default-lazy-init="false" default-dependency-check="none" default-autowire="no"> <import resource="applicationContext.xml" /> <import resource="applicationContext-aop.xml" /> <import resource="applicationContext-webService.xml" /> <import resource="applicationContext-Quartz.xml" /> <import resource="wssec.xml"></import> </beans> 4 编写客户端
WsClinetAuthHandler.java
package com.interfaces.utils; import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; /** * 用一句话描述功能 * @author lzy * @date(开发日期) 2014-9-9下午10:00:51 */ public class WsClinetAuthHandler implements CallbackHandler { public static String userAcc; public static String password; public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; System.out.println("identifier: " + pc.getIdentifier()); // 这里必须设置密码,否则会抛出:java.lang.IllegalArgumentException: pwd == null // but a password is needed pc.setPassword(password);// ▲【这里必须设置密码】▲ } } public static String getUserAcc() { return userAcc; } public static void setUserAcc(String userAcc) { WsClinetAuthHandler.userAcc = userAcc; } public static String getPassword() { return password; } public static void setPassword(String password) { WsClinetAuthHandler.password = password; } } JaxBeansFactory.java package com.interfaces.utils; import java.util.ArrayList; import java.util.HashMap; import java.util.Map; import org.apache.cxf.binding.soap.interceptor.SoapInterceptor; import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; import org.apache.ws.security.WSConstants; import org.apache.ws.security.handler.WSHandlerConstants; import com.saleSystem.util.Constants; /** * 通过传入相应的接口类,以及地址,进行数据通信 * @author lzy * @version Ver1.0 2014-8-12 * @date(开发日期) 2014-8-12上午11:39:40 */ public class JaxBeansFactory { public static String userName; public static void setUserAccAndPaswword(String userAcc,String password){ WsClinetAuthHandler.setPassword(password); setUserName(userAcc); } public static Object createService(Class T,String Address){ Object obj = null; Map<String,Object> outProps = new HashMap<String,Object>(); outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); outProps.put(WSHandlerConstants.USER,userName); outProps.put(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_TEXT); // 指定在调用远程ws之前触发的回调函数WsClinetAuthHandler,其实类似于一个拦截器 outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,WsClinetAuthHandler.class.getName()); ArrayList<SoapInterceptor> list = new ArrayList<SoapInterceptor>(); // 添加cxf安全验证拦截器,必须 list.add(new SAAJOutInterceptor()); list.add(new WSS4JOutInterceptor(outProps)); JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean(); factory.setServiceClass(T); factory.setAddress(Address); factory.getOutInterceptors().addAll(list); obj = factory.create(); return obj; } public static String getUserName() { return userName; } public static void setUserName(String userName) { JaxBeansFactory.userName = userName; } } ISaleTerReceive.java package com.interfaces.saleSystem.services; import java.util.List; import javax.jws.WebService; import com.interfaces.saleSystem.models.DownloadDatas; /** * 用一句话描述功能 * @author lzy * @version Ver1.0 2014-8-8 * @date(开发日期) 2014-8-8上午10:05:13 */ @WebService public interface ISaleTerReceive { public DownloadDatas receivePorkResults(String[] porkIds); public DownloadDatas receivePorkPdtResults(String[] porkPdtIds); } 5 编写服务器端
WsAuthHandler.java
package com.interfaces.utils; import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; import com.centrySystem.util.JDBCCon; /** * 用一句话描述功能 * * @author lzy * @date(开发日期) 2014-9-9下午10:16:38 */ public class WsAuthHandler implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; String identifier = pc.getIdentifier(); int usage = pc.getUsage(); String password = this.getPasswordByUserAcc(identifier); if (usage == WSPasswordCallback.USERNAME_TOKEN) { // username token pwd... // ▲这里的值必须和客户端设的值相同,从cxf2.4.x后校验方式改为cxf内部实现校验,不必自己比较password是否相同 // 请参考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime // Changes片段 pc.setPassword(password);// ▲【这里非常重要】▲ // ▲PS 如果和客户端不同将抛出org.apache.ws.security.WSSecurityException: // The // security token could not be authenticated or // authorized异常,服务端会认为客户端为非法调用 } else if (usage == WSPasswordCallback.SIGNATURE) {// 密钥方式SIGNATURE // set the password for client's keystore.keyPassword // ▲这里的值必须和客户端设的值相同,从cxf2.4.x后校验方式改为cxf内部实现校验,不必自己比较password是否相同; // 请参考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime // Changes片段 // System.out.println(password); pc.setPassword(password);// ▲【这里非常重要】▲ // ▲PS:如果和客户端不同将抛出org.apache.ws.security.WSSecurityException:The // security token could not be authenticated or // authorized异常,服务端会认为客户端为非法调用 } // 不用做其他操作 } } private String getPasswordByUserAcc(String userAcc) { JDBCCon con = new JDBCCon(); String password = con.getPasswordByUserName(userAcc); return password; } } private String getPasswordByUserAcc(String userAcc) { JDBCCon con = new JDBCCon(); String password = con.getPasswordByUserName(userAcc); return password; }
SaleTerReceiveImpl.java
/** * ISaleTerSendImpl.java * 类名: ISaleTerSendImpl * * ver 变更日 变更人 变更内容 * ────────────────────────────────── * V1.0 2014-8-8 lzy 初始生成 * * Copyright 2014 */ package com.interfaces.saleSystem.services.impl; import java.util.ArrayList; import java.util.List; import javax.annotation.Resource; import javax.jws.WebService; import com.centrySystem.services.government.warning.IPorkPdtWarningService; import com.centrySystem.services.government.warning.IPorkWarningService; import com.centrySystem.util.TypeInCenterUtil; import com.interfaces.saleSystem.models.DownloadDatas; import com.interfaces.saleSystem.models.PorkPdtWarningResult; import com.interfaces.saleSystem.models.PorkWarningResult; import com.interfaces.saleSystem.services.ISaleTerReceive; /** * 用一句话描述功能 * * @author lzy * @version Ver1.0 2014-8-8 * @date(开发日期) 2014-8-8上午10:05:38 */ @WebService public class SaleTerReceiveImpl implements ISaleTerReceive { @Resource private IPorkWarningService porkWarningSer; @Resource private IPorkPdtWarningService porkPdtWarningSer; @Override public DownloadDatas receivePorkResults(String[] porkIds) { List<PorkWarningResult> list = new ArrayList<PorkWarningResult>(); for (String porkId : porkIds) { PorkWarningResult pork = new PorkWarningResult(); pork.setPorkId(porkId); pork = this.porkStartInStorWarning(porkId,pork); list.add(pork); } DownloadDatas datas = new DownloadDatas(); datas.setPorkWarningResults(list); return datas; } private PorkWarningResult porkStartInStorWarning(String porkId,PorkWarningResult pork) { String result = porkWarningSer.getPorkWarningResult(porkId); if(result==null||result.equals("")){ pork.setIsRejection(TypeInCenterUtil.TYPE_OF_WARNING_ACCESS); } else{ pork.setIsRejection(TypeInCenterUtil.TYPE_OF_WARNING_REJECT); pork.setResultReason(result); } return pork; } private PorkPdtWarningResult porkPdtStartInStorWarning(String porkPdtId,PorkPdtWarningResult porkPdt) { String result = porkPdtWarningSer.getPorkPdtWarningResult(porkPdtId); if(result==null||result.equals("")){ porkPdt.setIsRejection(TypeInCenterUtil.TYPE_OF_WARNING_ACCESS); } else{ porkPdt.setIsRejection(TypeInCenterUtil.TYPE_OF_WARNING_REJECT); porkPdt.setResultReason(result); } return porkPdt; } @Override public DownloadDatas receivePorkPdtResults(String[] porkPdtIds) { List<PorkPdtWarningResult> list = new ArrayList<PorkPdtWarningResult>(); for (String porkPdtId : porkPdtIds) { PorkPdtWarningResult porkPdt = new PorkPdtWarningResult(); porkPdt.setPorkPdtId(porkPdtId); porkPdt = this.porkPdtStartInStorWarning(porkPdtId,porkPdt); list.add(porkPdt); } DownloadDatas datas = new DownloadDatas(); datas.setPorkPdtWarningResults(list); return datas; } } 服务器端,除了有客户端相同ISaleTerReceive接口外,还实现了这个接口。
服务端发布服务?applicationContext-webService.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:cxf="http://cxf.apache.org/core" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd"> <!-- 引入CXF Bean定义如下 --> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <!-- 发布webservice --> <bean id="saleTerReceiveImpl" class="com.interfaces.saleSystem.services.impl.SaleTerReceiveImpl" ></bean> <jaxws:endpoint id="saleTerReceive" implementor="#saleTerReceiveImpl" address="/saleTerReceive"> <jaxws:inInterceptors> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <!-- 设置加密类型 --> <entry key="action" value="UsernameToken" /> <!-- 设置密码类型为明文 --> <entry key="passwordType" value="PasswordText" /> <!--<entry key="action" value="UsernameToken Timestamp" /> 设置密码类型为加密<entry key="passwordType" value="PasswordDigest" /> --> <entry key="passwordCallbackClass" value="com.interfaces.utils.WsAuthHandler" /> </map> </constructor-arg> </bean> </jaxws:inInterceptors> </jaxws:endpoint> </beans> 6.客户端调用
InStorWarningAction.java
package com.interfaces.action; import javax.annotation.Resource; import org.springframework.stereotype.Component; import com.interfaces.saleSystem.models.DownloadDatas; import com.interfaces.saleSystem.services.ISaleTerReceive; import com.interfaces.utils.JaxBeansFactory; import com.saleSystem.dao.systemManag.ISysConfigDao; import com.saleSystem.models.TSysConfig; import com.saleSystem.services.upload.IUploadService; import com.saleSystem.util.md5.CipherUtil; @Component("instorWarningAction") public class InStorWarningAction { @Resource private ISysConfigDao sysConfigDao; @Resource private IUploadService uploadSer; public DownloadDatas getDownloadDatasByPorkIdList(String[] porkIdStr) throws Exception { DownloadDatas datas = null; TSysConfig sys = sysConfigDao.get("from TSysConfig"); String userAcc = sys.getUserAcc(); String password = sys.getUserPassword(); String ip = sys.getServerIp(); String serviceAdd = "http://" + ip + ":8080/centrySystem/service/saleTerReceive?wsdl"; String newPassword = CipherUtil.generatePassword(password); JaxBeansFactory.setUserAccAndPaswword(userAcc,newPassword); ISaleTerReceive service = (ISaleTerReceive) JaxBeansFactory.createService(ISaleTerReceive.class,serviceAdd); datas = service.receivePorkResults(porkIdStr); return datas; } public DownloadDatas getDownloadDatasByPorkPdtIdList(String[] porkPdtIdStr) throws Exception { DownloadDatas datas = null; TSysConfig sys = sysConfigDao.get("from TSysConfig"); String userAcc = sys.getUserAcc(); String password = sys.getUserPassword(); String ip = sys.getServerIp(); String serviceAdd = "http://" + ip + ":8080/centrySystem/service/saleTerReceive?wsdl"; String newPassword = CipherUtil.generatePassword(password); JaxBeansFactory.setUserAccAndPaswword(userAcc,serviceAdd); datas = service.receivePorkPdtResults(porkPdtIdStr); return datas; } } 这是项目中一个调用的地方。
其中CipherUtil.generatePassword(password)是MD5加密,这第一是为了防止密码被窃取,第二是由于在服务端数据库中密码也是加密的。
JaxBeansFactory.setUserAccAndPassword(userAcc,newPassword)这是将账号密码填入账号密码。
datas是返回的数据,是自己定义的类型。
很重要的一点,客户端和服务器端在通信的时候,使用的model,需要一样。即你返回的DownloadDatas在你客户端与服务器端的定义是相同的!
请忽视我将hql写在action里面.....
上面使用的例子中,还有很多是我之前囫囵吞枣就使用进去的,我希望通过几天学习能把webSevice真正的用起来!
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |