webservice认证

用客户端new的方式不用配置 有些夸平台的服务调用，会由于本地时间和服务器时间相差较大会报时间戳，验证失效 1、服务器端，增加拦截认证--ServerPasswordCallback.java public class ServerPasswordCallback implements CallbackHandler { ??? private Map<String,String> passwords = new HashMap<String,String>(); ??? public ServerPasswordCallback() { ??????? passwords.put("admin","123456"); ??????? passwords.put("test","123"); ??? } ??? @Override ??? public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException { ??????? for (int i = 0; i < callbacks.length; i++) { ??????????? WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; ??????????? if (!passwords.containsKey(pc.getIdentifier())) ??????????????? throw new WSSecurityException("用户不匹配！"); ??????????? String pass = passwords.get(pc.getIdentifier()); ??????????? String pwd = pc.getPassword(); ??????????? if (pwd == null || !pwd.equals(pass)) { ??????????????? throw new WSSecurityException("密码不匹配！"); ??????????? } ??????? } ??? } } 2、客户端添加安全认证--ClientPasswordCallback.java public class ClientPasswordCallback implements CallbackHandler { ??? private Map<String,String>(); ??? public ClientPasswordCallback() { ??????? passwords.put("admin",UnsupportedCallbackException { ??????? for (int i = 0; i < callbacks.length; i++) { ??????????? WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; ??????????? int usage = pc.getUsage(); ??????????? if (!passwords.containsKey(pc.getIdentifier())) ??????????????? throw new WSSecurityException("用户【" + pc.getIdentifier() + "】不存在！"); ??????????? String pass = passwords.get(pc.getIdentifier()); ??????????? if (usage == WSPasswordCallback.USERNAME_TOKEN && pass != null) { ??????????????? pc.setPassword(pass); ??????????????? return; ??????????? } ??????? } ??? } } 3、spring容器配置 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" ??? xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" ??? xsi:schemaLocation="http://www.springframework.org/schema/beans ??? http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas? /jaxws.xsd" default-autowire="byName"> ??? <import resource="classpath:META-INF/cxf/cxf.xml" /> ??? <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> ??? <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> ??? <!-- 安全认证 --> ??? <bean id="WSS4JInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> ??????? <constructor-arg> ??????????? <map> ??????????????? <entry key="action" value="UsernameToken" /> ??????????????? <entry key="passwordType" value="PasswordText" /> ??????????????? <entry key="passwordCallbackClass" value="webservice.ServerPasswordCallback" /> ??????????? </map> ??????? </constructor-arg> ??? </bean> ??? ??? <!-- 开始 --> ??? <bean id="chartServiceBean" class="webservice.demo.ChartServiceImpl"/> ??? <jaxws:endpoint id="chartService" implementor="#chartServiceBean" address="/chartService" > ??????? <jaxws:inInterceptors> ??????????? <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />? ??????????? <ref bean="WSS4JInInterceptor" />? ??????? </jaxws:inInterceptors>? ??? </jaxws:endpoint> ??? <!-- 结束 --> </beans> 4、webservice接口 @WebService public interface ChartService { ??? /** ???? * 一个简单的方法,返回一个字符串 ???? * ???? * @param hello ???? * @return ???? */ ??? public String say(String hello); } 5、webservice接口实现 @WebService(endpointInterface = "webservice.demo.ChartService") public class ChartServiceImpl implements ChartService { ??? /* (non-Javadoc) ???? * @see webservice.demo.WebServiceSample#say(java.lang.String) ???? */ ??? @Override ??? public String say(String hello) { ??????? return "hello " + hello; ??? } } 6、客户端调用 public class Test3 { ??? /** ???? * @param args ???? */ ??? public static void main(String[] args) { ??????? //调用WebService ??????? JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean(); ??????? //??????? ClientProxy proxy = (ClientProxy) Proxy.getInvocationHandler(chartService); //??????? Client client = proxy.getClient(); ??????? ??????? Map<String,Object> outProps = new HashMap<String,Object>(); ??????? outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); ??????? outProps.put(WSHandlerConstants.USER,"admin"); ??????? outProps.put(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_TEXT); ??????? outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,ClientPasswordCallback.class.getName()); //??????? client.getOutInterceptors().add(new SAAJOutInterceptor()); //??????? client.getOutInterceptors().add(new WSS4JOutInterceptor(outProps)); //??????? WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); ??????? factory.getOutInterceptors().add(new WSS4JOutInterceptor(outProps)); ??????? factory.getOutInterceptors().add(new SAAJOutInterceptor()); ??????? factory.setAddress("http://localhost:8082/WebService_Server/chartService"); ??????? factory.setServiceClass(ChartService.class); ??????? ChartService chartService = (ChartService) factory.create(); ??????? ??????? System.out.println(chartService.say("zhangsan")); ??? } }